Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Infiziert mit TR/Dropper.Gen - Hilfe!

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 06.11.2011, 00:39   #1
LadyRed
 
Infiziert mit TR/Dropper.Gen - Hilfe! - Standard

Infiziert mit TR/Dropper.Gen - Hilfe!



Hallo ihr lieben im Trojanerforum!
Ich habe mich jetzt schon den ganzen Abend durch diverse Foren, Hilfsseiten etc. gewühlt, doch keine Lösung gefunden.
Mein PC ist zweifach mit dem Trojaner TR/Dropper.Gen infiziert und weist dazu noch zwei Dateien mit dem Erkennungsmuster des Exploits EXP/2010-0840.AN und dem Muster des Java-Skriptvirus JS/iFrame.HH auf...
Selber weiß ich mir einfach nicht mehr zu helfen und brauche dringend eure Hilfe!

Hier kommen jetzt meine Logs von OTL:

Code:
ATTFilter
OTL logfile created on: 11/6/2011 1:13:49 AM - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Rahel\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.91 Gb Total Physical Memory | 1.56 Gb Available Physical Memory | 39.81% Memory free
7.82 Gb Paging File | 4.74 Gb Available in Paging File | 60.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 657.54 Gb Total Space | 531.33 Gb Free Space | 80.81% Space Free | Partition Type: NTFS
Drive D: | 37.99 Gb Total Space | 16.02 Gb Free Space | 42.16% Space Free | Partition Type: NTFS
 
Computer Name: RAHEL-PC | User Name: Rahel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011/11/06 01:12:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Rahel\Downloads\OTL.exe
PRC - [2011/11/06 01:11:15 | 000,050,477 | ---- | M] () -- C:\Users\Rahel\Downloads\Defogger.exe
PRC - [2011/09/29 08:09:51 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/07/10 22:17:06 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/07/01 19:40:28 | 000,129,352 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
PRC - [2011/07/01 19:38:58 | 000,298,824 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
PRC - [2011/05/25 01:54:54 | 000,329,544 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
PRC - [2011/05/25 00:40:12 | 000,363,336 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2011/04/21 06:52:51 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011/04/21 06:52:36 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/04/01 04:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/02/25 20:49:16 | 002,675,712 | ---- | M] (CatenaLogic) -- C:\Program Files (x86)\TuneUpMedia\updater\TuneUpUpdater.exe
PRC - [2011/02/11 20:40:00 | 000,997,712 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2011/02/11 20:39:58 | 001,304,912 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2011/02/11 20:39:54 | 000,985,424 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
PRC - [2011/02/11 20:39:54 | 000,907,600 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2011/02/01 22:25:44 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011/02/01 22:25:41 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2011/01/17 17:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 17:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/12/15 23:23:02 | 000,207,400 | ---- | M] (Wistron) -- C:\Program Files (x86)\Launch Manager\HotkeyApp.exe
PRC - [2010/11/17 09:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010/11/06 07:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/08/03 23:39:38 | 000,107,816 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2010/06/21 21:53:44 | 000,436,264 | ---- | M] (Wistron Corp.) -- C:\Program Files (x86)\Launch Manager\WButton.exe
PRC - [2010/03/10 13:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009/12/11 23:18:16 | 000,348,960 | ---- | M] (Wistron Corp.) -- C:\Program Files (x86)\Launch Manager\OSD.exe
PRC - [2009/11/07 11:46:52 | 000,020,480 | ---- | M] (X10) -- C:\PROGRA~2\COMMON~1\X10\Common\x10nets.exe
PRC - [2009/10/23 01:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) -- C:\Program Files (x86)\Launch Manager\WisLMSvc.exe
PRC - [2007/08/02 20:08:00 | 000,095,504 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\Monitor.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011/11/06 01:11:15 | 000,050,477 | ---- | M] () -- C:\Users\Rahel\Downloads\Defogger.exe
MOD - [2011/09/29 08:09:51 | 001,833,944 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/09/27 13:31:52 | 000,076,800 | ---- | M] () -- C:\Users\Rahel\AppData\Roaming\Mozilla\Firefox\Profiles\dzuyvt56.default\extensions\{f0381dbd-e018-4e07-ae40-d96ab15083f0}\components\RadioWMPCoreGecko7.dll
MOD - [2011/08/12 00:13:50 | 006,277,280 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/07/04 20:11:31 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2011/07/04 20:11:31 | 000,170,496 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll
MOD - [2011/07/01 19:40:28 | 000,129,352 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
MOD - [2011/07/01 19:39:40 | 000,009,032 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\lang\gui-eng.dll
MOD - [2011/05/26 12:42:00 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/08/03 23:39:38 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2010/08/03 23:39:32 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2007/08/02 20:07:56 | 000,034,064 | ---- | M] () -- C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\DetMethod.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011/02/05 00:34:20 | 001,515,792 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011/02/05 00:24:24 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011/02/05 00:19:50 | 000,836,880 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2010/09/23 02:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2011/07/10 22:17:06 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/07/01 19:40:36 | 000,063,976 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE -- (HssTrayService)
SRV - [2011/07/01 19:38:58 | 000,298,824 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (hshld)
SRV - [2011/05/25 01:54:54 | 000,329,544 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2011/05/25 00:40:12 | 000,363,336 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2011/04/21 06:52:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/04/01 04:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/02/11 20:40:00 | 000,997,712 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2011/02/11 20:39:58 | 001,304,912 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2011/02/11 20:39:54 | 000,907,600 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2011/02/01 22:25:44 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2011/02/01 22:25:41 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/12/06 11:52:40 | 000,062,464 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\watchmi\TvdService.exe -- (watchmi)
SRV - [2010/11/06 07:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010/03/18 21:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/10 13:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/11/07 11:46:52 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\PROGRA~2\COMMON~1\X10\Common\x10nets.exe -- (x10nets)
SRV - [2009/10/23 01:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Program Files (x86)\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011/07/10 22:17:07 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/07/10 22:17:07 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/05/25 00:40:12 | 000,056,832 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HssDrv.sys -- (HssDrv)
DRV:64bit: - [2011/05/25 00:40:10 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/04/15 00:16:08 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2011/04/04 19:10:14 | 012,262,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/04/01 04:07:54 | 004,184,672 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech Webcam C210(UVC)
DRV:64bit: - [2011/04/01 04:06:22 | 000,341,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/03/24 14:47:04 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2011/03/24 14:47:02 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011/03/24 14:47:02 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011/03/15 17:09:16 | 000,311,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUVStor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/24 19:40:20 | 008,591,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R)
DRV:64bit: - [2011/02/10 14:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/02/10 14:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/01/25 20:48:04 | 000,077,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011/01/24 10:24:52 | 000,058,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2011/01/24 10:24:50 | 000,053,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmaud.sys -- (btmaudio)
DRV:64bit: - [2011/01/24 10:22:48 | 000,059,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2011/01/24 09:56:06 | 000,274,944 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/06 07:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/10/20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010/10/15 00:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010/09/16 08:08:50 | 001,077,416 | ---- | M] (DiBcom SA) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mod77-64.sys -- (mod7764)
DRV:64bit: - [2010/09/03 13:46:48 | 001,392,688 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/13 20:47:44 | 000,032,792 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\x10ufx2.sys -- (XUIF)
DRV:64bit: - [2009/05/13 20:26:14 | 000,015,896 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\x10hid.sys -- (X10Hid)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {f0381dbd-e018-4e07-ae40-d96ab15083f0} - C:\Program Files (x86)\AF-HSS\tbAF-H.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2765711
IE - HKCU\..\URLSearchHook: {f0381dbd-e018-4e07-ae40-d96ab15083f0} - C:\Program Files (x86)\AF-HSS\tbAF-H.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Hotspot Shield Private Search"
FF - prefs.js..browser.search.defaultthis.engineName: "AF-HSS Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2765711&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2765711&SearchSource=13"
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2765711&q="
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer: C:\Program Files\Musicnotes\npmusicn64.dll (Musicnotes, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer: C:\Program Files (x86)\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin: C:\Program Files (x86)\Musicnotes\npsibelius.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files (x86)\Object\facetheme [2011/07/11 17:46:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/29 18:40:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/08/22 09:09:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files (x86)\Object\facetheme [2011/07/11 17:46:38 | 000,000,000 | ---D | M]
 
[2011/07/04 22:26:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rahel\AppData\Roaming\mozilla\Extensions
[2011/10/29 18:30:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rahel\AppData\Roaming\mozilla\Firefox\Profiles\dzuyvt56.default\extensions
[2011/07/04 22:46:01 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Rahel\AppData\Roaming\mozilla\Firefox\Profiles\dzuyvt56.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/10/29 18:30:01 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Rahel\AppData\Roaming\mozilla\Firefox\Profiles\dzuyvt56.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/10/09 12:40:45 | 000,000,000 | ---D | M] (AF-HSS Community Toolbar) -- C:\Users\Rahel\AppData\Roaming\mozilla\Firefox\Profiles\dzuyvt56.default\extensions\{f0381dbd-e018-4e07-ae40-d96ab15083f0}
[2011/08/17 11:42:15 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Rahel\AppData\Roaming\mozilla\Firefox\Profiles\dzuyvt56.default\extensions\engine@conduit.com
[2011/08/15 12:06:14 | 000,000,915 | ---- | M] () -- C:\Users\Rahel\AppData\Roaming\Mozilla\Firefox\Profiles\dzuyvt56.default\searchplugins\conduit.xml
[2011/10/29 18:40:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011/07/04 22:30:19 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/08/17 11:39:33 | 000,000,000 | ---D | M] (afurladvisor) -- C:\Program Files (x86)\mozilla firefox\extensions\afurladvisor@anchorfree.com
[2011/07/11 17:46:38 | 000,000,000 | ---D | M] (FaceTheme - Change your Facebook layout!) -- C:\PROGRAM FILES (X86)\OBJECT\FACETHEME
() (No name found) -- C:\USERS\RAHEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DZUYVT56.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/09/29 08:09:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/09/29 02:24:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/09/29 02:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/09/29 02:24:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011/09/29 02:24:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/05/25 00:41:10 | 000,001,847 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\privatesearch.xml
[2011/09/29 02:24:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/09/29 02:24:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Rahel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.7896_0\npSkypeChromePlugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Musicnotes (Enabled) = C:\Program Files (x86)\Musicnotes\npmusicn.dll
CHR - plugin: ScorchPlugin (Enabled) = C:\Program Files (x86)\Musicnotes\npsibelius.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Skype Extension = C:\Users\Rahel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.7896_0\
 
