Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Google/rocketnews.com Problem

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 26.06.2012, 22:13   #1
Jogibub
 
Google/rocketnews.com Problem - Standard

Google/rocketnews.com Problem



Hallo zusammen,

hab hier einen Rechner von einem Nachbarn, der das gleiche Problem wie bei folgenden Threats hat:

http://www.trojaner-board.de/116423-...ocketnews.html
http://www.trojaner-board.de/117703-...ocketnews.html
http://www.trojaner-board.de/117623-...gebnissen.html

Hier 2 Logs von
-Malwarebytes (Quickscan mit Fund)
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.26.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Horst Falch :: ZUHAUSE [Administrator]

Schutz: Aktiviert

26.06.2012 19:44:46
mbam-log-2012-06-26 (19-44-46).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 205065
Laufzeit: 3 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\winstackxx.exe (Trojan.SpyEyes.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 1
C:\winstackxx.exe\config.bin (Trojan.SpyEyes.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
-Malwarebytes (anschließender Fullscan ohne Fund)
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.26.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Horst Falch :: ZUHAUSE [Administrator]

Schutz: Aktiviert

26.06.2012 21:22:03
mbam-log-2012-06-26 (21-22-03).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 346320
Laufzeit: 58 Minute(n), 38 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Ein Log von TDSSKiller (mit 1 Fund; bisher nicht behoben)
Code:
ATTFilter
21:16:24.0094 3204	TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44
21:16:24.0125 3204	============================================================
21:16:24.0125 3204	Current date / time: 2012/06/26 21:16:24.0125
21:16:24.0125 3204	SystemInfo:
21:16:24.0125 3204	
21:16:24.0125 3204	OS Version: 6.1.7601 ServicePack: 1.0
21:16:24.0125 3204	Product type: Workstation
21:16:24.0125 3204	ComputerName: ZUHAUSE
21:16:24.0125 3204	UserName: Horst Falch
21:16:24.0125 3204	Windows directory: C:\Windows
21:16:24.0125 3204	System windows directory: C:\Windows
21:16:24.0125 3204	Processor architecture: Intel x86
21:16:24.0125 3204	Number of processors: 4
21:16:24.0125 3204	Page size: 0x1000
21:16:24.0125 3204	Boot type: Normal boot
21:16:24.0125 3204	============================================================
21:16:24.0608 3204	Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:16:24.0640 3204	Drive \Device\Harddisk4\DR8 - Size: 0x7DDBFE00 (1.97 Gb), SectorSize: 0x200, Cylinders: 0x100, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:16:24.0640 3204	============================================================
21:16:24.0640 3204	\Device\Harddisk0\DR0:
21:16:24.0640 3204	MBR partitions:
21:16:24.0640 3204	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:16:24.0640 3204	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x71CD3000
21:16:24.0640 3204	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x71D05800, BlocksNum 0x2800000
21:16:24.0640 3204	\Device\Harddisk4\DR8:
21:16:24.0640 3204	MBR partitions:
21:16:24.0640 3204	============================================================
21:16:24.0671 3204	C: <-> \Device\Harddisk0\DR0\Partition1
21:16:24.0718 3204	D: <-> \Device\Harddisk0\DR0\Partition2
21:16:24.0718 3204	============================================================
21:16:24.0718 3204	Initialize success
21:16:24.0718 3204	============================================================
21:16:31.0940 3700	============================================================
21:16:31.0940 3700	Scan started
21:16:31.0940 3700	Mode: Manual; SigCheck; TDLFS; 
21:16:31.0940 3700	============================================================
21:16:32.0268 3700	1394ohci        (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\drivers\1394ohci.sys
21:16:32.0330 3700	1394ohci - ok
21:16:32.0471 3700	ABBYY.Licensing.FineReader.Sprint.9.0 (b33cf4de909a5b30f526d82053a63c8e) C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
21:16:32.0502 3700	ABBYY.Licensing.FineReader.Sprint.9.0 - ok
21:16:32.0564 3700	ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
21:16:32.0580 3700	ACPI - ok
21:16:32.0611 3700	AcpiPmi         (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
21:16:32.0689 3700	AcpiPmi - ok
21:16:32.0767 3700	AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:16:32.0783 3700	AdobeFlashPlayerUpdateSvc - ok
21:16:32.0861 3700	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
21:16:32.0908 3700	adp94xx - ok
21:16:32.0970 3700	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
21:16:33.0017 3700	adpahci - ok
21:16:33.0048 3700	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
21:16:33.0064 3700	adpu320 - ok
21:16:33.0095 3700	AeLookupSvc     (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
21:16:33.0126 3700	AeLookupSvc - ok
21:16:33.0173 3700	AFD             (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
21:16:33.0266 3700	AFD - ok
21:16:33.0282 3700	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
21:16:33.0298 3700	agp440 - ok
21:16:33.0329 3700	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
21:16:33.0344 3700	aic78xx - ok
21:16:33.0376 3700	ALG             (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
21:16:33.0422 3700	ALG - ok
21:16:33.0422 3700	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
21:16:33.0438 3700	aliide - ok
21:16:33.0454 3700	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
21:16:33.0469 3700	amdagp - ok
21:16:33.0485 3700	amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
21:16:33.0500 3700	amdide - ok
21:16:33.0516 3700	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
21:16:33.0547 3700	AmdK8 - ok
21:16:33.0563 3700	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
21:16:33.0594 3700	AmdPPM - ok
21:16:33.0641 3700	amdsata         (e7f4d42d8076ec60e21715cd11743a0d) C:\Windows\system32\drivers\amdsata.sys
21:16:33.0656 3700	amdsata - ok
21:16:33.0688 3700	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
21:16:33.0719 3700	amdsbs - ok
21:16:33.0734 3700	amdxata         (146459d2b08bfdcbfa856d9947043c81) C:\Windows\system32\drivers\amdxata.sys
21:16:33.0750 3700	amdxata - ok
21:16:33.0812 3700	AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe
21:16:33.0828 3700	AntiVirSchedulerService - ok
21:16:33.0859 3700	AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
21:16:33.0890 3700	AntiVirService - ok
21:16:33.0922 3700	AntiVirWebService (676894fa57b671fec5c3f05f8929e03b) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
21:16:33.0953 3700	AntiVirWebService - ok
21:16:33.0984 3700	AppID           (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
21:16:34.0093 3700	AppID - ok
21:16:34.0109 3700	AppIDSvc        (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
21:16:34.0156 3700	AppIDSvc - ok
21:16:34.0171 3700	Appinfo         (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
21:16:34.0234 3700	Appinfo - ok
21:16:34.0265 3700	arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
21:16:34.0280 3700	arc - ok
21:16:34.0312 3700	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
21:16:34.0327 3700	arcsas - ok
21:16:34.0374 3700	aspnet_state    (39cdcb109bf200cc8a05b9c7e6272d11) C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:16:34.0390 3700	aspnet_state - ok
21:16:34.0390 3700	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
21:16:34.0514 3700	AsyncMac - ok
21:16:34.0577 3700	atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
21:16:34.0592 3700	atapi - ok
21:16:34.0655 3700	AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
21:16:34.0733 3700	AudioEndpointBuilder - ok
21:16:34.0748 3700	Audiosrv        (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
21:16:34.0764 3700	Audiosrv - ok
21:16:34.0795 3700	avgntflt        (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
21:16:34.0826 3700	avgntflt - ok
21:16:34.0858 3700	avipbb          (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
21:16:34.0873 3700	avipbb - ok
21:16:34.0873 3700	avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
21:16:34.0889 3700	avkmgr - ok
21:16:34.0920 3700	AxInstSV        (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
21:16:34.0998 3700	AxInstSV - ok
21:16:35.0029 3700	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
21:16:35.0092 3700	b06bdrv - ok
21:16:35.0123 3700	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
21:16:35.0154 3700	b57nd60x - ok
21:16:35.0248 3700	BBSvc           (483f1162eeebd10bf77fbb32db963370) C:\Program Files\Microsoft\BingBar\BBSvc.EXE
21:16:35.0263 3700	BBSvc - ok
21:16:35.0310 3700	BBUpdate        (78779ee07231c658b483b1f38b5088df) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
21:16:35.0341 3700	BBUpdate - ok
21:16:35.0388 3700	BDESVC          (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
21:16:35.0450 3700	BDESVC - ok
21:16:35.0466 3700	Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
21:16:35.0528 3700	Beep - ok
21:16:35.0591 3700	BFE             (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
21:16:35.0622 3700	BFE - ok
21:16:35.0684 3700	BITS            (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
21:16:35.0747 3700	BITS - ok
21:16:35.0778 3700	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
21:16:35.0809 3700	blbdrive - ok
21:16:35.0965 3700	Bonjour Service (a065f048e9e23e6c026a7bb548d126a7) C:\Program Files\Bonjour\mDNSResponder.exe
21:16:35.0981 3700	Bonjour Service - ok
21:16:36.0012 3700	bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
21:16:36.0059 3700	bowser - ok
21:16:36.0074 3700	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:16:36.0152 3700	BrFiltLo - ok
21:16:36.0168 3700	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:16:36.0199 3700	BrFiltUp - ok
21:16:36.0230 3700	Browser         (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
21:16:36.0293 3700	Browser - ok
21:16:36.0324 3700	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
21:16:36.0355 3700	Brserid - ok
21:16:36.0371 3700	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
21:16:36.0386 3700	BrSerWdm - ok
21:16:36.0402 3700	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:16:36.0449 3700	BrUsbMdm - ok
21:16:36.0464 3700	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
21:16:36.0480 3700	BrUsbSer - ok
21:16:36.0480 3700	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
21:16:36.0527 3700	BTHMODEM - ok
21:16:36.0542 3700	bthserv         (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
21:16:36.0605 3700	bthserv - ok
21:16:36.0620 3700	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
21:16:36.0667 3700	cdfs - ok
21:16:36.0698 3700	cdrom           (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
21:16:36.0730 3700	cdrom - ok
21:16:36.0761 3700	CertPropSvc     (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
21:16:36.0808 3700	CertPropSvc - ok
21:16:36.0839 3700	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
21:16:36.0854 3700	circlass - ok
21:16:36.0886 3700	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
21:16:36.0901 3700	CLFS - ok
21:16:36.0948 3700	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:16:36.0964 3700	clr_optimization_v2.0.50727_32 - ok
21:16:36.0979 3700	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
21:16:37.0010 3700	CmBatt - ok
21:16:37.0026 3700	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
21:16:37.0042 3700	cmdide - ok
21:16:37.0073 3700	CNG             (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
21:16:37.0120 3700	CNG - ok
21:16:37.0120 3700	Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
21:16:37.0135 3700	Compbatt - ok
21:16:37.0182 3700	CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
21:16:37.0213 3700	CompositeBus - ok
21:16:37.0229 3700	COMSysApp - ok
21:16:37.0244 3700	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
21:16:37.0260 3700	crcdisk - ok
21:16:37.0291 3700	CryptSvc        (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
21:16:37.0338 3700	CryptSvc - ok
21:16:37.0369 3700	DcomLaunch      (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
21:16:37.0416 3700	DcomLaunch - ok
21:16:37.0447 3700	defragsvc       (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
21:16:37.0478 3700	defragsvc - ok
21:16:37.0510 3700	DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
21:16:37.0556 3700	DfsC - ok
21:16:37.0619 3700	Dhcp            (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
21:16:37.0650 3700	Dhcp - ok
21:16:37.0666 3700	discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
21:16:37.0697 3700	discache - ok
21:16:37.0712 3700	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
21:16:37.0712 3700	Disk - ok
21:16:37.0744 3700	Dnscache        (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
21:16:37.0775 3700	Dnscache - ok
21:16:37.0806 3700	dot3svc         (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
21:16:37.0853 3700	dot3svc - ok
21:16:37.0884 3700	DPS             (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
21:16:37.0915 3700	DPS - ok
21:16:37.0962 3700	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
21:16:37.0993 3700	drmkaud - ok
21:16:38.0056 3700	DXGKrnl         (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
21:16:38.0087 3700	DXGKrnl - ok
21:16:38.0118 3700	EapHost         (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
21:16:38.0149 3700	EapHost - ok
21:16:38.0321 3700	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
21:16:38.0508 3700	ebdrv - ok
21:16:38.0617 3700	EFS             (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
21:16:38.0648 3700	EFS - ok
21:16:38.0711 3700	ehRecvr         (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
21:16:38.0804 3700	ehRecvr - ok
21:16:38.0836 3700	ehSched         (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
21:16:38.0867 3700	ehSched - ok
21:16:38.0929 3700	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
21:16:38.0976 3700	elxstor - ok
21:16:38.0992 3700	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
21:16:39.0023 3700	ErrDev - ok
21:16:39.0070 3700	EventSystem     (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
21:16:39.0116 3700	EventSystem - ok
21:16:39.0148 3700	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
21:16:39.0210 3700	exfat - ok
21:16:39.0272 3700	Fabs - ok
21:16:39.0304 3700	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
21:16:39.0335 3700	fastfat - ok
21:16:39.0413 3700	Fax             (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
21:16:39.0444 3700	Fax - ok
21:16:39.0460 3700	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
21:16:39.0491 3700	fdc - ok
21:16:39.0506 3700	fdPHost         (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
21:16:39.0553 3700	fdPHost - ok
21:16:39.0584 3700	FDResPub        (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
21:16:39.0631 3700	FDResPub - ok
21:16:39.0647 3700	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
21:16:39.0678 3700	FileInfo - ok
21:16:39.0740 3700	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
21:16:39.0787 3700	Filetrace - ok
21:16:39.0943 3700	FirebirdServerMAGIXInstance (fff1130f7c9fa01d093a1edfc5cce8fc) C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
21:16:40.0115 3700	FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
21:16:40.0115 3700	FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
21:16:40.0193 3700	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
21:16:40.0224 3700	flpydisk - ok
21:16:40.0255 3700	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
21:16:40.0302 3700	FltMgr - ok
21:16:40.0380 3700	FontCache       (fa6c66e4364d7da57aade5dcc03bb999) C:\Windows\system32\FntCache.dll
21:16:40.0427 3700	FontCache - ok
21:16:40.0474 3700	FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:16:40.0505 3700	FontCache3.0.0.0 - ok
21:16:40.0520 3700	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
21:16:40.0536 3700	FsDepends - ok
21:16:40.0567 3700	Fs_Rec          (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
21:16:40.0598 3700	Fs_Rec - ok
21:16:40.0630 3700	fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
21:16:40.0645 3700	fvevol - ok
21:16:40.0692 3700	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:16:40.0723 3700	gagp30kx - ok
21:16:40.0786 3700	gpsvc           (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
21:16:40.0848 3700	gpsvc - ok
21:16:40.0926 3700	gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
21:16:40.0942 3700	gupdate - ok
21:16:40.0957 3700	gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
21:16:40.0973 3700	gupdatem - ok
21:16:40.0988 3700	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
21:16:41.0051 3700	hcw85cir - ok
21:16:41.0113 3700	HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
21:16:41.0176 3700	HdAudAddService - ok
21:16:41.0207 3700	HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
21:16:41.0254 3700	HDAudBus - ok
21:16:41.0269 3700	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
21:16:41.0285 3700	HidBatt - ok
21:16:41.0316 3700	HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
21:16:41.0363 3700	HidBth - ok
21:16:41.0378 3700	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
