Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Bekomme Meldung "Troj/JSRedir-HZ" und "MW:JS:JJ677"

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 04.10.2012, 23:11   #1
StefHei
 
Bekomme Meldung "Troj/JSRedir-HZ" und "MW:JS:JJ677" - Standard

Bekomme Meldung "Troj/JSRedir-HZ" und "MW:JS:JJ677"



Hallo!

Auf einigen von mir ins Netz gestellten Webseiten wird der Aufruf mit der Meldung über den trojaner "Troj/JSRedir-HZ" abgewiesen. Dies ist nur an meinem PC beim Arbeitgeber der Fall. Zu Hause kommen keine solchen Meldungen. Ein Online-Scan der Webseiten über "labs.sucuri.net" ergibt folgenden Fund: "MW:JS:JJ677". Um sicher zu sein, dass die Ursache nicht bei meinem Heimrechner liegt, poste ich das Problem hier.

Danke schonmal für's "Annehmen" des Problems!

1. Defogger hat nichts gefunden
2. Malwarebytes (Quickscna) auch nichts
3. OTL:

Code:
ATTFilter
OTL logfile created on: 04.10.2012 23:07:41 - Run 1
OTL by OldTimer - Version 3.2.70.2     Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,86 Gb Available Physical Memory | 42,90% Memory free
4,24 Gb Paging File | 2,43 Gb Available in Paging File | 57,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,60 Gb Total Space | 112,15 Gb Free Space | 25,17% Space Free | Partition Type: NTFS
Drive D: | 20,15 Gb Total Space | 11,03 Gb Free Space | 54,72% Space Free | Partition Type: FAT32
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.04 23:07:30 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2012.10.04 23:05:33 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
PRC - [2012.09.26 20:14:15 | 004,780,928 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2012.09.09 16:06:47 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2012.09.07 17:04:44 | 000,981,656 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012.08.08 17:36:14 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.06.06 11:41:48 | 001,823,160 | ---- | M] (Bandoo Media, inc) -- C:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe
PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.05.09 19:20:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.09 19:20:27 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.09 19:20:27 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.11.11 15:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011.11.11 15:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2011.08.19 11:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2011.08.12 13:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.06.28 14:48:58 | 000,974,848 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
PRC - [2011.04.26 22:23:02 | 000,223,088 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2011.04.26 22:22:44 | 000,681,840 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2011.03.30 17:44:58 | 001,324,008 | ---- | M] (Iminent) -- C:\Program Files\Iminent\IMBooster\IMBooster.exe
PRC - [2011.01.22 16:58:30 | 000,069,000 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EASEUS\Todo Backup 2.0\bin\EuWatch.exe
PRC - [2011.01.22 16:58:30 | 000,055,688 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EASEUS\Todo Backup 2.0\bin\Agent.exe
PRC - [2010.04.30 13:47:28 | 001,086,760 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.10.24 16:35:44 | 000,128,296 | ---- | M] () -- C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
PRC - [2007.11.14 16:50:42 | 004,706,304 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2001.11.12 14:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Program Files\Common Files\X10\Common\X10nets.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.10.04 23:05:33 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
MOD - [2012.10.04 22:02:21 | 000,065,024 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012.10.04 22:02:21 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012.06.18 21:10:41 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\663112d3002034cf5126be253efff60d\System.Web.Services.ni.dll
MOD - [2012.06.18 20:40:57 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012.06.18 20:40:39 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012.06.15 19:15:11 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012.05.28 10:04:13 | 005,457,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\2c3e80bf92ccaab8fa9102919c60e419\System.Xml.ni.dll
MOD - [2012.05.28 10:04:09 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\ac40d23be2c4ad58c8d22eca5a8297f1\System.Configuration.ni.dll
MOD - [2012.05.14 08:21:49 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2012.02.12 20:49:06 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012.02.12 20:49:06 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011.11.11 15:09:20 | 000,336,408 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2011.11.11 15:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2011.08.12 13:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2011.08.12 13:18:56 | 000,342,552 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011.08.12 13:18:56 | 000,128,536 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011.08.12 13:18:56 | 000,029,208 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011.08.12 13:18:54 | 007,956,504 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011.08.12 13:18:54 | 002,145,304 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011.04.26 22:22:44 | 000,681,840 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
MOD - [2011.04.19 12:39:46 | 000,315,392 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libtidy.dll
MOD - [2011.04.19 12:39:44 | 000,433,664 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libxml2.dll
MOD - [2011.03.30 17:45:12 | 000,016,360 | ---- | M] () -- C:\Program Files\Iminent\IMBooster\de\Iminent.Booster.UI.resources.dll