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Facetheme) - {70C6E9DE-F30E-4A40-8A6F-9572C2328320} - C:\Program Files (x86)\Object\bho_project.dll (InternetEngine)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (AF-HSS Toolbar) - {f0381dbd-e018-4e07-ae40-d96ab15083f0} - C:\Program Files (x86)\AF-HSS\tbAF-H.dll (Conduit Ltd.)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AF-HSS Toolbar) - {f0381dbd-e018-4e07-ae40-d96ab15083f0} - C:\Program Files (x86)\AF-HSS\tbAF-H.dll (Conduit Ltd.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AF-HSS Toolbar) - {F0381DBD-E018-4E07-AE40-D96AB15083F0} - C:\Program Files (x86)\AF-HSS\tbAF-H.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Dolby Home Theater v4] C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files (x86)\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [LMgrOSD] "C:\Program Files (x86)\Launch Manager\OSDCtrl.exe" File not found
O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files (x86)\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe (Ulead Systems, Inc.)
O4 - HKLM..\Run: [Wbutton] C:\Program Files (x86)\Launch Manager\Wbutton.exe (Wistron Corp.)
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10v_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Rahel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Rahel\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Rahel\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.21.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2C98CD9E-06C7-4B36-AC4B-6E3E3B0E020D}: DhcpNameServer = 192.168.21.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{86DD59FC-FF24-4A07-9C3E-C46AC9E7255C}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4754720d-e6a4-11e0-ab55-bc773786d430}\Shell - "" = AutoRun
O33 - MountPoints2\{4754720d-e6a4-11e0-ab55-bc773786d430}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/11/06 01:12:14 | 000,000,000 | ---D | C] -- C:\Users\Rahel\AppData\Roaming\Malwarebytes
[2011/11/06 01:11:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/06 01:11:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/06 01:11:36 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/11/06 01:11:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/10/30 22:10:37 | 000,000,000 | RHSD | C] -- C:\Users\Rahel\M-1-52-5782-8752-5245
[2011/10/16 00:40:35 | 000,000,000 | ---D | C] -- C:\Users\Rahel\AppData\Local\{CE565496-1E42-4109-BF69-4FE4F0984267}
[2011/10/16 00:40:22 | 000,000,000 | ---D | C] -- C:\Users\Rahel\AppData\Local\{68C09071-77EE-4F41-A28E-14E45170BF5A}
[2011/10/12 22:16:23 | 000,000,000 | ---D | C] -- C:\Users\Rahel\AppData\Local\{2456D15B-49F3-4042-B1C1-3BA25D89B404}
[2011/10/12 22:16:10 | 000,000,000 | ---D | C] -- C:\Users\Rahel\AppData\Local\{CA95E92C-90AA-48BF-BD18-A924CDB0C13B}
[2011/10/11 20:43:22 | 000,000,000 | ---D | C] -- C:\Users\Rahel\AppData\Local\{96A09610-7CB1-4D15-B06F-A912D6EA871B}
[2011/10/11 20:43:07 | 000,000,000 | ---D | C] -- C:\Users\Rahel\AppData\Local\{E1BB39F9-4B72-4DE5-90C5-6643ABCF0CF3}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011/11/06 01:16:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/06 01:12:00 | 000,000,000 | ---- | M] () -- C:\Users\Rahel\defogger_reenable
[2011/11/06 01:11:43 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/05 23:50:42 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/05 23:50:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/05 20:14:12 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/05 20:14:12 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011/11/05 20:14:12 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/05 20:14:12 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011/11/05 20:14:12 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/04 17:40:12 | 001,478,529 | ---- | M] () -- C:\Users\Rahel\Documents\Jugendrundbrief-November 2011.pdf
[2011/11/03 19:07:45 | 000,013,844 | ---- | M] () -- C:\Users\Rahel\Documents\FSJ Kasse.ods
[2011/10/29 18:45:47 | 000,020,779 | ---- | M] () -- C:\Users\Rahel\Documents\Wunschzettel.odt
[2011/10/29 18:40:12 | 000,001,142 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/10/29 09:22:59 | 000,002,715 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/10/25 09:41:15 | 000,048,280 | ---- | M] () -- C:\Users\Rahel\Documents\Rechnung Zahnschiene.pdf
[2011/10/15 10:44:35 | 000,069,972 | ---- | M] () -- C:\Users\Rahel\Documents\rahel-nvv.png
[2011/10/15 01:48:52 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/15 01:48:52 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/13 22:32:08 | 000,484,312 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/10/13 22:31:51 | 3148,091,392 | -HS- | M] () -- C:\hiberfil.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011/11/06 01:12:00 | 000,000,000 | ---- | C] () -- C:\Users\Rahel\defogger_reenable
[2011/11/06 01:11:43 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/04 17:40:09 | 001,478,529 | ---- | C] () -- C:\Users\Rahel\Documents\Jugendrundbrief-November 2011.pdf
[2011/10/25 09:41:14 | 000,048,280 | ---- | C] () -- C:\Users\Rahel\Documents\Rechnung Zahnschiene.pdf
[2011/10/15 10:44:32 | 000,069,972 | ---- | C] () -- C:\Users\Rahel\Documents\rahel-nvv.png
[2011/09/25 11:23:00 | 000,003,004 | ---- | C] () -- C:\Users\Rahel\AppData\Roaming\FoilPresenter_XML.dat
[2011/07/11 18:03:30 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2011/07/11 17:47:14 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll
[2011/04/24 12:57:25 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe
[2011/04/24 12:57:24 | 000,149,504 | ---- | C] () -- C:\Windows\unwise32_setup.exe
[2011/04/24 12:35:41 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/04/24 12:35:40 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/04/24 12:35:38 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/04/01 04:07:02 | 010,877,272 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2011/04/01 04:07:02 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/04/01 04:06:56 | 000,331,608 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2002/03/17 01:00:00 | 000,007,420 | ---- | C] () -- C:\Windows\UA000096.DLL
 
========== LOP Check ==========
 
[2011/10/05 22:25:26 | 000,000,000 | ---D | M] -- C:\Users\Rahel\AppData\Roaming\aborange
[2011/08/22 22:16:59 | 000,000,000 | ---D | M] -- C:\Users\Rahel\AppData\Roaming\Amazon
[2011/07/04 17:47:52 | 000,000,000 | ---D | M] -- C:\Users\Rahel\AppData\Roaming\Blender Foundation
[2011/07/04 20:26:56 | 000,000,000 | ---D | M] -- C:\Users\Rahel\AppData\Roaming\Canneverbe Limited
[2011/08/22 22:05:09 | 000,000,000 | ---D | M] -- C:\Users\Rahel\AppData\Roaming\DVDVideoSoft
[2011/07/04 22:46:01 | 000,000,000 | ---D | M] -- C:\Users\Rahel\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/07/09 23:10:47 | 000,000,000 | ---D | M] -- C:\Users\Rahel\AppData\Roaming\gtk-2.0
[2011/08/22 22:32:25 | 000,000,000 | ---D | M] -- C:\Users\Rahel\AppData\Roaming\ICQ
[2011/07/15 17:31:52 | 000,000,000 | ---D | M] -- C:\Users\Rahel\AppData\Roaming\IrfanView
[2011/07/04 18:50:27 | 000,000,000 | ---D | M] -- C:\Users\Rahel\AppData\Roaming\MAXON
[2011/07/04 20:31:01 | 000,000,000 | ---D | M] -- C:\Users\Rahel\AppData\Roaming\Notepad++
[2011/07/11 17:46:59 | 000,000,000 | ---D | M] -- C:\Users\Rahel\AppData\Roaming\OpenCandy
[2011/07/05 14:28:01 | 000,000,000 | ---D | M] -- C:\Users\Rahel\AppData\Roaming\OpenOffice.org
[2011/09/24 18:37:42 | 000,000,000 | ---D | M] -- C:\Users\Rahel\AppData\Roaming\SongBeamer
[2011/07/04 22:29:38 | 000,000,000 | ---D | M] -- C:\Users\Rahel\AppData\Roaming\Thunderbird
[2011/07/21 13:03:55 | 000,000,000 | ---D | M] -- C:\Users\Rahel\AppData\Roaming\TuneUpMedia
[2011/07/09 23:40:14 | 000,000,000 | ---D | M] -- C:\Users\Rahel\AppData\Roaming\Ulead Systems
[2009/07/14 06:08:49 | 000,020,712 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011/07/04 16:57:25 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2011/07/04 16:49:39 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011/08/17 11:41:57 | 000,000,000 | ---D | M] -- C:\Hotspot Shield
[2011/07/04 19:18:06 | 000,000,000 | ---D | M] -- C:\InstantOnOS
[2011/04/24 12:37:17 | 000,000,000 | ---D | M] -- C:\Intel
[2011/08/11 04:54:22 | 000,000,000 | R--D | M] -- C:\Program Files
[2011/11/06 01:11:36 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2011/11/06 01:11:41 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011/07/04 16:49:39 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011/11/06 01:19:15 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011/07/04 18:06:14 | 000,000,000 | ---D | M] -- C:\tmp2
[2011/07/04 18:31:03 | 000,000,000 | ---D | M] -- C:\tmp3
[2011/07/04 19:18:06 | 000,000,000 | R--D | M] -- C:\Users
[2011/07/11 17:51:45 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
 
 
< MD5 for: EXPLORER.EXE  >
[2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2009/07/14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009/07/14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009/07/14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009/07/14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2010/11/21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
<           >

< End of report >
         
und Extras:

Code:
ATTFilter
OTL Extras logfile created on: 11/6/2011 1:13:49 AM - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Rahel\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.91 Gb Total Physical Memory | 1.56 Gb Available Physical Memory | 39.81% Memory free
7.82 Gb Paging File | 4.74 Gb Available in Paging File | 60.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 657.54 Gb Total Space | 531.33 Gb Free Space | 80.81% Space Free | Partition Type: NTFS
Drive D: | 37.99 Gb Total Space | 16.02 Gb Free Space | 42.16% Space Free | Partition Type: NTFS
 
Computer Name: RAHEL-PC | User Name: Rahel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit)
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{46AE421C-BF1B-4B62-BE0E-62FE09C6D5B5}" = CorelDRAW Graphics Suite X5 - Windows Shell Extension 64 Bit
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{794E5C90-96E5-4413-B3F5-C803205AE30C}" = Intel(R) PROSet/Wireless WiFi Software
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{BCF07271-A853-4D3A-B668-4B752174CAA8}" = iTunes
"{C7B40C35-85AE-4303-9EEA-1A1EA779664D}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E3725525-DE3E-48C1-9B81-D5FF1BFA23BC}" = VR-pulse Installer
"{EC1369CF-15BD-4FAF-BA84-65E4788C682E}" = AMI VR-pulse OS Switcher
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"Blender" = Blender
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}" = CorelDRAW Essentials X5 - Extra Content
"_{72DB27D3-FE05-4227-AF5A-11CD101ECF09}" = Corel Graphics - Windows Shell Extension
"_{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}" = CorelDRAW Essentials X5
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{15803703-25FA-4C01-A062-3F4A59937E87}" = PhotoImpact X3
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25680C01-6753-4FE9-A891-7857F26457C1}" = Intel(R) WiDi
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2F14F550-0FFC-4285-B673-880744D428A3}" = CorelDRAW Essentials X5 - Custom Data
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34809713-7886-4F6A-B9D5-CC74DBC1C77E}" = CorelDRAW Essentials X5 - Redist
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3B1EF0C5-8855-416F-A6F4-5CC5FCF267CA}" = CorelDRAW Essentials X5 - WT
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{4433CEC6-DA32-4D7B-BA95-B47C68498287}" = CorelDRAW Essentials X5 - Connect
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{57220148-3B2B-412A-A2E0-82B9DF423696}" = Windows Live Mesh ActiveX-objekt til fjernforbindelser
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}" = CorelDRAW Essentials X5 - Extra Content
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{666D7CED-12E0-4BA3-B594-5681961E7B02}" = CorelDRAW Essentials X5 - IPM
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6DE61FFB-8ADC-4A09-B3DC-5DA15CAE48A0}" = CorelDRAW Essentials X5 - DE
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}" = Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz
"{6EE9F44A-B8C7-4CDB-B2A9-441AF2AE315A}" = Windows Live Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{72DB27D3-FE05-4227-AF5A-11CD101ECF09}" = Corel Graphics - Windows Shell Extension
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7BDA08C6-D3A1-4E2A-83F6-BBE15060DF80}" = CorelDRAW Essentials X5 - IT
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F6021AE-E688-4D03-843A-C2260482BA0D}" = Windows Live Messenger
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{834F4E2F-E9DF-4FA9-8499-FF6B91012898}" = CorelDRAW Essentials X5
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{85E8F38F-0303-401E-A518-0302DF88EB07}" = CorelDRAW Essentials X5 - Draw
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89BA6E81-B60A-49BC-B283-80560A9E60DF}" = CorelDRAW Essentials X5 - PHOTO-PAINT
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C8A84AE-BCE5-E696-3DC2-D30BE2C7AA59}" = Versandhelfer
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{AA4D1C5E-116A-4FF4-AA91-28F526868203}" = watchmi
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-5464-3428-A00000000004}" = Spelling Dictionaries Support For Adobe Reader X
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.0.1) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B26438B4-BF51-49C3-9567-7F14A5E40CB9}" = Dolby Home Theater v4
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.49 (July 1st, 2011) Version v2011.build.49
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CA227A9D-09BE-4BFB-9764-48FED2DA5454}" = Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0BEB150-2046-4F94-AE7B-EA76772592F6}" = CorelDRAW Essentials X5 - Common
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{D7E60152-6C65-4982-8840-B6D28BF881BD}" = CorelDRAW Essentials X5 - FR
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E4BE9367-168B-4B30-B198-EE37C99FB147}" = CorelDRAW Essentials X5 - Filters
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E7BE4D1A-B529-448B-8407-889705B65185}" = CorelDRAW Essentials X5 - ES
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}" = CorelDRAW Essentials X5 - Setup Files
"{EE492B20-FB15-4A98-883C-3054354A11F8}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA6AF809-9A80-423A-A57A-C7D726A04E4C}" = CorelDRAW Essentials X5 - EN
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"aborange Crypter_is1" = aborange Crypter - Deinstallation
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AF-HSS Toolbar" = AF-HSS Toolbar
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Ashampoo Burning Studio_is1" = Ashampoo Burning Studio
"Ashampoo Photo Commander_is1" = Ashampoo Photo Commander
"Ashampoo Photo Optimizer_is1" = Ashampoo Photo Optimizer
"Ashampoo Snap_is1" = Ashampoo Snap
"Audacity_is1" = Audacity 1.2.6
"AudibleManager" = AudibleManager
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"conduitEngine" = Conduit Engine
"dpdhl.versandhelfer.medionlap.CDA82DC3FEDD13302C6424313D9A2999F162D21A.1" = Versandhelfer
"facetheme" = Facetheme
"foilpresenter_is1" = foilpresenter 3.0.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.815
"Google Chrome" = Google Chrome
"HotspotShield" = Hotspot Shield 2.06
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Mozilla Firefox 7.0.1 (x86 de)" = Mozilla Firefox 7.0.1 (x86 de)
"Mozilla Thunderbird (7.0.1)" = Mozilla Thunderbird (7.0.1)
"Musicnotes Combined Installer_is1" = Musicnotes Software Suite 1.5.5
"Notepad++" = Notepad++
"SongBeamer_Setup_is1" = SongBeamer 4.13
"TuneUpMedia" = TuneUp Companion 2.1.1
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"X10Hardware" = X10 Hardware(TM)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 10/15/2011 4:40:20 AM | Computer Name = Rahel-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 10/15/2011 4:40:20 AM | Computer Name = Rahel-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 10/15/2011 4:40:20 AM | Computer Name = Rahel-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 10/15/2011 4:40:20 AM | Computer Name = Rahel-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 10/15/2011 4:40:20 AM | Computer Name = Rahel-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 10/15/2011 4:40:20 AM | Computer Name = Rahel-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 10/15/2011 4:40:21 AM | Computer Name = Rahel-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 10/15/2011 4:40:21 AM | Computer Name = Rahel-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 10/16/2011 1:52:32 AM | Computer Name = Rahel-PC | Source = Avira AntiVir | ID = 4118
Description = AUSNAHMEFEHLER beim Aufruf der Funktion <Scan> für die Datei  C:\Users\Rahel\Pictures\WDL
 2011\Patricia\SANY3453.JPG.   [ACCESS_VIOLATION Exception!! EIP = 0x14e3708]   Bitte
 Avira informieren und die obige Datei übersenden!
 