21:16:41.0410 3700	HidIr - ok
21:16:41.0425 3700	hidserv         (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
21:16:41.0472 3700	hidserv - ok
21:16:41.0472 3700	HidUsb          (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
21:16:41.0503 3700	HidUsb - ok
21:16:41.0519 3700	hkmsvc          (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
21:16:41.0566 3700	hkmsvc - ok
21:16:41.0612 3700	HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
21:16:41.0659 3700	HomeGroupListener - ok
21:16:41.0690 3700	HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
21:16:41.0722 3700	HomeGroupProvider - ok
21:16:41.0737 3700	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
21:16:41.0753 3700	HpSAMD - ok
21:16:41.0784 3700	HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
21:16:41.0831 3700	HTTP - ok
21:16:41.0878 3700	hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
21:16:41.0878 3700	hwpolicy - ok
21:16:41.0893 3700	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
21:16:41.0924 3700	i8042prt - ok
21:16:41.0956 3700	iaStor          (d5edb998656e6ecf1a17c78dab019a3c) C:\Windows\system32\DRIVERS\iaStor.sys
21:16:41.0971 3700	iaStor - ok
21:16:42.0049 3700	IAStorDataMgrSvc (7493ea4de41348f7d3edbf9db298f56a) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
21:16:42.0065 3700	IAStorDataMgrSvc - ok
21:16:42.0096 3700	iaStorV         (a3cae5d281db4cff7cff8233507ee5ad) C:\Windows\system32\drivers\iaStorV.sys
21:16:42.0143 3700	iaStorV - ok
21:16:42.0268 3700	idsvc           (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:16:42.0346 3700	idsvc - ok
21:16:42.0424 3700	iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
21:16:42.0455 3700	iirsp - ok
21:16:42.0517 3700	IKEEXT          (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
21:16:42.0564 3700	IKEEXT - ok
21:16:42.0704 3700	IntcAzAudAddService (3914ea9111dbeffaf1c68200817768ad) C:\Windows\system32\drivers\RTKVHDA.sys
21:16:42.0782 3700	IntcAzAudAddService - ok
21:16:42.0860 3700	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
21:16:42.0876 3700	intelide - ok
21:16:42.0923 3700	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
21:16:42.0938 3700	intelppm - ok
21:16:42.0954 3700	IPBusEnum       (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
21:16:43.0032 3700	IPBusEnum - ok
21:16:43.0048 3700	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:16:43.0094 3700	IpFilterDriver - ok
21:16:43.0157 3700	iphlpsvc        (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
21:16:43.0204 3700	iphlpsvc - ok
21:16:43.0219 3700	IPMIDRV         (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
21:16:43.0250 3700	IPMIDRV - ok
21:16:43.0266 3700	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
21:16:43.0328 3700	IPNAT - ok
21:16:43.0344 3700	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
21:16:43.0360 3700	IRENUM - ok
21:16:43.0391 3700	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
21:16:43.0406 3700	isapnp - ok
21:16:43.0469 3700	iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
21:16:43.0500 3700	iScsiPrt - ok
21:16:43.0531 3700	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:16:43.0547 3700	kbdclass - ok
21:16:43.0578 3700	kbdhid          (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
21:16:43.0578 3700	kbdhid - ok
21:16:43.0594 3700	KeyIso          (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:16:43.0594 3700	KeyIso - ok
21:16:43.0609 3700	KSecDD          (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
21:16:43.0625 3700	KSecDD - ok
21:16:43.0656 3700	KSecPkg         (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
21:16:43.0672 3700	KSecPkg - ok
21:16:43.0718 3700	KtmRm           (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
21:16:43.0750 3700	KtmRm - ok
21:16:43.0781 3700	LanmanServer    (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
21:16:43.0812 3700	LanmanServer - ok
21:16:43.0843 3700	LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
21:16:43.0874 3700	LanmanWorkstation - ok
21:16:43.0906 3700	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
21:16:43.0937 3700	lltdio - ok
21:16:43.0968 3700	lltdsvc         (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
21:16:43.0999 3700	lltdsvc - ok
21:16:44.0015 3700	lmhosts         (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
21:16:44.0046 3700	lmhosts - ok
21:16:44.0077 3700	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:16:44.0093 3700	LSI_FC - ok
21:16:44.0108 3700	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:16:44.0124 3700	LSI_SAS - ok
21:16:44.0124 3700	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:16:44.0140 3700	LSI_SAS2 - ok
21:16:44.0171 3700	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:16:44.0186 3700	LSI_SCSI - ok
21:16:44.0202 3700	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
21:16:44.0233 3700	luafv - ok
21:16:44.0249 3700	MBAMProtector   (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
21:16:44.0264 3700	MBAMProtector - ok
21:16:44.0374 3700	MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
21:16:44.0389 3700	MBAMService - ok
21:16:44.0420 3700	Mcx2Svc         (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
21:16:44.0436 3700	Mcx2Svc - ok
21:16:44.0452 3700	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
21:16:44.0467 3700	megasas - ok
21:16:44.0498 3700	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
21:16:44.0514 3700	MegaSR - ok
21:16:44.0545 3700	MMCSS           (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
21:16:44.0592 3700	MMCSS - ok
21:16:44.0608 3700	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
21:16:44.0654 3700	Modem - ok
21:16:44.0670 3700	monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
21:16:44.0701 3700	monitor - ok
21:16:44.0748 3700	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
21:16:44.0764 3700	mouclass - ok
21:16:44.0810 3700	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
21:16:44.0842 3700	mouhid - ok
21:16:44.0857 3700	mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
21:16:44.0888 3700	mountmgr - ok
21:16:44.0935 3700	MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:16:44.0951 3700	MozillaMaintenance - ok
21:16:44.0982 3700	mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
21:16:44.0998 3700	mpio - ok
21:16:45.0013 3700	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
21:16:45.0060 3700	mpsdrv - ok
21:16:45.0107 3700	MpsSvc          (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
21:16:45.0185 3700	MpsSvc - ok
21:16:45.0216 3700	MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
21:16:45.0247 3700	MRxDAV - ok
21:16:45.0263 3700	mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:16:45.0310 3700	mrxsmb - ok
21:16:45.0356 3700	mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:16:45.0388 3700	mrxsmb10 - ok
21:16:45.0403 3700	mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:16:45.0450 3700	mrxsmb20 - ok
21:16:45.0466 3700	msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
21:16:45.0481 3700	msahci - ok
21:16:45.0512 3700	msdsm           (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
21:16:45.0544 3700	msdsm - ok
21:16:45.0575 3700	MSDTC           (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
21:16:45.0622 3700	MSDTC - ok
21:16:45.0637 3700	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
21:16:45.0700 3700	Msfs - ok
21:16:45.0715 3700	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
21:16:45.0762 3700	mshidkmdf - ok
21:16:45.0778 3700	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
21:16:45.0793 3700	msisadrv - ok
21:16:45.0824 3700	MSiSCSI         (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
21:16:45.0856 3700	MSiSCSI - ok
21:16:45.0856 3700	msiserver - ok
21:16:45.0871 3700	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
21:16:45.0902 3700	MSKSSRV - ok
21:16:45.0918 3700	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
21:16:45.0980 3700	MSPCLOCK - ok
21:16:45.0996 3700	MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
21:16:46.0043 3700	MSPQM - ok
21:16:46.0058 3700	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
21:16:46.0090 3700	MsRPC - ok
21:16:46.0090 3700	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
21:16:46.0105 3700	mssmbios - ok
21:16:46.0105 3700	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
21:16:46.0136 3700	MSTEE - ok
21:16:46.0168 3700	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
21:16:46.0183 3700	MTConfig - ok
21:16:46.0199 3700	Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
21:16:46.0214 3700	Mup - ok
21:16:46.0261 3700	napagent        (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
21:16:46.0292 3700	napagent - ok
21:16:46.0339 3700	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
21:16:46.0386 3700	NativeWifiP - ok
21:16:46.0464 3700	NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
21:16:46.0480 3700	NDIS - ok
21:16:46.0511 3700	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
21:16:46.0526 3700	NdisCap - ok
21:16:46.0542 3700	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
21:16:46.0573 3700	NdisTapi - ok
21:16:46.0604 3700	Ndisuio         (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
21:16:46.0636 3700	Ndisuio - ok
21:16:46.0682 3700	NdisWan         (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
21:16:46.0745 3700	NdisWan - ok
21:16:46.0760 3700	NDProxy         (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
21:16:46.0792 3700	NDProxy - ok
21:16:46.0807 3700	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
21:16:46.0838 3700	NetBIOS - ok
21:16:46.0870 3700	NetBT           (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
21:16:46.0932 3700	NetBT - ok
21:16:46.0948 3700	Netlogon        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:16:46.0963 3700	Netlogon - ok
21:16:47.0026 3700	Netman          (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
21:16:47.0088 3700	Netman - ok
21:16:47.0104 3700	netprofm        (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
21:16:47.0135 3700	netprofm - ok
21:16:47.0213 3700	NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:16:47.0244 3700	NetTcpPortSharing - ok
21:16:47.0291 3700	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
21:16:47.0306 3700	nfrd960 - ok
21:16:47.0338 3700	NlaSvc          (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
21:16:47.0369 3700	NlaSvc - ok
21:16:47.0384 3700	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
21:16:47.0416 3700	Npfs - ok
21:16:47.0416 3700	nsi             (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
21:16:47.0447 3700	nsi - ok
21:16:47.0462 3700	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
21:16:47.0478 3700	nsiproxy - ok
21:16:47.0587 3700	Ntfs            (33c3093d09017cfe2e219f2472bff6eb) C:\Windows\system32\drivers\Ntfs.sys
21:16:47.0634 3700	Ntfs - ok
21:16:47.0743 3700	Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
21:16:47.0790 3700	Null - ok
21:16:47.0821 3700	NVHDA           (8571011b62ce0207fa1dc95d88308f1d) C:\Windows\system32\drivers\nvhda32v.sys
21:16:47.0837 3700	NVHDA - ok
21:16:48.0274 3700	nvlddmkm        (19f5c4949b2e4cbd2e95b8ecdfc84d25) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:16:48.0664 3700	nvlddmkm - ok
21:16:48.0742 3700	nvraid          (af2eec9580c1d32fb7eaf105d9784061) C:\Windows\system32\drivers\nvraid.sys
21:16:48.0773 3700	nvraid - ok
21:16:48.0788 3700	nvstor          (9283c58ebaa2618f93482eb5dabcec82) C:\Windows\system32\drivers\nvstor.sys
21:16:48.0820 3700	nvstor - ok
21:16:48.0866 3700	nvsvc           (7a68320fa236ed0479eff93540391568) C:\Windows\system32\nvvsvc.exe
21:16:48.0866 3700	nvsvc - ok
21:16:48.0882 3700	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
21:16:48.0913 3700	nv_agp - ok
21:16:48.0991 3700	odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:16:49.0038 3700	odserv - ok
21:16:49.0069 3700	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
21:16:49.0100 3700	ohci1394 - ok
21:16:49.0163 3700	ose             (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:16:49.0194 3700	ose - ok
21:16:49.0225 3700	p2pimsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
21:16:49.0272 3700	p2pimsvc - ok
21:16:49.0319 3700	p2psvc          (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
21:16:49.0350 3700	p2psvc - ok
21:16:49.0381 3700	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
21:16:49.0428 3700	Parport - ok
21:16:49.0459 3700	partmgr         (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
21:16:49.0475 3700	partmgr - ok
21:16:49.0490 3700	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
21:16:49.0522 3700	Parvdm - ok
21:16:49.0537 3700	PcaSvc          (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
21:16:49.0553 3700	PcaSvc - ok
21:16:49.0600 3700	pci             (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
21:16:49.0631 3700	pci - ok
21:16:49.0662 3700	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
21:16:49.0678 3700	pciide - ok
21:16:49.0693 3700	pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
21:16:49.0724 3700	pcmcia - ok
21:16:49.0771 3700	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
21:16:49.0787 3700	pcw - ok
21:16:49.0818 3700	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
21:16:49.0912 3700	PEAUTH - ok
21:16:50.0021 3700	pla             (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
21:16:50.0083 3700	pla - ok
21:16:50.0177 3700	PlugPlay        (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
21:16:50.0239 3700	PlugPlay - ok
21:16:50.0255 3700	PNRPAutoReg     (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
21:16:50.0270 3700	PNRPAutoReg - ok
21:16:50.0286 3700	PNRPsvc         (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
21:16:50.0302 3700	PNRPsvc - ok
21:16:50.0348 3700	PolicyAgent     (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
21:16:50.0395 3700	PolicyAgent - ok
21:16:50.0426 3700	Power           (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
21:16:50.0458 3700	Power - ok
21:16:50.0489 3700	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
21:16:50.0520 3700	PptpMiniport - ok
21:16:50.0536 3700	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
21:16:50.0567 3700	Processor - ok
21:16:50.0614 3700	ProfSvc         (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
21:16:50.0676 3700	ProfSvc - ok
21:16:50.0692 3700	ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:16:50.0707 3700	ProtectedStorage - ok
21:16:50.0738 3700	ProtexisLicensing (f115af58abe5605d7d709cbfbd83f418) C:\Windows\system32\PSIService.exe
21:16:50.0738 3700	ProtexisLicensing - ok
21:16:50.0785 3700	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
21:16:50.0832 3700	Psched - ok
21:16:50.0926 3700	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
21:16:51.0004 3700	ql2300 - ok
21:16:51.0082 3700	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
21:16:51.0113 3700	ql40xx - ok
21:16:51.0144 3700	QWAVE           (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
21:16:51.0160 3700	QWAVE - ok
21:16:51.0175 3700	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
21:16:51.0191 3700	QWAVEdrv - ok
21:16:51.0206 3700	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
21:16:51.0238 3700	RasAcd - ok
21:16:51.0253 3700	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:16:51.0284 3700	RasAgileVpn - ok
21:16:51.0300 3700	RasAuto         (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
21:16:51.0316 3700	RasAuto - ok
21:16:51.0331 3700	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:16:51.0378 3700	Rasl2tp - ok
21:16:51.0409 3700	RasMan          (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
21:16:51.0456 3700	RasMan - ok
21:16:51.0472 3700	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
21:16:51.0518 3700	RasPppoe - ok
21:16:51.0550 3700	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
21:16:51.0596 3700	RasSstp - ok
21:16:51.0628 3700	rdbss           (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
21:16:51.0674 3700	rdbss - ok
21:16:51.0690 3700	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
21:16:51.0706 3700	rdpbus - ok
21:16:51.0737 3700	RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:16:51.0784 3700	RDPCDD - ok
21:16:51.0799 3700	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
21:16:51.0830 3700	RDPENCDD - ok
21:16:51.0830 3700	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
21:16:51.0862 3700	RDPREFMP - ok
21:16:51.0893 3700	RDPWD           (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
21:16:51.0955 3700	RDPWD - ok
21:16:52.0002 3700	rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
21:16:52.0033 3700	rdyboost - ok
21:16:52.0064 3700	RemoteAccess    (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
21:16:52.0111 3700	RemoteAccess - ok
21:16:52.0142 3700	RemoteRegistry  (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
21:16:52.0189 3700	RemoteRegistry - ok
21:16:52.0220 3700	RpcEptMapper    (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
21:16:52.0252 3700	RpcEptMapper - ok
21:16:52.0267 3700	RpcLocator      (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
21:16:52.0283 3700	RpcLocator - ok