MOD - [2011.03.30 17:45:06 | 000,236,520 | ---- | M] () -- C:\Program Files\Iminent\IMBooster\Iminent.Windows.dll
MOD - [2011.03.30 17:45:06 | 000,218,600 | ---- | M] () -- C:\Program Files\Iminent\IMBooster\Iminent.Workflow.dll
MOD - [2011.03.30 17:45:04 | 001,869,288 | ---- | M] () -- C:\Program Files\Iminent\IMBooster\Iminent.Services.dll
MOD - [2011.03.30 17:45:02 | 000,041,960 | ---- | M] () -- C:\Program Files\Iminent\IMBooster\Iminent.Business.TinyUrl.dll
MOD - [2011.03.30 17:45:00 | 000,337,896 | ---- | M] () -- C:\Program Files\Iminent\IMBooster\Iminent.Booster.UI.dll
MOD - [2011.01.22 16:57:54 | 000,050,056 | ---- | M] () -- C:\Program Files\EASEUS\Todo Backup 2.0\bin\CodeLog.dll
MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.09.09 16:06:47 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012.09.03 19:32:45 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.13 14:14:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.09 19:20:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.09 19:20:27 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.08.19 11:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011.04.26 22:23:02 | 000,223,088 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2011.01.22 16:58:30 | 000,055,688 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] -- C:\Program Files\EASEUS\Todo Backup 2.0\bin\Agent.exe -- (EASEUS Agent)
SRV - [2008.10.24 16:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService)
SRV - [2008.02.29 23:12:12 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2008.02.22 14:34:57 | 000,069,120 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe -- (GoogleDesktopManager)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.05.31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2001.11.12 14:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\DIAGNOSE\WSTGER\uxddrv.sys -- (uxddrv)
DRV - [2012.10.04 22:55:59 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012.05.09 19:20:28 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.09 19:20:28 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.12.15 16:00:00 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.08.19 11:26:50 | 004,334,624 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2011.08.19 11:26:46 | 000,315,808 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011.04.04 14:55:38 | 000,020,480 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2011.03.31 14:53:22 | 000,024,064 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2011.03.16 22:42:02 | 000,101,376 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV07.sys -- (ACEDRV07)
DRV - [2011.03.04 19:27:19 | 000,279,712 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2011.03.04 19:27:18 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2011.01.22 16:58:24 | 000,021,896 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\eufs.sys -- (EUFS)
DRV - [2011.01.22 16:58:22 | 000,015,240 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\eudskacs.sys -- (EUDSKACS)
DRV - [2011.01.22 16:58:20 | 000,031,112 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\eubakup.sys -- (EUBAKUP)
DRV - [2011.01.22 16:58:18 | 000,188,296 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EuDisk.sys -- (EuDisk)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.04.01 14:31:50 | 000,023,424 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Motousbnet.sys -- (Motousbnet)
DRV - [2010.03.12 19:22:18 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2010.01.25 19:56:44 | 000,009,472 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motusbdevice.sys -- (motusbdevice)
DRV - [2009.04.11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2009.01.29 17:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2009.01.29 17:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motfilt.sys -- (BTCFilterService)
DRV - [2008.01.08 09:17:08 | 001,302,368 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2007.12.14 04:28:00 | 008,244,320 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007.11.02 15:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2007.10.31 12:23:20 | 000,115,744 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007.10.01 20:54:44 | 000,419,344 | ---- | M] (TechniSat Digital, S.A.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SkyNET.sys -- (SKYNET)
DRV - [2007.09.21 11:38:22 | 000,554,496 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2007.09.10 20:17:40 | 001,035,168 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007.07.07 15:13:10 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2006.11.30 16:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2006.11.17 11:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=161&systemid=406&sr=0&q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKCU\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=2a21be620000000000000008c9a0638c&tlver=1.4.19.19&affID=17160
IE - HKCU\..\SearchScopes\{31CF9EBE-5755-4a1d-AC25-2834D952D9B4}: "URL" = hxxp://search.pdfcreator-toolbar.org/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field
IE - HKCU\..\SearchScopes\{51DD28B5-EACA-4F35-B291-9C25A2E55699}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA_de
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www27.yoog.com/search.php?q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=161&systemid=406&sr=0&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.3088: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.3146: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.3006: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\***\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.11.20 18:11:53 | 000,000,000 | ---D | M]
 