Error - 10/27/2011 4:40:39 AM | Computer Name = Rahel-PC | Source = System Restore | ID = 8193
Description = 
 
[ System Events ]
Error - 10/20/2011 1:23:34 PM | Computer Name = Rahel-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 10/20/2011 1:23:49 PM | Computer Name = Rahel-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 10/20/2011 1:24:05 PM | Computer Name = Rahel-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 10/20/2011 1:24:25 PM | Computer Name = Rahel-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 10/20/2011 1:24:41 PM | Computer Name = Rahel-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 10/26/2011 5:48:31 PM | Computer Name = Rahel-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 11/3/2011 2:19:14 PM | Computer Name = Rahel-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR24 
gefunden.
 
Error - 11/3/2011 2:19:15 PM | Computer Name = Rahel-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR24 
gefunden.
 
Error - 11/3/2011 2:19:15 PM | Computer Name = Rahel-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR24 
gefunden.
 
Error - 11/3/2011 2:19:16 PM | Computer Name = Rahel-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR24 
gefunden.
 
 
< End of report >
         
Achja, das Malware Programm Malwarebytes habe ich schon installiert.

Vielen Dank schonmal!

Liebe Grüße

Alt 06.11.2011, 10:43   #2
markusg
/// Malware-holic
 
Infiziert mit TR/Dropper.Gen - Hilfe! - Standard

Infiziert mit TR/Dropper.Gen - Hilfe!



hi, poste mal die genauen avira fund meldungen, sonst können wir dir nciht weiter helfen :-)
entweder, avira, ereignisse, falls guard meldungen, oder avira, berichte, falls die funde beim scan gab.
__________________

__________________

Alt 06.11.2011, 11:14   #3
LadyRed
 
Infiziert mit TR/Dropper.Gen - Hilfe! - Standard

Infiziert mit TR/Dropper.Gen - Hilfe!



Na gut, also hier der Report von Avira, Berichte:

Code:
ATTFilter
Avira AntiVir Personal
Erstellungsdatum der Reportdatei: Samstag, 5. November 2011  13:04

Es wird nach 3480127 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Avira AntiVir Personal - Free Antivirus
Seriennummer   : 0000149996-ADJIE-0000001
Plattform      : Windows 7 x64
Windowsversion : (Service Pack 1)  [6.1.7601]
Boot Modus     : Normal gebootet
Benutzername   : SYSTEM
Computername   : RAHEL-PC

Versionsinformationen:
BUILD.DAT      : 10.2.0.704     35934 Bytes  28.09.2011 13:14:00
AVSCAN.EXE     : 10.3.0.7      484008 Bytes  10.07.2011 21:17:07
AVSCAN.DLL     : 10.0.5.0       57192 Bytes  10.07.2011 21:17:07
LUKE.DLL       : 10.3.0.5       45416 Bytes  10.07.2011 21:17:07
LUKERES.DLL    : 10.0.0.0       13672 Bytes  14.01.2010 12:22:40
AVSCPLR.DLL    : 10.3.0.7      119656 Bytes  10.07.2011 21:17:07
AVREG.DLL      : 10.3.0.9       88833 Bytes  12.07.2011 21:40:44
VBASE000.VDF   : 7.10.0.0    19875328 Bytes  06.11.2009 10:49:21
VBASE001.VDF   : 7.11.0.0    13342208 Bytes  14.12.2010 05:52:59
VBASE002.VDF   : 7.11.3.0     1950720 Bytes  09.02.2011 05:53:00
VBASE003.VDF   : 7.11.5.225   1980416 Bytes  07.04.2011 10:35:39
VBASE004.VDF   : 7.11.8.178   2354176 Bytes  31.05.2011 10:18:22
VBASE005.VDF   : 7.11.10.251  1788416 Bytes  07.07.2011 21:17:06
VBASE006.VDF   : 7.11.13.60   6411776 Bytes  16.08.2011 16:43:46
VBASE007.VDF   : 7.11.15.106  2389504 Bytes  05.10.2011 18:21:04
VBASE008.VDF   : 7.11.15.107     2048 Bytes  05.10.2011 18:21:05
VBASE009.VDF   : 7.11.15.108     2048 Bytes  05.10.2011 18:21:06
VBASE010.VDF   : 7.11.15.109     2048 Bytes  05.10.2011 18:21:07
VBASE011.VDF   : 7.11.15.110     2048 Bytes  05.10.2011 18:21:08
VBASE012.VDF   : 7.11.15.111     2048 Bytes  05.10.2011 18:21:09
VBASE013.VDF   : 7.11.15.144   161792 Bytes  07.10.2011 19:43:14
VBASE014.VDF   : 7.11.15.177   130048 Bytes  10.10.2011 11:35:46
VBASE015.VDF   : 7.11.15.213   113664 Bytes  11.10.2011 00:34:17
VBASE016.VDF   : 7.11.16.1     163328 Bytes  14.10.2011 00:34:17
VBASE017.VDF   : 7.11.16.34    187904 Bytes  18.10.2011 21:32:52
VBASE018.VDF   : 7.11.16.77    139264 Bytes  20.10.2011 13:33:26
VBASE019.VDF   : 7.11.16.112   162816 Bytes  24.10.2011 08:29:44
VBASE020.VDF   : 7.11.16.150   167424 Bytes  26.10.2011 21:32:36
VBASE021.VDF   : 7.11.16.187   171520 Bytes  28.10.2011 22:44:20
VBASE022.VDF   : 7.11.16.209   190976 Bytes  31.10.2011 14:26:27
VBASE023.VDF   : 7.11.16.243   158208 Bytes  02.11.2011 22:32:39
VBASE024.VDF   : 7.11.16.244     2048 Bytes  02.11.2011 22:32:39
VBASE025.VDF   : 7.11.16.245     2048 Bytes  02.11.2011 22:32:39
VBASE026.VDF   : 7.11.16.246     2048 Bytes  02.11.2011 22:32:40
VBASE027.VDF   : 7.11.16.247     2048 Bytes  02.11.2011 22:32:40
VBASE028.VDF   : 7.11.16.248     2048 Bytes  02.11.2011 22:32:40
VBASE029.VDF   : 7.11.16.249     2048 Bytes  02.11.2011 22:32:40
VBASE030.VDF   : 7.11.16.250     2048 Bytes  02.11.2011 22:32:40
VBASE031.VDF   : 7.11.17.14    107520 Bytes  04.11.2011 14:36:58
Engineversion  : 8.2.6.104 
AEVDF.DLL      : 8.1.2.2       106868 Bytes  25.10.2011 21:33:17
AESCRIPT.DLL   : 8.1.3.84      467324 Bytes  28.10.2011 22:44:48
AESCN.DLL      : 8.1.7.2       127349 Bytes  21.04.2011 05:52:28
AESBX.DLL      : 8.2.1.34      323957 Bytes  15.06.2011 22:54:00
AERDL.DLL      : 8.1.9.15      639348 Bytes  09.09.2011 14:13:45
AEPACK.DLL     : 8.2.13.3      684407 Bytes  25.10.2011 21:33:12
AEOFFICE.DLL   : 8.1.2.19      201084 Bytes  04.11.2011 14:39:01
AEHEUR.DLL     : 8.1.2.188    3801464 Bytes  04.11.2011 14:38:54
AEHELP.DLL     : 8.1.18.0      254327 Bytes  25.10.2011 21:32:47
AEGEN.DLL      : 8.1.5.11      401781 Bytes  25.10.2011 21:32:45
AEEMU.DLL      : 8.1.3.0       393589 Bytes  21.04.2011 05:52:17
AECORE.DLL     : 8.1.24.0      196983 Bytes  25.10.2011 21:32:42
AEBB.DLL       : 8.1.1.0        53618 Bytes  21.04.2011 05:52:16
AVWINLL.DLL    : 10.0.0.0       19304 Bytes  21.04.2011 05:52:39
AVPREF.DLL     : 10.0.3.2       44904 Bytes  10.07.2011 21:17:07
AVREP.DLL      : 10.0.0.10     174120 Bytes  10.07.2011 21:17:07
AVARKT.DLL     : 10.0.26.1     255336 Bytes  10.07.2011 21:17:06
AVEVTLOG.DLL   : 10.0.0.9      203112 Bytes  10.07.2011 21:17:06
SQLITE3.DLL    : 3.6.19.0      355688 Bytes  28.01.2010 11:59:50
AVSMTP.DLL     : 10.0.0.17      63848 Bytes  21.04.2011 05:52:38
NETNT.DLL      : 10.0.0.0       11624 Bytes  21.04.2011 05:52:50
RCIMAGE.DLL    : 10.0.0.35    2589544 Bytes  10.07.2011 21:17:06
RCTEXT.DLL     : 10.0.64.0      98664 Bytes  10.07.2011 21:17:06