21:16:52.0330 3700	RpcSs           (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
21:16:52.0361 3700	RpcSs - ok
21:16:52.0392 3700	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
21:16:52.0408 3700	rspndr - ok
21:16:52.0470 3700	RTL8167         (06bd46be6141556125f89df738333720) C:\Windows\system32\DRIVERS\Rt86win7.sys
21:16:52.0501 3700	RTL8167 - ok
21:16:52.0564 3700	RTL8192su       (51adef77e4c929535fd50da153774e79) C:\Windows\system32\DRIVERS\RTL8192su.sys
21:16:52.0626 3700	RTL8192su - ok
21:16:52.0657 3700	SamSs           (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:16:52.0673 3700	SamSs - ok
21:16:52.0704 3700	sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
21:16:52.0720 3700	sbp2port - ok
21:16:52.0735 3700	SCardSvr        (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
21:16:52.0766 3700	SCardSvr - ok
21:16:52.0782 3700	scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
21:16:52.0844 3700	scfilter - ok
21:16:52.0907 3700	Schedule        (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
21:16:52.0954 3700	Schedule - ok
21:16:52.0985 3700	SCPolicySvc     (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
21:16:53.0000 3700	SCPolicySvc - ok
21:16:53.0032 3700	SDRSVC          (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
21:16:53.0078 3700	SDRSVC - ok
21:16:53.0094 3700	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:16:53.0141 3700	secdrv - ok
21:16:53.0156 3700	seclogon        (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
21:16:53.0219 3700	seclogon - ok
21:16:53.0234 3700	SENS            (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
21:16:53.0266 3700	SENS - ok
21:16:53.0281 3700	SensrSvc        (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
21:16:53.0344 3700	SensrSvc - ok
21:16:53.0359 3700	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
21:16:53.0390 3700	Serenum - ok
21:16:53.0437 3700	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
21:16:53.0453 3700	Serial - ok
21:16:53.0484 3700	sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
21:16:53.0515 3700	sermouse - ok
21:16:53.0546 3700	SessionEnv      (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
21:16:53.0578 3700	SessionEnv - ok
21:16:53.0609 3700	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
21:16:53.0640 3700	sffdisk - ok
21:16:53.0656 3700	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
21:16:53.0671 3700	sffp_mmc - ok
21:16:53.0687 3700	sffp_sd         (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
21:16:53.0702 3700	sffp_sd - ok
21:16:53.0718 3700	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
21:16:53.0734 3700	sfloppy - ok
21:16:53.0780 3700	SharedAccess    (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
21:16:53.0827 3700	SharedAccess - ok
21:16:53.0858 3700	ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
21:16:53.0890 3700	ShellHWDetection - ok
21:16:53.0921 3700	SipIMNDI - ok
21:16:53.0952 3700	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
21:16:53.0968 3700	sisagp - ok
21:16:53.0983 3700	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:16:53.0999 3700	SiSRaid2 - ok
21:16:54.0030 3700	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
21:16:54.0046 3700	SiSRaid4 - ok
21:16:54.0077 3700	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
21:16:54.0108 3700	Smb - ok
21:16:54.0108 3700	SNMPTRAP        (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
21:16:54.0124 3700	SNMPTRAP - ok
21:16:54.0139 3700	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
21:16:54.0155 3700	spldr - ok
21:16:54.0202 3700	Spooler         (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
21:16:54.0248 3700	Spooler - ok
21:16:54.0420 3700	sppsvc          (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
21:16:54.0514 3700	sppsvc - ok
21:16:54.0654 3700	sppuinotify     (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
21:16:54.0701 3700	sppuinotify - ok
21:16:54.0779 3700	srv             (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
21:16:54.0826 3700	srv - ok
21:16:54.0857 3700	srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
21:16:54.0904 3700	srv2 - ok
21:16:54.0904 3700	srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
21:16:54.0919 3700	srvnet - ok
21:16:54.0950 3700	SSDPSRV         (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
21:16:54.0982 3700	SSDPSRV - ok
21:16:55.0013 3700	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
21:16:55.0028 3700	ssmdrv - ok
21:16:55.0044 3700	SstpSvc         (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
21:16:55.0091 3700	SstpSvc - ok
21:16:55.0106 3700	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
21:16:55.0122 3700	stexstor - ok
21:16:55.0169 3700	StiSvc          (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
21:16:55.0200 3700	StiSvc - ok
21:16:55.0200 3700	swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
21:16:55.0216 3700	swenum - ok
21:16:55.0247 3700	swprv           (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
21:16:55.0278 3700	swprv - ok
21:16:55.0356 3700	SysMain         (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
21:16:55.0372 3700	SysMain - ok
21:16:55.0418 3700	TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
21:16:55.0450 3700	TabletInputService - ok
21:16:55.0496 3700	TapiSrv         (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
21:16:55.0528 3700	TapiSrv - ok
21:16:55.0543 3700	TBS             (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
21:16:55.0590 3700	TBS - ok
21:16:55.0684 3700	Tcpip           (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
21:16:55.0746 3700	Tcpip - ok
21:16:55.0871 3700	TCPIP6          (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
21:16:55.0902 3700	TCPIP6 - ok
21:16:55.0949 3700	tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
21:16:56.0011 3700	tcpipreg - ok
21:16:56.0042 3700	TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
21:16:56.0089 3700	TDPIPE - ok
21:16:56.0105 3700	TDTCP           (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
21:16:56.0120 3700	TDTCP - ok
21:16:56.0152 3700	tdx             (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
21:16:56.0183 3700	tdx - ok
21:16:56.0183 3700	TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
21:16:56.0198 3700	TermDD - ok
21:16:56.0261 3700	TermService     (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
21:16:56.0308 3700	TermService - ok
21:16:56.0308 3700	Themes          (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
21:16:56.0323 3700	Themes - ok
21:16:56.0339 3700	THREADORDER     (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
21:16:56.0370 3700	THREADORDER - ok
21:16:56.0401 3700	TrkWks          (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
21:16:56.0417 3700	TrkWks - ok
21:16:56.0464 3700	TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
21:16:56.0526 3700	TrustedInstaller - ok
21:16:56.0557 3700	tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:16:56.0573 3700	tssecsrv - ok
21:16:56.0604 3700	TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
21:16:56.0635 3700	TsUsbFlt - ok
21:16:56.0682 3700	tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
21:16:56.0744 3700	tunnel - ok
21:16:56.0776 3700	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
21:16:56.0791 3700	uagp35 - ok
21:16:56.0838 3700	udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
21:16:56.0885 3700	udfs - ok
21:16:56.0900 3700	UI0Detect       (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
21:16:56.0916 3700	UI0Detect - ok
21:16:56.0932 3700	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
21:16:56.0932 3700	uliagpkx - ok
21:16:56.0963 3700	umbus           (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
21:16:56.0978 3700	umbus - ok
21:16:57.0025 3700	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
21:16:57.0041 3700	UmPass - ok
21:16:57.0072 3700	upnphost        (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
21:16:57.0103 3700	upnphost - ok
21:16:57.0119 3700	usbccgp         (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
21:16:57.0134 3700	usbccgp - ok
21:16:57.0166 3700	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
21:16:57.0197 3700	usbcir - ok
21:16:57.0197 3700	usbehci         (cfbce999c057d78979a181c9c60f208e) C:\Windows\system32\drivers\usbehci.sys
21:16:57.0228 3700	usbehci - ok
21:16:57.0259 3700	usbhub          (9d22aad9ac6a07c691a1113e5f860868) C:\Windows\system32\drivers\usbhub.sys
21:16:57.0290 3700	usbhub - ok
21:16:57.0306 3700	usbohci         (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\drivers\usbohci.sys
21:16:57.0337 3700	usbohci - ok
21:16:57.0368 3700	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
21:16:57.0400 3700	usbprint - ok
21:16:57.0431 3700	usbscan         (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
21:16:57.0446 3700	usbscan - ok
21:16:57.0462 3700	USBSTOR         (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:16:57.0493 3700	USBSTOR - ok
21:16:57.0524 3700	usbuhci         (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\drivers\usbuhci.sys
21:16:57.0540 3700	usbuhci - ok
21:16:57.0540 3700	UxSms           (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
21:16:57.0571 3700	UxSms - ok
21:16:57.0602 3700	VaultSvc        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:16:57.0618 3700	VaultSvc - ok
21:16:57.0618 3700	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
21:16:57.0634 3700	vdrvroot - ok
21:16:57.0680 3700	vds             (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
21:16:57.0743 3700	vds - ok
21:16:57.0758 3700	vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
21:16:57.0774 3700	vga - ok
21:16:57.0790 3700	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
21:16:57.0805 3700	VgaSave - ok
21:16:57.0836 3700	vhdmp           (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
21:16:57.0852 3700	vhdmp - ok
21:16:57.0883 3700	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
21:16:57.0899 3700	viaagp - ok
21:16:57.0914 3700	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
21:16:57.0930 3700	ViaC7 - ok
21:16:57.0946 3700	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
21:16:57.0946 3700	viaide - ok
21:16:57.0977 3700	volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
21:16:57.0992 3700	volmgr - ok
21:16:58.0008 3700	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
21:16:58.0008 3700	volmgrx - ok
21:16:58.0039 3700	volsnap         (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
21:16:58.0055 3700	volsnap - ok
21:16:58.0070 3700	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
21:16:58.0086 3700	vsmraid - ok
21:16:58.0164 3700	VSS             (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
21:16:58.0211 3700	VSS - ok
21:16:58.0226 3700	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
21:16:58.0258 3700	vwifibus - ok
21:16:58.0289 3700	vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
21:16:58.0320 3700	vwififlt - ok
21:16:58.0351 3700	W32Time         (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
21:16:58.0382 3700	W32Time - ok
21:16:58.0398 3700	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
21:16:58.0414 3700	WacomPen - ok
21:16:58.0445 3700	WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
21:16:58.0492 3700	WANARP - ok
21:16:58.0492 3700	Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
21:16:58.0523 3700	Wanarpv6 - ok
21:16:58.0601 3700	wbengine        (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
21:16:58.0679 3700	wbengine - ok
21:16:58.0710 3700	WbioSrvc        (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
21:16:58.0741 3700	WbioSrvc - ok
21:16:58.0757 3700	wcncsvc         (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
21:16:58.0804 3700	wcncsvc - ok
21:16:58.0819 3700	WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
21:16:58.0850 3700	WcsPlugInService - ok
21:16:58.0897 3700	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
21:16:58.0913 3700	Wd - ok
21:16:58.0960 3700	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
21:16:59.0006 3700	Wdf01000 - ok
21:16:59.0022 3700	WdiServiceHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
21:16:59.0084 3700	WdiServiceHost - ok
21:16:59.0084 3700	WdiSystemHost   (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
21:16:59.0116 3700	WdiSystemHost - ok
21:16:59.0147 3700	WebClient       (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
21:16:59.0178 3700	WebClient - ok
21:16:59.0209 3700	Wecsvc          (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
21:16:59.0240 3700	Wecsvc - ok
21:16:59.0256 3700	wercplsupport   (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
21:16:59.0287 3700	wercplsupport - ok
21:16:59.0318 3700	WerSvc          (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
21:16:59.0350 3700	WerSvc - ok
21:16:59.0365 3700	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
21:16:59.0396 3700	WfpLwf - ok
21:16:59.0412 3700	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
21:16:59.0428 3700	WIMMount - ok
21:16:59.0506 3700	WinDefend       (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
21:16:59.0552 3700	WinDefend - ok
21:16:59.0552 3700	WinHttpAutoProxySvc - ok
21:16:59.0615 3700	Winmgmt         (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
21:16:59.0708 3700	Winmgmt - ok
21:16:59.0771 3700	WinRM           (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
21:16:59.0833 3700	WinRM - ok
21:16:59.0911 3700	Wlansvc         (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
21:16:59.0942 3700	Wlansvc - ok
21:17:00.0114 3700	wlidsvc         (d9250b31b353ee3322c1cad411997e38) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:17:00.0161 3700	wlidsvc - ok
21:17:00.0254 3700	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
21:17:00.0286 3700	WmiAcpi - ok
21:17:00.0317 3700	wmiApSrv        (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
21:17:00.0332 3700	wmiApSrv - ok
21:17:00.0426 3700	WMPNetworkSvc   (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
21:17:00.0488 3700	WMPNetworkSvc - ok
21:17:00.0535 3700	WPCSvc          (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
21:17:00.0566 3700	WPCSvc - ok
21:17:00.0613 3700	WPDBusEnum      (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
21:17:00.0676 3700	WPDBusEnum - ok
21:17:00.0691 3700	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
21:17:00.0738 3700	ws2ifsl - ok
21:17:00.0769 3700	wscsvc          (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
21:17:00.0785 3700	wscsvc - ok
21:17:00.0785 3700	WSearch - ok
21:17:00.0910 3700	wuauserv        (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
21:17:00.0972 3700	wuauserv - ok
21:17:01.0034 3700	WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
21:17:01.0097 3700	WudfPf - ok
21:17:01.0112 3700	WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:17:01.0128 3700	WUDFRd - ok
21:17:01.0159 3700	wudfsvc         (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
21:17:01.0175 3700	wudfsvc - ok
21:17:01.0206 3700	WwanSvc         (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
21:17:01.0253 3700	WwanSvc - ok
21:17:01.0284 3700	MBR (0x1B8)     (c79b30cb8852157f6f908e4698cfe0d0) \Device\Harddisk0\DR0
21:17:03.0624 3700	\Device\Harddisk0\DR0 - ok
21:17:03.0640 3700	MBR (0x1B8)     (09c9d8ce5b6591cee5221ba76476bdf0) \Device\Harddisk4\DR8
21:17:08.0850 3700	\Device\Harddisk4\DR8 - ok
21:17:08.0866 3700	Boot (0x1200)   (32e95ed9b9e62ab4f1dd17aa8b27a84c) \Device\Harddisk0\DR0\Partition0
21:17:08.0866 3700	\Device\Harddisk0\DR0\Partition0 - ok
21:17:08.0881 3700	Boot (0x1200)   (568ccff13a57dd582e5ae8c4722b57b0) \Device\Harddisk0\DR0\Partition1
21:17:08.0881 3700	\Device\Harddisk0\DR0\Partition1 - ok
21:17:08.0912 3700	Boot (0x1200)   (7c2d3ee2251e2dc9a7a223b94a914617) \Device\Harddisk0\DR0\Partition2
21:17:08.0912 3700	\Device\Harddisk0\DR0\Partition2 - ok
21:17:08.0912 3700	============================================================
21:17:08.0912 3700	Scan finished
21:17:08.0912 3700	============================================================
21:17:08.0928 3840	Detected object count: 1
21:17:08.0928 3840	Actual detected object count: 1
21:17:45.0541 3840	FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
21:17:45.0541 3840	FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
ein OTL-Scan mit Custom Scans "Scripts" aus dem ersten Thread, den ich verlinkt habe: (Bei Scanning FireFox Settings hängt das Tool mehrere Minuten); extras.txt wurde keine erstellt.
Code:
ATTFilter
OTL logfile created on: 26.06.2012 22:32:18 - Run 2
OTL by OldTimer - Version 3.2.53.0     Folder = C:\Users\Horst Falch\Desktop\Rocketnews-Problem
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,87 Gb Available Physical Memory | 62,49% Memory free
5,98 Gb Paging File | 4,78 Gb Available in Paging File | 79,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 910,41 Gb Total Space | 878,78 Gb Free Space | 96,53% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 11,70 Gb Free Space | 58,48% Space Free | Partition Type: NTFS
Drive I: | 1,96 Gb Total Space | 1,96 Gb Free Space | 99,89% Space Free | Partition Type: FAT32
 