[2011.04.01 23:15:34 | 000,002,423 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
 
O1 HOSTS File: ([2010.12.22 00:26:09 | 000,427,674 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 14729 more lines...
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files\Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files\Iminent\IMBooster4Web\Iminent.WebBooster.dll (Iminent)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EaseUs Watch] C:\Program Files\EASEUS\Todo Backup 2.0\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd)
O4 - HKLM..\Run: [IMBooster] C:\Program Files\Iminent\IMBooster\imbooster.exe (Iminent)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe ( )
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\netuse.bat ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} file:///E:/components/hidinputmonitorx.ocx (HidInputMonitorX Control)
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://photoservice.fujicolor.eu/ips-opdata/objects/jordan.cab (JordanUploader Class)
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} file:///E:/components/A9.ocx (A9Helper.A9)
O16 - DPF: {6678BE91-1E04-4A4A-9C32-63145EA79C2A} hxxp://fifa-online.easports.com/fo3-theme/addons/EAFO3AXLauncher.cab (EAFO3AXLauncher Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1231834711663 (MUWebControl Class)
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} file:///E:/components/wmvhdrating.ocx (WMVHDRatingCtrl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Unable to open value key)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Unable to open value key)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Unable to open value key)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://seva.f-i.de/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{34B37002-36E9-4A77-9DC4-D081363E3413}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F590491-063E-4E74-978F-82A33451A8F9}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F076153C-EE15-41C0-8EB0-C3697B4B3D66}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll) - C:\Program Files\Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll) - C:\Program Files\Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.04 23:07:28 | 000,601,088 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.10.04 23:05:05 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\10_2012
[2012.10.04 22:55:59 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.09.10 19:49:10 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[1 C:\Users\***\AppData\Roaming\*.tmp files -> C:\Users\***\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.04 23:07:30 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.10.04 23:06:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.04 23:05:48 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.10.04 23:05:33 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2012.10.04 22:55:59 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.10.04 22:52:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\Packard Bell Data Secure for ***.job
[2012.10.04 22:30:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.04 22:06:16 | 000,642,258 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.04 22:06:16 | 000,607,268 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.04 22:06:16 | 000,131,710 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.04 22:06:16 | 000,108,644 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.04 21:59:58 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.04 21:59:50 | 000,604,856 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.10.04 21:59:50 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.04 21:59:50 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.04 21:59:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.04 21:58:26 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.10.04 21:34:49 | 000,000,870 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.26 20:34:01 | 000,100,864 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.06 20:36:36 | 000,000,768 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[1 C:\Users\***\AppData\Roaming\*.tmp files -> C:\Users\***\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.04 23:05:48 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.10.04 23:05:28 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2012.09.06 20:36:36 | 000,000,768 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.11.20 17:35:13 | 000,047,104 | ---- | C] () -- C:\Windows\System32\KMVIDC32.DLL
[2011.08.19 11:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2011.08.19 11:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2011.08.19 11:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011.08.12 13:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2011.07.26 08:48:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011.07.13 14:24:53 | 000,038,446 | ---- | C] () -- C:\Users\***\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2011.04.04 19:15:27 | 000,000,016 | -H-- | C] () -- C:\Program Files\mxfilerelatedcache.mxc2