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, 
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Samstag, 5. November 2011  13:04

Der Suchlauf nach versteckten Objekten wird begonnen.
C:\Users\Rahel\M-1-52-5782-8752-5245\winsvc.exe
  [FUND]      Ist das Trojanische Pferd TR/Dropper.Gen
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0029\Linkage\upperbind
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage\bind
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage\route
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage\export
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '115' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '85' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '119' Modul(e) wurden durchsucht
Durchsuche Prozess 'winsvc.exe' - '67' Modul(e) wurden durchsucht
  Modul ist infiziert -> <C:\Users\Rahel\M-1-52-5782-8752-5245\winsvc.exe>
  [FUND]      Ist das Trojanische Pferd TR/Dropper.Gen
  [HINWEIS]   Prozess 'winsvc.exe' wurde beendet
  [HINWEIS]   Der Registrierungseintrag <HKEY_USERS\S-1-5-21-1281035326-3475031109-204910716-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft® Windows Update> wurde erfolgreich repariert.
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4a5488cc.qua' verschoben!
Durchsuche Prozess 'plugin-container.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '97' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '131' Modul(e) wurden durchsucht
Durchsuche Prozess 'AdobeARM.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'TuneUpUpdater.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'UNS.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMS.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorDataMgrSvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'soffice.bin' - '222' Modul(e) wurden durchsucht
Durchsuche Prozess 'soffice.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'openvpntray.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'Monitor.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'WisLMSvc.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'CLMLSvc.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'nusb3mon.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'WButton.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'OSD.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'HotkeyApp.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'BTPlayerCtrl.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'mediasrv.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'obexsrv.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'x10nets.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'RichVideo.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'PsiService_2.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'hsswd.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'hsssrv.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'openvpnas.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'mDNSResponder.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'devmonsrv.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'UMVPFSrv.exe' - '24' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
C:\Users\Rahel\M-1-52-5782-8752-5245\winsvc.exe
  [FUND]      Ist das Trojanische Pferd TR/Dropper.Gen
  [HINWEIS]   Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden!
  [HINWEIS]   Die Datei existiert nicht!

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'D:\'
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <Boot>
C:\Users\Rahel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LJQ6RG30\r[1].exe
  [FUND]      Ist das Trojanische Pferd TR/Dropper.Gen
C:\Users\Rahel\AppData\Local\Mozilla\Firefox\Profiles\dzuyvt56.default\Cache\C\04\53DB3d01
  [FUND]      Enthält Erkennungsmuster des Java-Scriptvirus JS/iFrame.HH
C:\Users\Rahel\AppData\Local\Temp\66063.exe
  [FUND]      Ist das Trojanische Pferd TR/Dropper.Gen
C:\Users\Rahel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\40a44ad0-7c3f5549
  [0] Archivtyp: ZIP
  --> buildService/MapYandex.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840.AH
  --> buildService/VirtualTable.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/2010-0840.AN
Beginne mit der Suche in 'D:\' <Recover>

Beginne mit der Desinfektion:
C:\Users\Rahel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\40a44ad0-7c3f5549
  [FUND]      Enthält Erkennungsmuster des Exploits EXP/2010-0840.AN
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '00a919d3.qua' verschoben!
C:\Users\Rahel\AppData\Local\Temp\66063.exe
  [FUND]      Ist das Trojanische Pferd TR/Dropper.Gen
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '676d561b.qua' verschoben!
C:\Users\Rahel\AppData\Local\Mozilla\Firefox\Profiles\dzuyvt56.default\Cache\C\04\53DB3d01
  [FUND]      Enthält Erkennungsmuster des Java-Scriptvirus JS/iFrame.HH
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '22f57b2a.qua' verschoben!
C:\Users\Rahel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LJQ6RG30\r[1].exe
  [FUND]      Ist das Trojanische Pferd TR/Dropper.Gen
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5df149a3.qua' verschoben!


Ende des Suchlaufs: Sonntag, 6. November 2011  00:52
Benötigte Zeit: 11:42:04 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

  35809 Verzeichnisse wurden überprüft
 990305 Dateien wurden geprüft
      7 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      5 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
 990298 Dateien ohne Befall
   9560 Archive wurden durchsucht
      0 Warnungen
     10 Hinweise
 506734 Objekte wurden beim Rootkitscan durchsucht
      4 Versteckte Objekte wurden gefunden
         
Folgenes steht bei Avira unter Ereignisse:

Zitat:
Die Datei 'C:\Users\Rahel\AppData\Local\Temp\66063.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '676d561b.qua' verschoben!

Die Datei 'C:\Users\Rahel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\40a44ad0-7c3f5549'
enthielt einen Virus oder unerwünschtes Programm 'EXP/2010-0840.AN' [exploit].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '00a919d3.qua' verschoben!

Die Datei 'C:\Users\Rahel\AppData\Local\Mozilla\Firefox\Profiles\dzuyvt56.default\Cache\C\04\53DB3d01'
enthielt einen Virus oder unerwünschtes Programm 'JS/iFrame.HH' [virus].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '22f57b2a.qua' verschoben!

Die Datei 'C:\Users\Rahel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LJQ6RG30\r[1].exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5df149a3.qua' verschoben!

Suchlauf beendet [Der Suchlauf wurde vollständig durchgeführt.].
Anzahl Dateien: 990305
Anzahl Verzeichnisse: 35809
Anzahl Malware: 7
Anzahl Warnungen: 0
Braucht ihr noch was?

Gruß
__________________

Alt 06.11.2011, 14:29   #4
markusg
/// Malware-holic
 
Infiziert mit TR/Dropper.Gen - Hilfe! - Standard

Infiziert mit TR/Dropper.Gen - Hilfe!



Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
  • Besuche folgende Seite für Downloadlinks und Anweisungen für dieses
    Tool

    Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Hinweis:
    Gehe sicher das all deine Anti Virus und Anti Malware Programme abgeschalten sind, damit diese Combofix nicht bei der Arbeit stören.
  • Poste bitte die C:\Combofix.txt in deiner nächsten Antwort.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 06.11.2011, 23:36   #5
LadyRed
 
Infiziert mit TR/Dropper.Gen - Hilfe! - Standard

Infiziert mit TR/Dropper.Gen - Hilfe!



Ich bin so froh, dass ich hier Hilfe bekomme... Vielen Dank!

Hier der Log von Combofix:
Code:
ATTFilter
ComboFix 11-11-06.02 - Rahel 06.11.2011  23:42:18.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4003.2491 [GMT 1:00]
ausgeführt von:: c:\users\Rahel\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Object
c:\program files (x86)\Object\bho_project.dll
c:\program files (x86)\Object\ChromeAddon.pem
c:\program files (x86)\Object\chromeaddon\._included.js
c:\program files (x86)\Object\chromeaddon\background.html
c:\program files (x86)\Object\chromeaddon\included.js
c:\program files (x86)\Object\chromeaddon\manifest.json
c:\program files (x86)\Object\config.ini
c:\program files (x86)\Object\facetheme\build.sh
c:\program files (x86)\Object\facetheme\chrome.manifest
c:\program files (x86)\Object\facetheme\config_build.sh
c:\program files (x86)\Object\facetheme\content\.DS_Store
c:\program files (x86)\Object\facetheme\content\firefoxOverlay.xul
c:\program files (x86)\Object\facetheme\content\installid.js
c:\program files (x86)\Object\facetheme\content\overlay.js
c:\program files (x86)\Object\facetheme\content\sudoku.js
c:\program files (x86)\Object\facetheme\defaults\.DS_Store
c:\program files (x86)\Object\facetheme\defaults\preferences\._sudoku.js
c:\program files (x86)\Object\facetheme\defaults\preferences\.DS_Store
c:\program files (x86)\Object\facetheme\defaults\preferences\sudoku.js
c:\program files (x86)\Object\facetheme\files
c:\program files (x86)\Object\facetheme\install.rdf
c:\program files (x86)\Object\facetheme\locale\.DS_Store
c:\program files (x86)\Object\facetheme\locale\en-US\.DS_Store
c:\program files (x86)\Object\facetheme\locale\en-US\sudoku.dtd
c:\program files (x86)\Object\facetheme\locale\en-US\sudoku.properties
c:\program files (x86)\Object\facetheme\readme.txt
c:\program files (x86)\Object\facetheme\skin\overlay.css
c:\program files (x86)\Object\facetheme_uninstall.exe
c:\program files (x86)\Object\status.txt
c:\program files (x86)\Object\status2.txt
c:\programdata\Roaming
c:\windows\UA000096.DLL
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-10-06 bis 2011-11-06  ))))))))))))))))))))))))))))))
.
.
2011-11-06 23:00 . 2011-11-06 23:00	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-11-06 00:12 . 2011-11-06 00:12	--------	d-----w-	c:\users\Rahel\AppData\Roaming\Malwarebytes
2011-11-06 00:11 . 2011-11-06 00:11	--------	d-----w-	c:\programdata\Malwarebytes
2011-11-06 00:11 . 2011-11-06 00:11	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-06 00:11 . 2011-08-31 16:00	25416	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-10-30 21:10 . 2011-11-05 12:12	--------	d-sh--r-	c:\users\Rahel\M-1-52-5782-8752-5245
2011-10-12 21:54 . 2011-09-06 03:03	3138048	----a-w-	c:\windows\system32\win32k.sys
2011-10-12 21:54 . 2011-08-17 05:26	613888	----a-w-	c:\windows\system32\psisdecd.dll
2011-10-12 21:54 . 2011-08-17 05:25	108032	----a-w-	c:\windows\system32\psisrndr.ax
2011-10-12 21:54 . 2011-08-17 04:24	465408	----a-w-	c:\windows\SysWow64\psisdecd.dll
2011-10-12 21:54 . 2011-08-17 04:19	75776	----a-w-	c:\windows\SysWow64\psisrndr.ax
2011-10-12 21:54 . 2011-08-27 05:37	861696	----a-w-	c:\windows\system32\oleaut32.dll
2011-10-12 21:54 . 2011-08-27 05:37	331776	----a-w-	c:\windows\system32\oleacc.dll
2011-10-12 21:54 . 2011-08-27 04:26	571904	----a-w-	c:\windows\SysWow64\oleaut32.dll
2011-10-12 21:54 . 2011-08-27 04:26	233472	----a-w-	c:\windows\SysWow64\oleacc.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-11 23:13 . 2011-08-11 23:13	404640	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2006-05-03 10:06	163328	--sha-r-	c:\windows\SysWOW64\flvDX.dll
2007-02-21 11:47	31232	--sha-r-	c:\windows\SysWOW64\msfDX.dll
2008-03-16 13:30	216064	--sha-r-	c:\windows\SysWOW64\nbDX.dll
2010-01-06 22:00	107520	--sha-r-	c:\windows\SysWOW64\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{f0381dbd-e018-4e07-ae40-d96ab15083f0}"= "c:\program files (x86)\AF-HSS\tbAF-H.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{f0381dbd-e018-4e07-ae40-d96ab15083f0}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 10:26	3908192	----a-w-	c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{f0381dbd-e018-4e07-ae40-d96ab15083f0}]
2010-10-18 10:26	3908192	----a-w-	c:\program files (x86)\AF-HSS\tbAF-H.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{f0381dbd-e018-4e07-ae40-d96ab15083f0}"= "c:\program files (x86)\AF-HSS\tbAF-H.dll" [2010-10-18 3908192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{f0381dbd-e018-4e07-ae40-d96ab15083f0}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-06-15 15141768]
"ICQ"="c:\program files (x86)\ICQ7.5\ICQ.exe" [2011-08-01 124480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HotkeyApp"="c:\program files (x86)\Launch Manager\HotkeyApp.exe" [2010-12-15 207400]
"LMgrVolOSD"="c:\program files (x86)\Launch Manager\OSD.exe" [2009-12-11 348960]
"Wbutton"="c:\program files (x86)\Launch Manager\Wbutton.exe" [2010-06-21 436264]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"Dolby Home Theater v4"="c:\program files (x86)\Dolby Home Theater v4\pcee4.exe" [2011-02-03 506712]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2010-08-03 107816]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"Ulead AutoDetector v2"="c:\program files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2007-08-02 95504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\users\Rahel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
watchmi tray.lnk - c:\windows\Installer\{AA4D1C5E-116A-4FF4-AA91-28F526868203}\SHCT_TRAY_PROGRAMG_A10D8603999C4E9488776EF2533C58C9.exe [2011-7-4 300416]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-04 136176]
R3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [x]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-04 136176]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech Webcam C210(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 mod7764;Tv Tuner device;c:\windows\system32\DRIVERS\mod77-64.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-02-04 340240]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-02-11 907600]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-02-11 997712]
S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [2011-07-01 298824]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2011-05-25 329544]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-04-01 428640]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S2 watchmi;watchmi service;c:\program files (x86)\watchmi\TvdService.exe [2010-12-06 62464]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-02-11 1304912]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\drivers\iwdbus.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [x]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUVStor.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
S3 WisLMSvc;WisLMSvc;c:\program files (x86)\Launch Manager\WisLMSvc.exe [2009-10-23 118560]
S3 X10Hid;X10 Hid Device;c:\windows\System32\Drivers\x10hid.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2011-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-04 15:51]
.
2011-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-04 15:51]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2011-05-24 23:41	287048	----a-w-	c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-28 11785832]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-28 2207848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-07 391000]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-07 418136]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-02-04 1933584]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-02-11 10361616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2765711
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to MP3 Converter - c:\users\Rahel\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.21.1
FF - ProfilePath - c:\users\Rahel\AppData\Roaming\Mozilla\Firefox\Profiles\dzuyvt56.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2765711&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2765711&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2765711&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-LMgrOSD - c:\program files (x86)\Launch Manager\OSDCtrl.exe
WebBrowser-{F0381DBD-E018-4E07-AE40-D96AB15083F0} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-facetheme - c:\program files (x86)\Object\facetheme_uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-11-07  00:39:09
ComboFix-quarantined-files.txt  2011-11-06 23:39
.
Vor Suchlauf: 10 Verzeichnis(se), 573.259.526.144 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 575.306.739.712 Bytes frei
.
- - End Of File - - 437AD9C42EC01757FBE4A3626BD264A5
         