Computer Name: ZUHAUSE | User Name: Horst Falch | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.26 18:48:37 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Horst Falch\Desktop\Rocketnews-Problem\OTL.exe
PRC - [2012.05.29 17:25:52 | 001,564,880 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe
PRC - [2012.05.09 23:28:57 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2012.05.09 23:28:57 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.09 23:28:57 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.09 23:28:57 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.09 23:28:57 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.03.10 20:57:04 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.05.21 01:52:06 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2010.05.21 01:52:04 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2009.12.03 10:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Epson Software\Event Manager\EEventManager.exe
PRC - [2009.10.02 14:26:12 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009.10.02 14:26:10 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2009.09.14 09:00:00 | 000,200,704 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATIGGE.EXE
PRC - [2009.06.03 21:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Programme\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009.05.14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Programme\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2009.03.30 17:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.03.30 17:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.02.03 15:53:00 | 001,155,072 | ---- | M] (MAGIX AG) -- C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2007.06.05 14:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.13 13:53:16 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.06.13 13:53:11 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.05.12 18:08:02 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.05.12 18:07:24 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012.05.12 18:07:18 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.12 18:07:15 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.12 18:07:14 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.12 18:07:09 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2010.11.13 02:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.05.04 16:36:28 | 000,970,752 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll
MOD - [2009.06.03 21:59:14 | 000,013,096 | ---- | M] () -- C:\Programme\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009.06.03 21:59:02 | 000,619,816 | ---- | M] () -- C:\Programme\CyberLink\Power2Go\CLMediaLibrary.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.06.23 14:09:18 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.23 10:09:32 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.09 23:28:57 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.05.09 23:28:57 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.09 23:28:57 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.05.26 14:34:34 | 000,191,752 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.03.10 20:57:04 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2009.10.02 14:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.05.14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Programme\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2009.03.30 17:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.02.03 15:53:00 | 001,155,072 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2007.06.05 14:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SipIMNDI.sys -- (SipIMNDI)
DRV - [2012.05.09 23:28:57 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.09 23:28:57 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.09.16 17:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2009.11.21 04:34:54 | 011,515,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.11.12 06:14:28 | 000,066,664 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009.10.08 17:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.09.22 15:34:44 | 000,579,072 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-893424397-1668057907-3998358512-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKU\S-1-5-21-893424397-1668057907-3998358512-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data]
IE - HKU\S-1-5-21-893424397-1668057907-3998358512-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-893424397-1668057907-3998358512-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com [binary data]
IE - HKU\S-1-5-21-893424397-1668057907-3998358512-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com
IE - HKU\S-1-5-21-893424397-1668057907-3998358512-1000\..\SearchScopes,DefaultScope = {2DA5029E-FBEA-4A02-8064-1006701CC60F}
IE - HKU\S-1-5-21-893424397-1668057907-3998358512-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-893424397-1668057907-3998358512-1000\..\SearchScopes\{2DA5029E-FBEA-4A02-8064-1006701CC60F}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
IE - HKU\S-1-5-21-893424397-1668057907-3998358512-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-893424397-1668057907-3998358512-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.23 10:09:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.12 11:45:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.23 10:09:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.12 11:45:48 | 000,000,000 | ---D | M]
 