[2011.04.04 19:15:23 | 000,000,016 | -H-- | C] () -- C:\Users\***\mxfilerelatedcache.mxc2
[2011.03.16 22:43:07 | 000,000,098 | ---- | C] () -- C:\Windows\Videodeluxe.INI
[2011.03.13 14:33:00 | 000,000,032 | ---- | C] () -- C:\Windows\System32\EUOD.DAT
[2011.03.04 19:11:40 | 000,279,712 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2011.03.04 19:11:37 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2011.01.23 15:19:04 | 000,038,426 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2011.01.20 19:02:49 | 000,000,051 | ---- | C] () -- C:\Windows\wininit.ini
[2010.12.24 11:55:29 | 000,321,536 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
[2010.09.29 23:29:14 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2010.09.27 21:44:34 | 000,006,138 | ---- | C] () -- C:\Users\***\AppData\Roaming\mdbu.bin
[2010.08.22 16:45:41 | 000,139,152 | ---- | C] () -- C:\Users\***\AppData\Roaming\PnkBstrK.sys
[2009.11.09 22:26:45 | 000,038,425 | ---- | C] () -- C:\Users\***\AppData\Roaming\Kommagetrennte Werte (DOS).ADR
[2009.01.24 20:01:36 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008.12.13 02:15:46 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Roaming\Default.PLS
[2008.07.12 18:18:53 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat
[2008.04.02 16:00:56 | 000,000,557 | ---- | C] () -- C:\Users\***\AppData\Roaming\TheLastRipper.xml
[2008.03.15 20:55:36 | 000,100,864 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.02.22 21:34:03 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2008.02.22 14:44:08 | 000,000,094 | ---- | C] () -- C:\Users\***\AppData\Local\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.09.29 15:45:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft
[2009.05.03 17:24:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon
[2008.07.06 11:31:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ASCON Installer
[2011.04.14 17:32:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\avidemux
[2010.09.27 21:15:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Buhl Data Service GmbH
[2011.11.19 11:00:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Byotov
[2008.04.13 20:19:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon
[2010.11.26 21:58:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\cock
[2011.01.20 19:43:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Codecd3d
[2011.07.22 14:44:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2008.02.25 23:30:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CoSoSys
[2009.01.13 14:23:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Crystal Player
[2012.10.04 22:02:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2012.07.10 14:15:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2011.05.29 14:39:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.08.28 12:32:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FarmingSimulator2008
[2008.09.03 17:51:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\fotobuch.de AG
[2009.04.25 10:05:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Free Monitor for Google
[2011.04.01 23:23:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo
[2011.01.26 00:02:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Itsth
[2010.11.21 18:58:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Juniper Networks
[2012.08.04 23:00:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\kock
[2011.11.20 20:06:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2010.01.09 23:16:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LimeWire
[2011.07.22 14:39:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX
[2011.01.26 00:32:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MyPhoneExplorer
[2008.04.16 15:02:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NewSoft
[2010.03.15 21:02:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Pegasys Inc
[2008.04.13 20:12:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ScanSoft
[2008.12.31 17:20:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Skinux
[2010.10.03 22:33:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SMSout
[2008.08.06 22:42:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sonavis
[2010.07.31 20:47:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SuperMailer
[2008.07.12 18:18:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Template
[2008.09.17 21:13:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TVcentral-Core
[2012.08.04 23:03:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\UAs
[2011.11.18 18:22:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Upur
[2012.08.04 23:03:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\xmldm
 
========== Purity Check ==========
 
 