Und nun?


Alt 07.11.2011, 11:15   #6
markusg
/// Malware-holic
 
Infiziert mit TR/Dropper.Gen - Hilfe! - Standard

Infiziert mit TR/Dropper.Gen - Hilfe!



start suchen, tippe
editor
enter
kopiere rein:

killall::
Rootkit::
Folder::
c:\users\Rahel\M-1-52-5782-8752-5245


datei speichern unter, typ alle dateien, ort, dort wo sich combofix.exe befindet, name:
cfscript.txt

jetzt bitte alle programme die du offen hast, ausschalten, auch avira guard, rechtsklick, deaktivieren.
schalte auch alle programme im systray, dort wo sich die uhr befindet, aus.
geht meist über rechtsklick, deaktivieren bzw beenden.
nun ziehe cfscript.txt auf combofix, programm startet, log posten
__________________
--> Infiziert mit TR/Dropper.Gen - Hilfe!

Alt 07.11.2011, 13:11   #7
LadyRed
 
Infiziert mit TR/Dropper.Gen - Hilfe! - Standard

Infiziert mit TR/Dropper.Gen - Hilfe!



Combifix ist fertig ich habe alles nach Anleitung gemacht. Nun kann ich leider keinerlei Verknüpfungen auf dem Desktop etc. mehr öffnen.
Es kommt immer die Meldung "c:\Program Files (x86)\Mozilla Firefox\firefox.exe Es wurde versucht ein Registrierungsschlüssel einem unzulässigen Vorgang zu unterziehen, der zum Löschen markiert wurde."
Und die Log-Datei finde ich gerade auch nicht suche sie aber.
Im prinzip kann ich fast nichts mehr machen, schreibe jetzt von einem anderen PC aus

EDIT: Über Tastenkombinationen lassen sich alle Programme öffnen, zB über den Taskmanager (Neuer Task(Ausführen...))
Die Log-Datei habe ich gefunden, lässt sich allerdings unter der obenstehenden Meldung nicht öffnen. Ich hänge sie an!

Code:
ATTFilter
ComboFix 11-11-06.02 - Rahel 07.11.2011  13:28:00.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4003.2465 [GMT 1:00]
ausgeführt von:: c:\users\Rahel\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Rahel\Desktop\cfscript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Rahel\M-1-52-5782-8752-5245
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-10-07 bis 2011-11-07  ))))))))))))))))))))))))))))))
.
.
2011-11-07 12:36 . 2011-11-07 12:36	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-11-06 00:12 . 2011-11-06 00:12	--------	d-----w-	c:\users\Rahel\AppData\Roaming\Malwarebytes
2011-11-06 00:11 . 2011-11-06 00:11	--------	d-----w-	c:\programdata\Malwarebytes
2011-11-06 00:11 . 2011-11-06 00:11	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-06 00:11 . 2011-08-31 16:00	25416	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-10-12 21:54 . 2011-09-06 03:03	3138048	----a-w-	c:\windows\system32\win32k.sys
2011-10-12 21:54 . 2011-08-17 05:26	613888	----a-w-	c:\windows\system32\psisdecd.dll
2011-10-12 21:54 . 2011-08-17 05:25	108032	----a-w-	c:\windows\system32\psisrndr.ax
2011-10-12 21:54 . 2011-08-17 04:24	465408	----a-w-	c:\windows\SysWow64\psisdecd.dll
2011-10-12 21:54 . 2011-08-17 04:19	75776	----a-w-	c:\windows\SysWow64\psisrndr.ax
2011-10-12 21:54 . 2011-08-27 05:37	861696	----a-w-	c:\windows\system32\oleaut32.dll
2011-10-12 21:54 . 2011-08-27 05:37	331776	----a-w-	c:\windows\system32\oleacc.dll
2011-10-12 21:54 . 2011-08-27 04:26	571904	----a-w-	c:\windows\SysWow64\oleaut32.dll
2011-10-12 21:54 . 2011-08-27 04:26	233472	----a-w-	c:\windows\SysWow64\oleacc.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-11 23:13 . 2011-08-11 23:13	404640	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2006-05-03 10:06	163328	--sha-r-	c:\windows\SysWOW64\flvDX.dll
2007-02-21 11:47	31232	--sha-r-	c:\windows\SysWOW64\msfDX.dll
2008-03-16 13:30	216064	--sha-r-	c:\windows\SysWOW64\nbDX.dll
2010-01-06 22:00	107520	--sha-r-	c:\windows\SysWOW64\TAKDSDecoder.dll
.
.
(((((((((((((((((((((((((((((   SnapShot@2011-11-06_23.02.12   )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2011-11-06 22:32	32768              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-11-07 12:37	32768              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-11-06 22:32	49152              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-07 12:37	49152              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-06 22:32	32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-07 12:37	32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 05:10 . 2011-11-07 12:26	33408              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:46 . 2011-11-07 12:45	93232              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-07-09 00:57 . 2011-11-07 11:39	4798              c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2011-07-09 00:57 . 2011-10-13 21:31	4798              c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-07-04 15:59 . 2011-11-07 12:26	7952              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1281035326-3475031109-204910716-1000_UserData.bin
+ 2011-04-23 22:38 . 2011-11-07 12:36	4725              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2011-04-23 22:38 . 2011-10-13 21:31	4725              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2011-10-13 21:32 . 2011-10-13 21:32	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-07 12:37 . 2011-11-07 12:37	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-07 12:37 . 2011-11-07 12:37	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-10-13 21:32 . 2011-10-13 21:32	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-07-05 08:32 . 2011-11-07 08:01	307002              c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
- 2011-07-05 08:32 . 2011-11-06 11:13	307002              c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2011-07-05 09:25 . 2011-11-07 12:59	302310              c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2011-11-07 12:42	616008              c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-11-05 19:14	616008              c:\windows\system32\perfh009.dat
+ 2011-04-23 23:02 . 2011-11-07 12:42	654166              c:\windows\system32\perfh007.dat
- 2011-04-23 23:02 . 2011-11-05 19:14	654166              c:\windows\system32\perfh007.dat
- 2009-07-14 02:36 . 2011-11-05 19:14	106388              c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-11-07 12:42	106388              c:\windows\system32\perfc009.dat
+ 2011-04-23 23:02 . 2011-11-07 12:42	130006              c:\windows\system32\perfc007.dat
- 2011-04-23 23:02 . 2011-11-05 19:14	130006              c:\windows\system32\perfc007.dat
+ 2011-07-04 19:55 . 2011-11-07 11:39	979192              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-07-14 05:01 . 2011-10-13 21:31	354208              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-11-07 12:36	354208              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:45 . 2011-11-07 11:43	7188300              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2011-10-13 21:35	7188300              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 02:34 . 2011-11-07 11:39	10223616              c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2011-10-13 21:31	10223616              c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2011-07-04 16:16 . 2011-11-07 12:36	28795212              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1281035326-3475031109-204910716-1000-8192.dat
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{f0381dbd-e018-4e07-ae40-d96ab15083f0}"= "c:\program files (x86)\AF-HSS\tbAF-H.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{f0381dbd-e018-4e07-ae40-d96ab15083f0}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 10:26	3908192	----a-w-	c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{f0381dbd-e018-4e07-ae40-d96ab15083f0}]
2010-10-18 10:26	3908192	----a-w-	c:\program files (x86)\AF-HSS\tbAF-H.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{f0381dbd-e018-4e07-ae40-d96ab15083f0}"= "c:\program files (x86)\AF-HSS\tbAF-H.dll" [2010-10-18 3908192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{f0381dbd-e018-4e07-ae40-d96ab15083f0}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-06-15 15141768]
"ICQ"="c:\program files (x86)\ICQ7.5\ICQ.exe" [2011-08-01 124480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HotkeyApp"="c:\program files (x86)\Launch Manager\HotkeyApp.exe" [2010-12-15 207400]
"LMgrVolOSD"="c:\program files (x86)\Launch Manager\OSD.exe" [2009-12-11 348960]
"Wbutton"="c:\program files (x86)\Launch Manager\Wbutton.exe" [2010-06-21 436264]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"Dolby Home Theater v4"="c:\program files (x86)\Dolby Home Theater v4\pcee4.exe" [2011-02-03 506712]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2010-08-03 107816]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"Ulead AutoDetector v2"="c:\program files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2007-08-02 95504]
.
c:\users\Rahel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
watchmi tray.lnk - c:\windows\Installer\{AA4D1C5E-116A-4FF4-AA91-28F526868203}\SHCT_TRAY_PROGRAMG_A10D8603999C4E9488776EF2533C58C9.exe [2011-7-4 300416]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-04 136176]
R3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-04 136176]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech Webcam C210(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 mod7764;Tv Tuner device;c:\windows\system32\DRIVERS\mod77-64.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-02-04 340240]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WisLMSvc;WisLMSvc;c:\program files (x86)\Launch Manager\WisLMSvc.exe [2009-10-23 118560]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-02-11 907600]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-02-11 997712]
S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [2011-07-01 298824]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2011-05-25 329544]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-04-01 428640]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S2 watchmi;watchmi service;c:\program files (x86)\watchmi\TvdService.exe [2010-12-06 62464]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-02-11 1304912]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\drivers\iwdbus.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [x]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUVStor.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
S3 X10Hid;X10 Hid Device;c:\windows\System32\Drivers\x10hid.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2011-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-04 15:51]
.
2011-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-04 15:51]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-28 11785832]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-28 2207848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-07 391000]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-07 418136]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-02-04 1933584]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-02-11 10361616]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2765711
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to MP3 Converter - c:\users\Rahel\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.21.1
FF - ProfilePath - c:\users\Rahel\AppData\Roaming\Mozilla\Firefox\Profiles\dzuyvt56.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2765711&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2765711&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2765711&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-Sidebar - c:\program files\Windows Sidebar\sidebar.exe
WebBrowser-{F0381DBD-E018-4E07-AE40-D96AB15083F0} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\progra~2\COMMON~1\X10\Common\x10nets.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Hotspot Shield\bin\openvpntray.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-11-07  14:03:10 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-11-07 13:03
ComboFix2.txt  2011-11-06 23:39
.
Vor Suchlauf: 12 Verzeichnis(se), 574.529.368.064 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 574.108.745.728 Bytes frei
.
- - End Of File - - 9DFBCB8ECB3323968170DB268EB05B67
         
Ein weiterer Zusatz: Habe die Datei nachdem ich sie hier hochgeladen habe nochmal runtergeladen und dann konnte ich sie mir ganz normal anschauen, daher ist sie jetzt direkt im Beitrag...
Angehängte Dateien
Dateityp: txt log.txt (23,4 KB, 220x aufgerufen)

Geändert von LadyRed (07.11.2011 um 13:22 Uhr)

Alt 07.11.2011, 14:27   #8
markusg
/// Malware-holic
 
Infiziert mit TR/Dropper.Gen - Hilfe! - Standard

Infiziert mit TR/Dropper.Gen - Hilfe!



starte mal neu, dann kannst du wieder alle programme öffnen.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 07.11.2011, 14:33   #9
LadyRed
 
Infiziert mit TR/Dropper.Gen - Hilfe! - Standard

Infiziert mit TR/Dropper.Gen - Hilfe!