[2010.05.18 15:03:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Horst Falch\AppData\Roaming\mozilla\Extensions
[2012.05.18 14:36:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Horst Falch\AppData\Roaming\mozilla\Firefox\Profiles\lv6qbu68.default\extensions
[2012.05.18 14:36:07 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Horst Falch\AppData\Roaming\mozilla\Firefox\Profiles\lv6qbu68.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.06.16 11:20:25 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\Horst Falch\AppData\Roaming\mozilla\Firefox\Profiles\lv6qbu68.default\extensions\toolbar@ask.com
[2012.04.17 21:34:37 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.06.23 10:09:33 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.03.23 20:11:53 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.23 10:09:31 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.23 10:09:31 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.23 10:09:31 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.23 10:09:31 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.23 10:09:31 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.23 10:09:31 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-893424397-1668057907-3998358512-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-893424397-1668057907-3998358512-1000\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-893424397-1668057907-3998358512-1000\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IAStorIcon] C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-893424397-1668057907-3998358512-1000..\Run: [EPSON SX125 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIGGE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-893424397-1668057907-3998358512-1000..\Run: [MPATEN] C:\Users\Horst Falch\AppData\Roaming\ReAgentb.dll (Pgzkjbihy Onhugpjxhnm)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Horst Falch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab (Microsoft Genuine Advantage Self Support Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{680700B6-0399-4F4F-BAA3-E06032E8987E}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{f2b1107a-7489-11df-9fc1-4061867ecbba}\Shell - "" = AutoRun
O33 - MountPoints2\{f2b1107a-7489-11df-9fc1-4061867ecbba}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.26 21:00:55 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
[2012.06.26 20:07:14 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.06.26 18:52:55 | 000,000,000 | ---D | C] -- C:\Users\Horst Falch\AppData\Roaming\Malwarebytes
[2012.06.26 18:52:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.26 18:52:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.26 18:52:43 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.06.26 18:52:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.06.26 18:42:21 | 000,000,000 | ---D | C] -- C:\Users\Horst Falch\Desktop\Rocketnews-Problem
[2012.06.16 12:33:51 | 000,155,648 | RHS- | C] (Pgzkjbihy Onhugpjxhnm) -- C:\Users\Horst Falch\AppData\Roaming\ReAgentb.dll
[2012.06.10 19:31:53 | 000,000,000 | ---D | C] -- C:\Users\Horst Falch\AppData\Local\Macromedia
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.26 22:09:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.26 21:53:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.26 21:17:26 | 000,654,096 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.06.26 21:17:26 | 000,615,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.06.26 21:17:26 | 000,130,952 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.06.26 21:17:26 | 000,107,396 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.06.26 21:07:42 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.26 21:07:42 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.26 21:00:21 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.26 21:00:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.26 21:00:13 | 2408,927,232 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.19 13:07:16 | 000,014,067 | ---- | M] () -- C:\Users\Horst Falch\Desktop\Documents\Renten.ods
[2012.06.16 12:33:51 | 000,155,648 | RHS- | M] (Pgzkjbihy Onhugpjxhnm) -- C:\Users\Horst Falch\AppData\Roaming\ReAgentb.dll
[2012.06.13 13:52:20 | 000,390,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.06.09 13:23:43 | 000,002,052 | ---- | M] () -- C:\Users\Horst Falch\AppData\Roaming\wklnhst.dat
[2012.06.01 21:39:10 | 000,015,818 | ---- | M] () -- C:\Users\Horst Falch\Desktop\Documents\e-on Waldeck .odt
 