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 04.10.2012 23:07:41 - Run 1
OTL by OldTimer - Version 3.2.70.2     Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,86 Gb Available Physical Memory | 42,90% Memory free
4,24 Gb Paging File | 2,43 Gb Available in Paging File | 57,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,60 Gb Total Space | 112,15 Gb Free Space | 25,17% Space Free | Partition Type: NTFS
Drive D: | 20,15 Gb Total Space | 11,03 Gb Free Space | 54,72% Space Free | Partition Type: FAT32
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe (Macromedia, Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Unable to open value key File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Unable to open value key
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- "C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Unable to open value key
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Unable to open value key
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 1
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Dateien\Downloads\Fotobuch\fotobuch.de AG\Designer 2.0\Designer.exe" = C:\Dateien\Downloads\Fotobuch\fotobuch.de AG\Designer 2.0\Designer.exe:*:Designer.exe -- ()
"C:\Dateien\Alexandra\fotobuch.de AG\Designer 2.0\Designer.exe" = C:\Dateien\Alexandra\fotobuch.de AG\Designer 2.0\Designer.exe:*:Designer.exe -- ()
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0201F59C-2A42-4168-B6B3-0742E5C310B9}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{0C374FB5-C899-43F0-8440-CEF2C997466A}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{1518B4B1-47F0-454E-870F-A83E43BB0003}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{16CA8772-9CFC-4479-AB82-F3D0EDB737DE}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{1AAFA3D1-57AC-45D2-B1EC-0E67FE66E630}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{1F6033E4-9018-4FFD-9DE0-AB3C2B32C051}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{1F7A2B43-39B1-4595-9BD3-E9DF6500598B}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{22E5DAEB-6EF8-4768-9FE9-02A3C9CF0BD0}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{239A7D70-29B6-4EFE-A9DD-E931FEF69E24}" = rport=137 | protocol=17 | dir=out | app=system | 
"{3093077A-A4DA-446A-B8A6-56926CE9987D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{327B40F8-3A96-41DD-98EF-975A84E152E0}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{32DA4576-3502-4566-A3F7-20C9D8BE930C}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{43AC3E41-E303-413C-85B8-0575B0532089}" = lport=445 | protocol=6 | dir=in | app=system | 
"{5A22D451-B80E-444F-BD57-CF3659A1AD5E}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{64DD3AA3-6C78-468F-8C19-062A97787F6D}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{6C7ABAEA-94EC-4F40-A78E-F2E7FF53D3EC}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{6D4368A2-515B-4932-B719-1184C7752B63}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{6F30EEAC-6DBD-40E4-9596-39696C3F6C39}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{715CA0D4-A98F-401B-AC78-89ECBDB349D3}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{74808D74-C2BD-4A44-AC30-791CD7B9F552}" = lport=139 | protocol=6 | dir=in | app=system | 
"{74DA62FC-0629-4CA1-8A0F-3292C621547D}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{76021415-672B-4BCA-B811-AC4BD3D956FB}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{76BB8A26-5137-4959-91DE-A544DE014778}" = rport=445 | protocol=6 | dir=out | app=system | 
"{7951D290-6C16-4660-AA11-BE856F384E45}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7D9972D8-4A7D-4060-9BCD-BAB3A90EAEE9}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{7F51410D-E049-4FCF-99EE-85CF9E5E2E70}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{8446FBC6-5150-4991-93EC-2EC0AD81ED96}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{87E96F97-35F1-41E9-B390-7949D1AADBEA}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{8A2810D4-2EE8-4E4C-8BD0-FE761B7D7D28}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{90119939-426B-49D7-97BC-0DAC63F39D81}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{96D3B22B-7AB5-4ECA-BB09-B0B3AFF16731}" = lport=137 | protocol=17 | dir=in | app=system | 