Super, danke, da bin ich ja erleichtert.
Dachte schon ich hätte irgendwas am System geschrottet.

Wieweit bin ich jetzt mit der Bereinigung von den Viren?

Alt 07.11.2011, 14:43   #10
markusg
/// Malware-holic
 
Infiziert mit TR/Dropper.Gen - Hilfe! - Standard

Infiziert mit TR/Dropper.Gen - Hilfe!



sieht erst mal gut aus.
http://www.trojaner-board.de/82358-t...entfernen.html
tdss killer nutzen, nichts löschen nur das log posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 07.11.2011, 14:54   #11
LadyRed
 
Infiziert mit TR/Dropper.Gen - Hilfe! - Standard

Infiziert mit TR/Dropper.Gen - Hilfe!



Hat glaube ich nichts gefunden...


Code:
ATTFilter
15:57:41.0278 3648	TDSS rootkit removing tool 2.6.16.0 Nov  7 2011 16:26:51
15:57:41.0574 3648	============================================================
15:57:41.0574 3648	Current date / time: 2011/11/07 15:57:41.0574
15:57:41.0574 3648	SystemInfo:
15:57:41.0574 3648	
15:57:41.0574 3648	OS Version: 6.1.7601 ServicePack: 1.0
15:57:41.0574 3648	Product type: Workstation
15:57:41.0574 3648	ComputerName: RAHEL-PC
15:57:41.0574 3648	UserName: Rahel
15:57:41.0574 3648	Windows directory: C:\Windows
15:57:41.0574 3648	System windows directory: C:\Windows
15:57:41.0574 3648	Running under WOW64
15:57:41.0574 3648	Processor architecture: Intel x64
15:57:41.0574 3648	Number of processors: 4
15:57:41.0574 3648	Page size: 0x1000
15:57:41.0574 3648	Boot type: Normal boot
15:57:41.0574 3648	============================================================
15:57:42.0260 3648	Initialize success
15:57:46.0067 5460	============================================================
15:57:46.0067 5460	Scan started
15:57:46.0067 5460	Mode: Manual; 
15:57:46.0067 5460	============================================================
15:57:47.0143 5460	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:57:47.0143 5460	1394ohci - ok
15:57:47.0330 5460	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:57:47.0330 5460	ACPI - ok
15:57:47.0424 5460	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:57:47.0424 5460	AcpiPmi - ok
15:57:47.0518 5460	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
15:57:47.0533 5460	adp94xx - ok
15:57:47.0658 5460	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
15:57:47.0658 5460	adpahci - ok
15:57:47.0767 5460	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
15:57:47.0767 5460	adpu320 - ok
15:57:47.0876 5460	AFD             (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
15:57:47.0892 5460	AFD - ok
15:57:48.0001 5460	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:57:48.0001 5460	agp440 - ok
15:57:48.0266 5460	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:57:48.0266 5460	aliide - ok
15:57:48.0376 5460	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:57:48.0376 5460	amdide - ok
15:57:48.0469 5460	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
15:57:48.0469 5460	AmdK8 - ok
15:57:48.0563 5460	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
15:57:48.0563 5460	AmdPPM - ok
15:57:48.0672 5460	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
15:57:48.0688 5460	amdsata - ok
15:57:48.0797 5460	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
15:57:48.0797 5460	amdsbs - ok
15:57:48.0906 5460	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
15:57:48.0906 5460	amdxata - ok
15:57:49.0031 5460	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:57:49.0031 5460	AppID - ok
15:57:49.0171 5460	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
15:57:49.0171 5460	arc - ok
15:57:49.0280 5460	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
15:57:49.0280 5460	arcsas - ok
15:57:49.0374 5460	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:57:49.0374 5460	AsyncMac - ok
15:57:49.0499 5460	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:57:49.0499 5460	atapi - ok
15:57:49.0624 5460	avgntflt        (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
15:57:49.0639 5460	avgntflt - ok
15:57:49.0748 5460	avipbb          (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
15:57:49.0748 5460	avipbb - ok
15:57:49.0873 5460	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
15:57:49.0873 5460	b06bdrv - ok
15:57:49.0982 5460	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:57:49.0982 5460	b57nd60a - ok
15:57:50.0076 5460	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:57:50.0076 5460	Beep - ok
15:57:50.0185 5460	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
15:57:50.0185 5460	blbdrive - ok
15:57:50.0310 5460	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:57:50.0310 5460	bowser - ok
15:57:50.0419 5460	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
15:57:50.0419 5460	BrFiltLo - ok
15:57:50.0497 5460	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
15:57:50.0497 5460	BrFiltUp - ok
15:57:50.0606 5460	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:57:50.0622 5460	Brserid - ok
15:57:50.0716 5460	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:57:50.0716 5460	BrSerWdm - ok
15:57:50.0809 5460	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:57:50.0809 5460	BrUsbMdm - ok
15:57:50.0903 5460	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:57:50.0903 5460	BrUsbSer - ok
15:57:51.0012 5460	BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
15:57:51.0012 5460	BthEnum - ok
15:57:51.0106 5460	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:57:51.0121 5460	BTHMODEM - ok
15:57:51.0230 5460	BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
15:57:51.0246 5460	BthPan - ok
15:57:51.0355 5460	BTHPORT         (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
15:57:51.0371 5460	BTHPORT - ok
15:57:51.0480 5460	BTHUSB          (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
15:57:51.0480 5460	BTHUSB - ok
15:57:51.0589 5460	btmaudio        (8652c1572157bfa7e86ee41cb729eb46) C:\Windows\system32\drivers\btmaud.sys
15:57:51.0589 5460	btmaudio - ok
15:57:51.0683 5460	btmaux          (ba554bfcbf21201d310738a42c9c19e1) C:\Windows\system32\DRIVERS\btmaux.sys
15:57:51.0683 5460	btmaux - ok
15:57:51.0808 5460	btmhsf          (0010a54571f525a97eed8c091e96eaa9) C:\Windows\system32\DRIVERS\btmhsf.sys
15:57:51.0808 5460	btmhsf - ok
15:57:51.0823 5460	catchme - ok
15:57:51.0917 5460	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:57:51.0917 5460	cdfs - ok
15:57:52.0010 5460	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
15:57:52.0026 5460	cdrom - ok
15:57:52.0135 5460	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
15:57:52.0135 5460	circlass - ok
15:57:52.0213 5460	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:57:52.0213 5460	CLFS - ok
15:57:52.0322 5460	clwvd           (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
15:57:52.0322 5460	clwvd - ok
15:57:52.0432 5460	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
15:57:52.0432 5460	CmBatt - ok
15:57:52.0510 5460	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:57:52.0510 5460	cmdide - ok
15:57:52.0603 5460	CNG             (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
15:57:52.0619 5460	CNG - ok
15:57:52.0712 5460	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
15:57:52.0712 5460	Compbatt - ok
15:57:52.0837 5460	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
15:57:52.0837 5460	CompositeBus - ok
15:57:52.0946 5460	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
15:57:52.0946 5460	crcdisk - ok
15:57:53.0087 5460	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:57:53.0087 5460	DfsC - ok
15:57:53.0212 5460	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:57:53.0212 5460	discache - ok
15:57:53.0321 5460	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
15:57:53.0321 5460	Disk - ok
15:57:53.0430 5460	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:57:53.0446 5460	drmkaud - ok
15:57:53.0555 5460	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:57:53.0570 5460	DXGKrnl - ok
15:57:53.0742 5460	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
15:57:53.0836 5460	ebdrv - ok
15:57:53.0960 5460	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
15:57:53.0976 5460	elxstor - ok
15:57:54.0070 5460	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:57:54.0070 5460	ErrDev - ok
15:57:54.0210 5460	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:57:54.0210 5460	exfat - ok
15:57:54.0288 5460	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:57:54.0304 5460	fastfat - ok
15:57:54.0397 5460	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
15:57:54.0397 5460	fdc - ok
15:57:54.0491 5460	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:57:54.0491 5460	FileInfo - ok
15:57:54.0569 5460	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:57:54.0569 5460	Filetrace - ok
15:57:54.0662 5460	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
15:57:54.0662 5460	flpydisk - ok
15:57:54.0756 5460	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:57:54.0756 5460	FltMgr - ok
15:57:54.0865 5460	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:57:54.0865 5460	FsDepends - ok
15:57:54.0959 5460	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
15:57:54.0959 5460	Fs_Rec - ok
15:57:55.0052 5460	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:57:55.0052 5460	fvevol - ok
15:57:55.0177 5460	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
15:57:55.0177 5460	gagp30kx - ok
15:57:55.0286 5460	GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:57:55.0286 5460	GEARAspiWDM - ok
15:57:55.0411 5460	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:57:55.0411 5460	hcw85cir - ok
15:57:55.0520 5460	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:57:55.0520 5460	HdAudAddService - ok
15:57:55.0630 5460	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
15:57:55.0630 5460	HDAudBus - ok
15:57:55.0708 5460	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
15:57:55.0708 5460	HidBatt - ok
15:57:55.0801 5460	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
15:57:55.0801 5460	HidBth - ok
15:57:55.0864 5460	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
15:57:55.0864 5460	HidIr - ok
15:57:55.0988 5460	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
15:57:55.0988 5460	HidUsb - ok
15:57:56.0113 5460	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:57:56.0113 5460	HpSAMD - ok
15:57:56.0254 5460	HssDrv          (a60c877e1cd3aa2e4e5ccd8af305c0f1) C:\Windows\system32\DRIVERS\HssDrv.sys
15:57:56.0254 5460	HssDrv - ok
15:57:56.0410 5460	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:57:56.0425 5460	HTTP - ok
15:57:56.0503 5460	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:57:56.0519 5460	hwpolicy - ok
15:57:56.0612 5460	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:57:56.0612 5460	i8042prt - ok
15:57:56.0722 5460	iaStor          (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\drivers\iaStor.sys
15:57:56.0737 5460	iaStor - ok
15:57:56.0846 5460	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:57:56.0862 5460	iaStorV - ok
15:57:56.0940 5460	iBtFltCoex      (50b8ab6013ef9970ac85fdba0f622300) C:\Windows\system32\DRIVERS\iBtFltCoex.sys
15:57:56.0940 5460	iBtFltCoex - ok
15:57:57.0377 5460	igfx            (370c2a8629b30f910f740387795ddc6f) C:\Windows\system32\DRIVERS\igdkmd64.sys
15:57:57.0689 5460	igfx - ok
15:57:57.0798 5460	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
15:57:57.0798 5460	iirsp - ok
15:57:57.0907 5460	intaud_WaveExtensible (caddf0927dac63edae48f5c35a61d87d) C:\Windows\system32\drivers\intelaud.sys
15:57:57.0907 5460	intaud_WaveExtensible - ok
15:57:58.0079 5460	IntcAzAudAddService (177b4e48c7a288e70779b42ab81d2d06) C:\Windows\system32\drivers\RTKVHD64.sys
15:57:58.0141 5460	IntcAzAudAddService - ok
15:57:58.0250 5460	IntcDAud        (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
15:57:58.0250 5460	IntcDAud - ok
15:57:58.0328 5460	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:57:58.0328 5460	intelide - ok
15:57:58.0406 5460	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:57:58.0406 5460	intelppm - ok
15:57:58.0531 5460	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:57:58.0531 5460	IpFilterDriver - ok
15:57:58.0609 5460	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:57:58.0609 5460	IPMIDRV - ok
15:57:58.0718 5460	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:57:58.0718 5460	IPNAT - ok
15:57:58.0812 5460	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:57:58.0812 5460	IRENUM - ok
15:57:58.0906 5460	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:57:58.0906 5460	isapnp - ok
15:57:59.0015 5460	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:57:59.0015 5460	iScsiPrt - ok
15:57:59.0124 5460	iwdbus          (716f66336f10885d935b08174dc54242) C:\Windows\system32\drivers\iwdbus.sys
15:57:59.0140 5460	iwdbus - ok
15:57:59.0218 5460	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
15:57:59.0218 5460	kbdclass - ok
15:57:59.0311 5460	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
15:57:59.0311 5460	kbdhid - ok
15:57:59.0405 5460	KSecDD          (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
15:57:59.0405 5460	KSecDD - ok
15:57:59.0483 5460	KSecPkg         (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
15:57:59.0498 5460	KSecPkg - ok
15:57:59.0592 5460	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:57:59.0592 5460	ksthunk - ok
15:57:59.0686 5460	L1C             (6dd5383c9413aae3113faf89e345663d) C:\Windows\system32\DRIVERS\L1C62x64.sys
15:57:59.0686 5460	L1C - ok
15:57:59.0810 5460	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:57:59.0810 5460	lltdio - ok
15:57:59.0935 5460	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
15:57:59.0935 5460	LSI_FC - ok
15:58:00.0044 5460	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
15:58:00.0044 5460	LSI_SAS - ok
15:58:00.0138 5460	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
15:58:00.0138 5460	LSI_SAS2 - ok
15:58:00.0232 5460	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
15:58:00.0247 5460	LSI_SCSI - ok
15:58:00.0325 5460	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:58:00.0341 5460	luafv - ok
15:58:00.0450 5460	LVRS64          (ef586b959f747e74c76603ff16ae417b) C:\Windows\system32\DRIVERS\lvrs64.sys
15:58:00.0466 5460	LVRS64 - ok
15:58:00.0684 5460	LVUVC64         (edf73bfa1bd24d74d1d64dc0ed28a7cd) C:\Windows\system32\DRIVERS\lvuvc64.sys
15:58:00.0809 5460	LVUVC64 - ok
15:58:00.0902 5460	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
15:58:00.0918 5460	megasas - ok
15:58:01.0012 5460	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
15:58:01.0012 5460	MegaSR - ok
15:58:01.0105 5460	MEIx64          (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\drivers\HECIx64.sys
15:58:01.0121 5460	MEIx64 - ok
15:58:01.0261 5460	mod7764         (97b041bb78636edc0a7b0ab68c98eb9b) C:\Windows\system32\DRIVERS\mod77-64.sys
15:58:01.0277 5460	mod7764 - ok
15:58:01.0370 5460	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:58:01.0370 5460	Modem - ok
15:58:01.0464 5460	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:58:01.0480 5460	monitor - ok
15:58:01.0573 5460	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:58:01.0589 5460	mouclass - ok
15:58:01.0682 5460	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:58:01.0682 5460	mouhid - ok
15:58:01.0760 5460	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:58:01.0776 5460	mountmgr - ok
15:58:01.0854 5460	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:58:01.0854 5460	mpio - ok
15:58:01.0948 5460	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:58:01.0948 5460	mpsdrv - ok
15:58:02.0041 5460	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:58:02.0041 5460	MRxDAV - ok