========== Files Created - No Company Name ==========
 
[2012.06.01 21:35:43 | 000,015,818 | ---- | C] () -- C:\Users\Horst Falch\Desktop\Documents\e-on Waldeck .odt
[2012.02.15 02:19:38 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2012.02.15 02:19:38 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2012.02.15 02:19:38 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2012.02.15 02:19:38 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2012.02.15 02:19:38 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2012.02.15 02:19:38 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2012.02.15 02:19:38 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2012.02.15 02:19:38 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2012.02.15 02:19:38 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2012.02.15 02:19:38 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2012.02.15 02:19:38 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2012.02.15 02:19:38 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2012.02.15 02:19:38 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2012.02.15 02:19:38 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2012.02.15 02:19:38 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2012.02.15 02:19:38 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2012.02.12 17:57:51 | 000,003,584 | ---- | C] () -- C:\Users\Horst Falch\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.12 17:57:39 | 000,003,764 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2012.02.12 17:57:39 | 000,000,008 | RHS- | C] () -- C:\Windows\System32\1C0C51EE85.sys
[2011.07.01 13:44:12 | 000,000,000 | ---- | C] () -- C:\Users\Horst Falch\AppData\Local\{AF9324A6-B48B-4E37-B6B4-FDB5B215C616}
[2011.04.15 03:59:50 | 000,000,099 | ---- | C] () -- C:\Users\Horst Falch\AppData\Local\fusioncache.dat
[2010.11.11 11:17:01 | 000,000,032 | ---- | C] () -- C:\ProgramData\io.ini
[2010.08.05 13:35:28 | 000,002,052 | ---- | C] () -- C:\Users\Horst Falch\AppData\Roaming\wklnhst.dat
 
========== LOP Check ==========
 
[2011.03.03 10:20:00 | 000,000,000 | ---D | M] -- C:\Users\Horst Falch\AppData\Roaming\Atzy
[2012.02.15 02:25:44 | 000,000,000 | ---D | M] -- C:\Users\Horst Falch\AppData\Roaming\Epson
[2010.05.06 22:54:26 | 000,000,000 | ---D | M] -- C:\Users\Horst Falch\AppData\Roaming\MAGIX
[2010.11.22 15:14:27 | 000,000,000 | ---D | M] -- C:\Users\Horst Falch\AppData\Roaming\OpenOffice.org
[2010.09.27 12:33:53 | 000,000,000 | ---D | M] -- C:\Users\Horst Falch\AppData\Roaming\Smart Panel
[2011.03.01 19:08:41 | 000,000,000 | ---D | M] -- C:\Users\Horst Falch\AppData\Roaming\Sosyz
[2010.05.06 17:59:23 | 000,000,000 | ---D | M] -- C:\Users\Horst Falch\AppData\Roaming\T-Online
[2010.09.30 14:26:32 | 000,000,000 | ---D | M] -- C:\Users\Horst Falch\AppData\Roaming\Template
[2010.05.24 08:50:09 | 000,000,000 | ---D | M] -- C:\Users\Horst Falch\AppData\Roaming\Windows Live Writer
[2012.05.28 17:11:08 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.05.07 11:16:23 | 000,000,000 | ---D | M] -- C:\Users\Horst Falch\AppData\Roaming\Adobe
[2010.05.18 14:38:48 | 000,000,000 | ---D | M] -- C:\Users\Horst Falch\AppData\Roaming\Apple Computer
[2011.03.03 10:20:00 | 000,000,000 | ---D | M] -- C:\Users\Horst Falch\AppData\Roaming\Atzy
[2012.02.16 17:10:45 | 000,000,000 | ---D | M] -- C:\Users\Horst Falch\AppData\Roaming\Avira
[2012.02.12 17:57:40 | 000,000,000 | ---D | M] -- C:\Users\Horst Falch\AppData\Roaming\Corel
[2010.12.04 17:07:07 | 000,000,000 | ---D | M] -- C:\Users\Horst Falch\AppData\Roaming\CyberLink
[2012.02.15 02:25:44 | 000,000,000 | ---D | M] -- C:\Users\Horst Falch\AppData\Roaming\Epson
[2010.05.06 14:06:10 | 000,000,000 | ---D | M] -- C:\Users\Horst Falch\AppData\Roaming\Identities
[2011.08.12 22:47:24 | 000,000,000 | ---D | M] -- C:\Users\Horst Falch\AppData\Roaming\InstallShield
[2010.05.06 14:06:33 | 000,000,000 | ---D | M] -- C:\Users\Horst Falch\AppData\Roaming\Intel Corporation
[2010.05.06 17:59:11 | 000,000,000 | ---D | M] -- C:\Users\Horst Falch\AppData\Roaming\Macromedia
[2010.05.06 22:54:26 | 000,000,000 | ---D | M] -- C:\Users\Horst Falch\AppData\Roaming\MAGIX
[2012.06.26 18:52:55 | 000,000,000 | ---D | M] -- C:\Users\Horst Falch\AppData\Roaming\Malwarebytes
[2009.07.14 10:56:41 | 000,000,000 | ---D | M] -- C:\Users\Horst Falch\AppData\Roaming\Media Center Programs
[2012.06.10 19:31:53 | 000,000,000 | --SD | M] -- C:\Users\Horst Falch\AppData\Roaming\Microsoft
[2010.05.18 15:03:00 | 000,000,000 | ---D | M] -- C:\Users\Horst Falch\AppData\Roaming\Mozilla
[2010.11.22 15:14:27 | 000,000,000 | ---D | M] -- C:\Users\Horst Falch\AppData\Roaming\OpenOffice.org
[2010.09.27 12:33:53 | 000,000,000 | ---D | M] -- C:\Users\Horst Falch\AppData\Roaming\Smart Panel
[2011.03.01 19:08:41 | 000,000,000 | ---D | M] -- C:\Users\Horst Falch\AppData\Roaming\Sosyz
[2010.05.06 17:59:23 | 000,000,000 | ---D | M] -- C:\Users\Horst Falch\AppData\Roaming\T-Online
[2010.09.30 14:26:32 | 000,000,000 | ---D | M] -- C:\Users\Horst Falch\AppData\Roaming\Template
[2012.05.23 16:05:40 | 000,000,000 | ---D | M] -- C:\Users\Horst Falch\AppData\Roaming\U3
[2010.05.24 08:50:09 | 000,000,000 | ---D | M] -- C:\Users\Horst Falch\AppData\Roaming\Windows Live Writer
 
< %APPDATA%\*.exe /s >
[2010.11.20 15:00:01 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Horst Falch\AppData\Roaming\Microsoft\Installer\{41B55736-84CD-42B0-8C49-1729B178EAE0}\NewShortcut1_41B5573684CD42B08C491729B178EAE0.exe
[2010.11.20 15:00:01 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Horst Falch\AppData\Roaming\Microsoft\Installer\{41B55736-84CD-42B0-8C49-1729B178EAE0}\NewShortcut3_41B5573684CD42B08C491729B178EAE0.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009.10.02 13:40:50 | 000,432,664 | ---- | M] (Intel Corporation) MD5=D5EDB998656E6ECF1A17C78DAB019A3C -- C:\Windows\System32\drivers\iaStor.sys
[2009.10.02 13:40:50 | 000,432,664 | ---- | M] (Intel Corporation) MD5=D5EDB998656E6ECF1A17C78DAB019A3C -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_c08288e6bf102290\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\drivers\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\drivers\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >
         
Ich bin wirklich ratlos, wie ich das wieder weg bekomme.
Vielen Dank im Voraus!

MfG
Jogibub

Alt 27.06.2012, 12:06   #2
markusg
/// Malware-holic
 
Google/rocketnews.com Problem - Standard

Google/rocketnews.com Problem



hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
[2012.06.16 12:33:51 | 000,155,648 | RHS- | C] (Pgzkjbihy Onhugpjxhnm) -- C:\Users\Horst Falch\AppData\Roaming\ReAgentb.dll
O4 - HKU\S-1-5-21-893424397-1668057907-3998358512-1000..\Run: [MPATEN] C:\Users\Horst Falch\AppData\Roaming\ReAgentb.dll (Pgzkjbihy Onhugpjxhnm)

 :Files
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]
         


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!




Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus



downloade get info:
File-Upload.net - GetInfo.exe
doppelklicke die .exe
im selben ordner wird nun eine .txt erstellt:
summary-info.txt
diese doppelklicken und deren inhalt posten.
__________________

__________________

Alt 27.06.2012, 17:35   #3
markusg
/// Malware-holic
 
Google/rocketnews.com Problem - Standard

Google/rocketnews.com Problem



danke, die getinfo datei noch ausführen bitte und log posten
__________________
__________________

Alt 27.06.2012, 17:47   #4
Jogibub
 
Google/rocketnews.com Problem - Standard

Google/rocketnews.com Problem



Ja auf den Eintrag im Autostart hätte ich auch kommen können, aber manchmal sieht man halt vor lauter Bäumen den Wald nicht mehr.

Das Zip-File hab ich rauf geladen, der Ordner war aber leer, somit ist es das File auch.

Hier der Log vom OTL:

Code:
ATTFilter
All processes killed
========== OTL ==========
C:\Users\Horst Falch\AppData\Roaming\ReAgentb.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-893424397-1668057907-3998358512-1000\Software\Microsoft\Windows\CurrentVersion\Run\\MPATEN deleted successfully.
File C:\Users\Horst Falch\AppData\Roaming\ReAgentb.dll not found.
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: Administrator
 
User: All Users
 
User: Default
 
User: Default User
 
User: Horst Falch
->Flash cache emptied: 190100 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
 
[EMPTYTEMP]
 
User: Administrator
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Horst Falch
->Temp folder emptied: 672243871 bytes
->Temporary Internet Files folder emptied: 71672822 bytes
->Java cache emptied: 5136243 bytes
->FireFox cache emptied: 1094337450 bytes
->Google Chrome cache emptied: 819568 bytes
->Apple Safari cache emptied: 11771904 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 317163443 bytes
RecycleBin emptied: 9061142 bytes
 
Total Files Cleaned = 2.081,00 mb
 
 
OTL by OldTimer - Version 3.2.53.0 log created on 06272012_175024

Files\Folders moved on Reboot...
File\Folder C:\Users\Horst Falch\AppData\Local\Temp\Brief Harburg 30.09 10  not found!

PendingFileRenameOperations files...
File C:\Users\Horst Falch\AppData\Local\Temp\Brief Harburg 30.09 10  not found!

Registry entries deleted on Reboot...
         
und hier der Inhalt vom GetInfo-File:

Code:
ATTFilter
System volume information:	 dwHighDateTime = 0x1ca92db,dwLowDateTime = 0x838f5c08
System32:			 dwHighDateTime = 0x1ca042b,dwLowDateTime = 0xfb15659b
dwSerialNumber = 0xe89683d7
         
Vielen Dank, das Problem scheint gelöst zu sein.

MfG
Jogibub

Alt 27.06.2012, 17:56   #5
markusg
/// Malware-holic
 
Google/rocketnews.com Problem - Standard

Google/rocketnews.com Problem



hi,
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 28.06.2012, 15:51   #6
Jogibub
 
Google/rocketnews.com Problem - Standard

Google/rocketnews.com Problem



Hi markusg,

vielen Dank, dass du mir weiterhin deine Hilfe anbietest, aber das Problem ist gelöst und ich habe den Rechner nicht mehr bei mir.
Ich kann dir das Log von Combofix leider nicht mehr posten.
Du darfst diesen Thread gern als gelöst schließen.