15:58:02.0135 5460	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:58:02.0150 5460	mrxsmb - ok
15:58:02.0244 5460	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:58:02.0244 5460	mrxsmb10 - ok
15:58:02.0338 5460	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:58:02.0338 5460	mrxsmb20 - ok
15:58:02.0431 5460	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:58:02.0431 5460	msahci - ok
15:58:02.0525 5460	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:58:02.0525 5460	msdsm - ok
15:58:02.0634 5460	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:58:02.0634 5460	Msfs - ok
15:58:02.0743 5460	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:58:02.0743 5460	mshidkmdf - ok
15:58:02.0837 5460	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:58:02.0837 5460	msisadrv - ok
15:58:02.0946 5460	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:58:02.0962 5460	MSKSSRV - ok
15:58:03.0040 5460	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:58:03.0040 5460	MSPCLOCK - ok
15:58:03.0149 5460	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:58:03.0149 5460	MSPQM - ok
15:58:03.0242 5460	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:58:03.0258 5460	MsRPC - ok
15:58:03.0336 5460	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
15:58:03.0336 5460	mssmbios - ok
15:58:03.0445 5460	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:58:03.0445 5460	MSTEE - ok
15:58:03.0523 5460	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
15:58:03.0539 5460	MTConfig - ok
15:58:03.0617 5460	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:58:03.0617 5460	Mup - ok
15:58:03.0757 5460	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:58:03.0757 5460	NativeWifiP - ok
15:58:03.0882 5460	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:58:03.0898 5460	NDIS - ok
15:58:04.0007 5460	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:58:04.0007 5460	NdisCap - ok
15:58:04.0116 5460	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:58:04.0116 5460	NdisTapi - ok
15:58:04.0225 5460	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:58:04.0225 5460	Ndisuio - ok
15:58:04.0319 5460	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:58:04.0334 5460	NdisWan - ok
15:58:04.0428 5460	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:58:04.0428 5460	NDProxy - ok
15:58:04.0537 5460	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:58:04.0537 5460	NetBIOS - ok
15:58:04.0631 5460	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:58:04.0631 5460	NetBT - ok
15:58:05.0005 5460	NETwNs64        (2b26c8a6b4fb519e1849101a10e6c68d) C:\Windows\system32\DRIVERS\NETwNs64.sys
15:58:05.0270 5460	NETwNs64 - ok
15:58:05.0380 5460	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
15:58:05.0380 5460	nfrd960 - ok
15:58:05.0489 5460	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:58:05.0489 5460	Npfs - ok
15:58:05.0567 5460	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:58:05.0567 5460	nsiproxy - ok
15:58:05.0692 5460	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:58:05.0738 5460	Ntfs - ok
15:58:05.0816 5460	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:58:05.0816 5460	Null - ok
15:58:05.0926 5460	nusb3hub        (0ebc9d13cd96c15b1b18d8678a609e4b) C:\Windows\system32\drivers\nusb3hub.sys
15:58:05.0926 5460	nusb3hub - ok
15:58:06.0019 5460	nusb3xhc        (7bdec000d56d485021d9c1e63c2f81ca) C:\Windows\system32\drivers\nusb3xhc.sys
15:58:06.0035 5460	nusb3xhc - ok
15:58:06.0128 5460	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:58:06.0128 5460	nvraid - ok
15:58:06.0253 5460	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:58:06.0253 5460	nvstor - ok
15:58:06.0331 5460	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:58:06.0347 5460	nv_agp - ok
15:58:06.0425 5460	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:58:06.0425 5460	ohci1394 - ok
15:58:06.0519 5460	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
15:58:06.0534 5460	Parport - ok
15:58:06.0612 5460	partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
15:58:06.0612 5460	partmgr - ok
15:58:06.0706 5460	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:58:06.0706 5460	pci - ok
15:58:06.0799 5460	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:58:06.0799 5460	pciide - ok
15:58:06.0877 5460	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
15:58:06.0893 5460	pcmcia - ok
15:58:06.0971 5460	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:58:06.0971 5460	pcw - ok
15:58:07.0065 5460	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:58:07.0080 5460	PEAUTH - ok
15:58:07.0252 5460	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:58:07.0252 5460	PptpMiniport - ok
15:58:07.0330 5460	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
15:58:07.0330 5460	Processor - ok
15:58:07.0423 5460	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:58:07.0423 5460	Psched - ok
15:58:07.0579 5460	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
15:58:07.0611 5460	ql2300 - ok
15:58:07.0720 5460	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
15:58:07.0720 5460	ql40xx - ok
15:58:07.0813 5460	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:58:07.0813 5460	QWAVEdrv - ok
15:58:07.0907 5460	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:58:07.0907 5460	RasAcd - ok
15:58:08.0001 5460	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:58:08.0001 5460	RasAgileVpn - ok
15:58:08.0094 5460	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:58:08.0110 5460	Rasl2tp - ok
15:58:08.0203 5460	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:58:08.0203 5460	RasPppoe - ok
15:58:08.0313 5460	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:58:08.0313 5460	RasSstp - ok
15:58:08.0406 5460	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:58:08.0406 5460	rdbss - ok
15:58:08.0500 5460	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
15:58:08.0500 5460	rdpbus - ok
15:58:08.0593 5460	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:58:08.0593 5460	RDPCDD - ok
15:58:08.0671 5460	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:58:08.0687 5460	RDPENCDD - ok
15:58:08.0765 5460	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:58:08.0765 5460	RDPREFMP - ok
15:58:08.0843 5460	RDPWD           (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
15:58:08.0859 5460	RDPWD - ok
15:58:08.0937 5460	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:58:08.0952 5460	rdyboost - ok
15:58:09.0077 5460	RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
15:58:09.0077 5460	RFCOMM - ok
15:58:09.0202 5460	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:58:09.0202 5460	rspndr - ok
15:58:09.0311 5460	RSUSBVSTOR      (ce0a1d8a59410e698140821e4e69da0d) C:\Windows\System32\Drivers\RtsUVStor.sys
15:58:09.0327 5460	RSUSBVSTOR - ok
15:58:09.0405 5460	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:58:09.0405 5460	sbp2port - ok
15:58:09.0483 5460	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:58:09.0498 5460	scfilter - ok
15:58:09.0607 5460	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:58:09.0607 5460	secdrv - ok
15:58:09.0701 5460	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
15:58:09.0701 5460	Serenum - ok
15:58:09.0795 5460	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
15:58:09.0810 5460	Serial - ok
15:58:09.0888 5460	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
15:58:09.0888 5460	sermouse - ok
15:58:09.0997 5460	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:58:09.0997 5460	sffdisk - ok
15:58:10.0075 5460	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:58:10.0075 5460	sffp_mmc - ok
15:58:10.0185 5460	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:58:10.0185 5460	sffp_sd - ok
15:58:10.0278 5460	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
15:58:10.0278 5460	sfloppy - ok
15:58:10.0403 5460	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
15:58:10.0403 5460	SiSRaid2 - ok
15:58:10.0481 5460	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
15:58:10.0481 5460	SiSRaid4 - ok
15:58:10.0559 5460	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:58:10.0559 5460	Smb - ok
15:58:10.0668 5460	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:58:10.0668 5460	spldr - ok
15:58:10.0777 5460	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:58:10.0793 5460	srv - ok
15:58:10.0902 5460	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:58:10.0902 5460	srv2 - ok
15:58:11.0011 5460	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:58:11.0011 5460	srvnet - ok
15:58:11.0136 5460	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
15:58:11.0136 5460	stexstor - ok
15:58:11.0230 5460	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
15:58:11.0230 5460	swenum - ok
15:58:11.0355 5460	SynTP           (b3ad15fa10ebeafc1275f34050e4e230) C:\Windows\system32\drivers\SynTP.sys
15:58:11.0386 5460	SynTP - ok
15:58:11.0526 5460	taphss          (f33fdc72298df4bf9813a55d21f4eb31) C:\Windows\system32\DRIVERS\taphss.sys
15:58:11.0526 5460	taphss - ok
15:58:11.0682 5460	Tcpip           (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
15:58:11.0729 5460	Tcpip - ok
15:58:11.0885 5460	TCPIP6          (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
15:58:11.0916 5460	TCPIP6 - ok
15:58:12.0010 5460	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:58:12.0010 5460	tcpipreg - ok
15:58:12.0088 5460	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:58:12.0088 5460	TDPIPE - ok
15:58:12.0150 5460	TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
15:58:12.0150 5460	TDTCP - ok
15:58:12.0228 5460	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:58:12.0244 5460	tdx - ok
15:58:12.0322 5460	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
15:58:12.0322 5460	TermDD - ok
15:58:12.0447 5460	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:58:12.0447 5460	tssecsrv - ok
15:58:12.0540 5460	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:58:12.0540 5460	TsUsbFlt - ok
15:58:12.0618 5460	TsUsbGD         (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
15:58:12.0618 5460	TsUsbGD - ok
15:58:12.0712 5460	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:58:12.0727 5460	tunnel - ok
15:58:12.0805 5460	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
15:58:12.0805 5460	uagp35 - ok
15:58:12.0883 5460	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:58:12.0899 5460	udfs - ok
15:58:12.0977 5460	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:58:12.0977 5460	uliagpkx - ok
15:58:13.0086 5460	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
15:58:13.0086 5460	umbus - ok
15:58:13.0242 5460	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
15:58:13.0242 5460	UmPass - ok
15:58:13.0383 5460	USBAAPL64       (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
15:58:13.0383 5460	USBAAPL64 - ok
15:58:13.0507 5460	usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
15:58:13.0523 5460	usbaudio - ok
15:58:13.0601 5460	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:58:13.0601 5460	usbccgp - ok
15:58:13.0695 5460	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:58:13.0695 5460	usbcir - ok
15:58:13.0788 5460	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
15:58:13.0788 5460	usbehci - ok
15:58:13.0897 5460	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:58:13.0913 5460	usbhub - ok
15:58:14.0007 5460	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
15:58:14.0007 5460	usbohci - ok
15:58:14.0100 5460	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
15:58:14.0100 5460	usbprint - ok
15:58:14.0178 5460	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:58:14.0178 5460	USBSTOR - ok
15:58:14.0272 5460	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
15:58:14.0272 5460	usbuhci - ok
15:58:14.0381 5460	usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
15:58:14.0381 5460	usbvideo - ok
15:58:14.0475 5460	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:58:14.0475 5460	vdrvroot - ok
15:58:14.0553 5460	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:58:14.0553 5460	vga - ok
15:58:14.0631 5460	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:58:14.0631 5460	VgaSave - ok
15:58:14.0709 5460	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:58:14.0709 5460	vhdmp - ok
15:58:14.0802 5460	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:58:14.0802 5460	viaide - ok
15:58:14.0896 5460	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:58:14.0896 5460	volmgr - ok
15:58:14.0974 5460	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:58:14.0989 5460	volmgrx - ok
15:58:15.0083 5460	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:58:15.0083 5460	volsnap - ok
15:58:15.0177 5460	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
15:58:15.0177 5460	vsmraid - ok
15:58:15.0270 5460	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
15:58:15.0270 5460	vwifibus - ok
15:58:15.0364 5460	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
15:58:15.0364 5460	vwififlt - ok
15:58:15.0457 5460	vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
15:58:15.0457 5460	vwifimp - ok
15:58:15.0567 5460	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
15:58:15.0567 5460	WacomPen - ok
15:58:15.0645 5460	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:58:15.0660 5460	WANARP - ok
15:58:15.0676 5460	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:58:15.0676 5460	Wanarpv6 - ok
15:58:15.0769 5460	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
15:58:15.0769 5460	Wd - ok
15:58:15.0863 5460	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:58:15.0879 5460	Wdf01000 - ok
15:58:15.0988 5460	wdkmd           (63ce387483e74a0bd79ee4e5eba1fd2e) C:\Windows\system32\DRIVERS\WDKMD.sys
15:58:15.0988 5460	wdkmd - ok
15:58:16.0097 5460	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:58:16.0113 5460	WfpLwf - ok
15:58:16.0191 5460	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:58:16.0191 5460	WIMMount - ok
15:58:16.0331 5460	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
15:58:16.0331 5460	WinUsb - ok
15:58:16.0440 5460	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:58:16.0440 5460	WmiAcpi - ok
15:58:16.0565 5460	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:58:16.0581 5460	ws2ifsl - ok
15:58:16.0659 5460	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:58:16.0674 5460	WudfPf - ok
15:58:16.0752 5460	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:58:16.0752 5460	WUDFRd - ok
15:58:16.0877 5460	X10Hid          (baa813a76f5db6cc3c2ceab7d82b6972) C:\Windows\System32\Drivers\x10hid.sys
15:58:16.0877 5460	X10Hid - ok
15:58:17.0002 5460	XUIF            (a4b2a8751a8f96134be6063b8a759116) C:\Windows\System32\Drivers\x10ufx2.sys
15:58:17.0002 5460	XUIF - ok
15:58:17.0064 5460	MBR (0x1B8)     (696e19d55ec5e8564af347109d7e796c) \Device\Harddisk0\DR0
15:58:18.0593 5460	\Device\Harddisk0\DR0 - ok
15:58:18.0655 5460	Boot (0x1200)   (7c85b405d7ab71e001b2e6ceec86a789) \Device\Harddisk0\DR0\Partition0
15:58:18.0655 5460	\Device\Harddisk0\DR0\Partition0 - ok
15:58:18.0671 5460	Boot (0x1200)   (aefbdca6cdd4aa9888fcad2e960f82f4) \Device\Harddisk0\DR0\Partition1
15:58:18.0671 5460	\Device\Harddisk0\DR0\Partition1 - ok
15:58:18.0702 5460	Boot (0x1200)   (f84ed768f667f4132ca772cce9733d13) \Device\Harddisk0\DR0\Partition2
15:58:18.0702 5460	\Device\Harddisk0\DR0\Partition2 - ok
15:58:18.0702 5460	============================================================
15:58:18.0702 5460	Scan finished
15:58:18.0702 5460	============================================================
15:58:18.0733 3504	Detected object count: 0
15:58:18.0733 3504	Actual detected object count: 0
         