MfG
Jogibub

Alt 29.06.2012, 18:13   #7
markusg
/// Malware-holic
 
Google/rocketnews.com Problem - Standard

Google/rocketnews.com Problem



der rechner hätte noch abgesichert werden müssen, so kann er sich wieder infizieren.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 04.07.2012, 10:09   #8
Jogibub
 
Google/rocketnews.com Problem - Standard

Google/rocketnews.com Problem



Hi markusg,

die Absicherung findet mit Hilfe von Combofix statt?
Sorry für die späte Antwort, ich war in der Arbeit sehr eingespannt und hatte keinen Kopf für diese Angelegenheit.

MfG
Jogibub

Alt 04.07.2012, 14:02   #9
markusg
/// Malware-holic
 
Google/rocketnews.com Problem - Standard

Google/rocketnews.com Problem



nein, weitere analyse mit cf dann absicherung :-)
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 06.07.2012, 19:45   #10
Jogibub
 
Google/rocketnews.com Problem - Standard

Google/rocketnews.com Problem



Hi markusg,

hier der Combofix Log:

Code:
ATTFilter
ComboFix 12-07-06.02 - Horst Falch 06.07.2012  20:25:34.1.4 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3063.2113 [GMT 2:00]
ausgeführt von:: c:\users\Horst Falch\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-06-06 bis 2012-07-06  ))))))))))))))))))))))))))))))
.
.
2012-07-06 18:30 . 2012-07-06 18:30	--------	d-----w-	c:\users\Horst Falch\AppData\Local\temp
2012-07-06 18:30 . 2012-07-06 18:30	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-06-27 15:50 . 2012-06-27 16:30	--------	d-----w-	C:\_OTL
2012-06-26 18:07 . 2012-06-26 18:07	--------	d-----w-	c:\program files\ESET
2012-06-26 16:52 . 2012-06-26 16:52	--------	d-----w-	c:\users\Horst Falch\AppData\Roaming\Malwarebytes
2012-06-23 08:09 . 2012-06-23 08:09	770384	----a-w-	c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-23 08:09 . 2012-06-23 08:09	421200	----a-w-	c:\program files\Mozilla Firefox\msvcp100.dll
2012-06-19 09:09 . 2012-06-02 22:19	53784	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-19 09:09 . 2012-06-02 22:19	45080	----a-w-	c:\windows\system32\wups2.dll
2012-06-19 09:09 . 2012-06-02 22:19	1933848	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-19 09:09 . 2012-06-02 22:12	2422272	----a-w-	c:\windows\system32\wucltux.dll
2012-06-19 09:09 . 2012-06-02 22:19	35864	----a-w-	c:\windows\system32\wups.dll
2012-06-19 09:09 . 2012-06-02 22:19	577048	----a-w-	c:\windows\system32\wuapi.dll
2012-06-19 09:09 . 2012-06-02 22:12	88576	----a-w-	c:\windows\system32\wudriver.dll
2012-06-19 09:09 . 2012-06-02 13:19	171904	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-19 09:09 . 2012-06-02 13:12	33792	----a-w-	c:\windows\system32\wuapp.exe
2012-06-10 17:31 . 2012-06-10 17:31	--------	d-----w-	c:\users\Horst Falch\AppData\Local\Macromedia
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 12:09 . 2012-05-05 08:26	426184	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-06-23 12:09 . 2011-05-14 09:59	70344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-09 21:28 . 2012-02-16 15:05	83392	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-05-09 21:28 . 2012-02-16 15:05	137928	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-06-23 08:09 . 2012-04-17 19:34	85472	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-06-20 11:18	1519824	----a-w-	c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-20 1519824]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-20 1519824]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-04 7703072]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-06-20 1568976]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-09 348624]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Horst Falch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x]
R3 SipIMNDI;T-Online Dialerschutz VoIP Service;c:\windows\system32\DRIVERS\SipIMNDI.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 12:09]
.
2012-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-10 18:08]
.
2012-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-10 18:08]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.aldi.com
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Horst Falch\AppData\Roaming\Mozilla\Firefox\Profiles\lv6qbu68.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.startup.homepage - hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
AddRemove-_{ADDBE07D-95B8-4789-9C76-187FFF9624B4} - c:\program files\Corel\CorelDRAW Essential Edition 3\Programs\MSILauncher {ADDBE07D-95B8-4789-9C76-187FFF9624B4}
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'explorer.exe'(3360)
c:\program files\Epson Software\Easy Photo Print\EPTBL.dll
c:\program files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
c:\program files\Avira\AntiVir Desktop\avsda.dll
.
Zeit der Fertigstellung: 2012-07-06  20:39:35
ComboFix-quarantined-files.txt  2012-07-06 18:39
.
Vor Suchlauf: 7 Verzeichnis(se), 940.888.023.040 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 940.670.742.528 Bytes frei
.
- - End Of File - - 4F21730F3C81D6B93ED8D1FA46223E19
         

Alt 06.07.2012, 19:50   #11
markusg
/// Malware-holic
 
Google/rocketnews.com Problem - Standard

Google/rocketnews.com Problem



lade den CCleaner standard:
CCleaner Download - CCleaner 3.20.1750
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Google/rocketnews.com Problem
4d36e972-e325-11ce-bfc1-08002be10318, administrator, autorun, avira, avira searchfree toolbar, bho, bingbar, dateisystem, defender, desktop, detected, explorer, firefox, firefox 13.0.1, firefox settings, format, google earth, helper, heuristiks/extra, heuristiks/shuriken, hängt, logfile, nvidia, object, opera, problem, programme, realtek, rootkit, rundll, searchscopes, senden, software, trojan.spyeyes.gen, unsignedfile.multi.generic, version=1.0, wieder weg, winlogon.exe, yahoo



Ähnliche Themen: Google/rocketnews.com Problem


  1. Google Redirect Virus (Rocketnews & co.)
    Plagegeister aller Art und deren Bekämpfung - 29.10.2012 (5)
  2. Google Weiterleitung zu rocketnews
    Plagegeister aller Art und deren Bekämpfung - 24.07.2012 (5)
  3. Google/Bing ... redirect Virus rocketnews
    Log-Analyse und Auswertung - 23.07.2012 (27)
  4. Google leitet auf rocketnews.com weiter. tr/pirminay.sax
    Log-Analyse und Auswertung - 09.07.2012 (21)
  5. Nach Google Suche umleitung über Rocketnews zu safeseeking.com
    Plagegeister aller Art und deren Bekämpfung - 02.07.2012 (16)
  6. Virenscan folgender fund TR/Agent.fcv und weiterleitung bei google auf rocketnews
    Plagegeister aller Art und deren Bekämpfung - 29.06.2012 (13)
  7. rocketnews virus; weiterleitung über google suche auf fremde falsche seiten
    Plagegeister aller Art und deren Bekämpfung - 26.06.2012 (1)
  8. Google-Suche wird umgeleitet auf rocketnews
    Plagegeister aller Art und deren Bekämpfung - 23.06.2012 (16)
  9. Google öffnet andere Seiten als gewünscht (Rocketnews)
    Plagegeister aller Art und deren Bekämpfung - 21.06.2012 (19)
  10. Umleitung von google auf "Rocketnews"
    Plagegeister aller Art und deren Bekämpfung - 10.06.2012 (1)
  11. Google Weiterleitung - Rocketnews: Virus?
    Plagegeister aller Art und deren Bekämpfung - 09.06.2012 (11)
  12. Google leitet auf Werbeseiten (Rocketnews etc.) weiter
    Plagegeister aller Art und deren Bekämpfung - 30.05.2012 (1)
  13. Google redirect Virus, werde bei den Suchergebnissen immer auf rocketnews.com weitergeleitet
    Plagegeister aller Art und deren Bekämpfung - 27.05.2012 (6)
  14. google rocketnews
    Plagegeister aller Art und deren Bekämpfung - 23.05.2012 (33)
  15. google leitet stets auf rocketnews & groupon weiter
    Plagegeister aller Art und deren Bekämpfung - 22.05.2012 (3)
  16. Weiterleitung bei google (bing etc.)-Suche auf falsche Seite "rocketnews.com/...."
    Plagegeister aller Art und deren Bekämpfung - 13.05.2012 (2)
  17. Google öffnet andere Seiten als gewünscht (Rocketnews, freegaming.com, groupon etc.)
    Plagegeister aller Art und deren Bekämpfung - 11.05.2012 (11)

Zum Thema Google/rocketnews.com Problem - Hallo zusammen, hab hier einen Rechner von einem Nachbarn, der das gleiche Problem wie bei folgenden Threats hat: http://www.trojaner-board.de/116423-...ocketnews.html http://www.trojaner-board.de/117703-...ocketnews.html http://www.trojaner-board.de/117623-...gebnissen.html Hier 2 Logs von -Malwarebytes (Quickscan mit Fund) Code: - Google/rocketnews.com Problem...
Archiv
Du betrachtest: Google/rocketnews.com Problem auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.