Alt 07.11.2011, 14:55   #12
markusg
/// Malware-holic
 
Infiziert mit TR/Dropper.Gen - Hilfe! - Standard

Infiziert mit TR/Dropper.Gen - Hilfe!



sehr gut.
lade den CCleaner standard:
CCleaner Download - CCleaner 3.12.1572
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 07.11.2011, 15:22   #13
LadyRed
 
Infiziert mit TR/Dropper.Gen - Hilfe! - Standard

Infiziert mit TR/Dropper.Gen - Hilfe!



Hier kommt die Liste...
Angehängte Dateien
Dateityp: txt Benötigte Programme.txt (18,1 KB, 177x aufgerufen)

Alt 07.11.2011, 15:31   #14
markusg
/// Malware-holic
 
Infiziert mit TR/Dropper.Gen - Hilfe! - Standard

Infiziert mit TR/Dropper.Gen - Hilfe!



deinstaliere:
aborange

AF-HSS Toolbar

AMI VR

Conduit Engine
foilpresenter
Google Toolbar
Java alle
Java SE Downloads
downloade jre.
Skype Toolbars toolbars sind ein risiko, weg damit.
TuneUp
Versandhelfer
bereinige mit dem ccleaner
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 07.11.2011, 15:54   #15
LadyRed
 
Infiziert mit TR/Dropper.Gen - Hilfe! - Standard

Infiziert mit TR/Dropper.Gen - Hilfe!



So, ccleaner ist fertig.

Also wenn da unter den Programmen welche sind, die arg gefährlich sind, ich aber als notwendig angegeben habe, würde ich die im zweifelsfall auch löschen. Da komme ich lieber mit einem Programm weniger aus.

Wie war/ist die Gefährdung überhaupt für meinen Pc? Ich mein im Prinzip habe ich nichts von den Viren mitbekommen, außer dass sie sich auf meine SD Karte geschlichen haben und ich die formatieren musste...

Antwort

Themen zu Infiziert mit TR/Dropper.Gen - Hilfe!
64-bit, af-hss toolbar, antivir, audacity, avira, bho, bonjour, brauche dringend eure hilfe, c:\windows\system32\rundll32.exe, conduit, converter, crypter, desktop, dringend, error, firefox, flash player, google, google earth, helper, home, hotspot, hotspot shield, install.exe, js/iframe.hh, launch, logfile, mozilla thunderbird, mp3, object, programm, realtek, registry, scan, security, shortcut, software, studio, super, usb 2.0, usb 3.0, version=1.0, virus, webcheck, windows



Ähnliche Themen: Infiziert mit TR/Dropper.Gen - Hilfe!


  1. Antivir findet mehrfach Trojan.Dropper.Gen, Rechner infiziert?
    Plagegeister aller Art und deren Bekämpfung - 21.03.2011 (3)
  2. TR/Dropper.Gen - bin ich infiziert?
    Plagegeister aller Art und deren Bekämpfung - 08.03.2011 (5)
  3. mit den Trojanischen Pferd TR/Dropper. Gen infiziert! Wie kann ich es löschen?
    Plagegeister aller Art und deren Bekämpfung - 17.08.2010 (28)
  4. mit Trojaner TR/Dropper.Gen infiziert
    Plagegeister aller Art und deren Bekämpfung - 09.03.2010 (1)
  5. Hilfe! tr/dropper.gen
    Plagegeister aller Art und deren Bekämpfung - 06.03.2010 (6)
  6. Hilfe. Dropper.Gen
    Log-Analyse und Auswertung - 27.07.2009 (20)
  7. TR/Dropper.Gen? Infiziert?
    Log-Analyse und Auswertung - 10.04.2009 (1)
  8. TR/Dropper.Gen - Hilfe!!
    Plagegeister aller Art und deren Bekämpfung - 22.02.2009 (10)
  9. Laptop wahrscheinlich mit TR/Dropper infiziert
    Log-Analyse und Auswertung - 02.02.2009 (21)
  10. Bin infiziert mit Dropper.Gen
    Log-Analyse und Auswertung - 25.01.2009 (21)
  11. Hilfe PC infiziert
    Log-Analyse und Auswertung - 20.01.2009 (28)
  12. HILFE!TR/Dropper.Gen
    Mülltonne - 01.12.2008 (0)
  13. HILFE! TR/Dropper.gen
    Plagegeister aller Art und deren Bekämpfung - 03.09.2008 (1)
  14. HILFE! TR/Dropper.gen
    Mülltonne - 03.09.2008 (0)
  15. TR/Dropper.Gen- Hilfe :(
    Plagegeister aller Art und deren Bekämpfung - 16.07.2008 (5)
  16. Hilfe Dropper
    Plagegeister aller Art und deren Bekämpfung - 08.06.2008 (3)
  17. ntkrnlpa.exe infiziert von "Trojan-Dropper.Win32.Agent.bwf"
    Plagegeister aller Art und deren Bekämpfung - 17.09.2007 (6)

Zum Thema Infiziert mit TR/Dropper.Gen - Hilfe! - Hallo ihr lieben im Trojanerforum! Ich habe mich jetzt schon den ganzen Abend durch diverse Foren, Hilfsseiten etc. gewühlt, doch keine Lösung gefunden. Mein PC ist zweifach mit dem Trojaner - Infiziert mit TR/Dropper.Gen - Hilfe!...
Archiv
Du betrachtest: Infiziert mit TR/Dropper.Gen - Hilfe! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.