"{ABE7A324-DFA9-488A-9D24-30BE2C720CCD}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{BAAAAAD3-4046-4A38-8385-980E90373444}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{BEA55080-9409-4E50-A6EF-F28CE67A7FA6}" = rport=138 | protocol=17 | dir=out | app=system | 
"{C104868A-E41F-430A-9A0E-71F1C19D55E0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DD8C93B5-C428-4F8F-927B-D47E4C143769}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{DE171572-4743-471A-8A63-D11154E857C8}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{EC7832DF-1DED-4986-8BDA-95898C853F85}" = rport=139 | protocol=6 | dir=out | app=system | 
"{F1DDFF17-B9F2-4235-B371-141B01438809}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FC58C0F7-580D-431C-9D23-11321A42056D}" = lport=138 | protocol=17 | dir=in | app=system | 
"{FDF1D35E-458B-4BC7-83F5-B651D7D99EC9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{FDF91233-0723-477B-BD79-CBF101054E7E}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00D254ED-9826-4CF1-ACD8-D1732D481C7A}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{08488E07-A207-42AB-8C3C-6234D4396596}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{0BE04582-A3D0-4724-B1D1-18F701998C19}" = dir=in | app=c:\program files\homecinema\makedisc\makedisc.exe | 
"{11320A4E-C369-4050-9037-652326A3953B}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{15AD1714-57F8-45D4-BB36-38FB0005CA13}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{17928989-23AD-45A1-B328-F4E7B48D9D42}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{180BC910-87AD-4BE4-9CF0-4CD1A942FE0E}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{1C29A5E9-1F6B-4E23-801C-EA30A51E1972}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{1C37DE41-E3BF-427A-9BE5-6ECA3FAE25FB}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{1D5A908B-8BFA-4831-A11F-3D1430B9C6D7}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{2825FD05-8E9E-4F6B-991E-5CFEEA5F841E}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{2E46EB3C-480D-4D0E-AF80-572C3B12DE95}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{2EC05C3B-AF24-4E33-BFFE-7081C60BF964}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{2EDF8A3C-2FCF-40D4-8DBB-3DEBD09C146C}" = protocol=6 | dir=in | app=c:\program files\lgnas\nasdetector\nasdetector.exe | 
"{2FFBBAFD-24F9-491A-9C9B-5C53047559C5}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{36AB7289-69E8-4406-9ACB-D849CBC89157}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{395C9D7B-C4AC-454E-A9C9-A27ED810A8B6}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{3CDFB4C1-B800-4D04-B0AE-36EFC87CB051}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{3D8EA1C3-8B1D-4F13-B5E2-ED0336057A24}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{3F95A07C-1F03-4610-A52B-9F5856D9DFC8}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{4130BA16-172C-4907-9EAD-6444ECE778FC}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{41CB5248-31AC-40D4-B543-E959845B6369}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{4223D670-0C76-493C-97FC-48EDAD66CD39}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{42C4C4AB-ED99-4011-B9A9-0F6C60630F1C}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe | 
"{436C73AB-F50A-42DC-909C-357E7BACD274}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{4A6A6F1F-946A-475C-92C2-04682888C7A9}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{4B126F9E-065A-470F-9C57-52CB0D311214}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{4BE09AE3-8CEA-4D5A-83F6-9B259977B5A4}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{4C920248-1C27-42F6-A992-8940750818D0}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{4EDAAC79-8CE8-4EDC-89B4-5A453A79A54C}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{5296BD95-B0C9-41C8-892E-4EBDD6228956}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{55769CE4-6FD5-4D49-AA8A-2F6497F362AC}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{5FE68731-57D6-4BBE-A189-4CDD3DEB8EA4}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{637E056F-BB80-44AA-83D0-18D13BC5D005}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{6A7CB09F-4801-48DC-BAFA-6BD594F30F17}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{6D6E7386-1D55-459D-928F-B099D1F5CDD8}" = protocol=6 | dir=in | app=c:\program files\iminent\imbooster\imbooster.exe | 
"{6F3ECAFA-4177-48A7-94A8-6B6DAE4F9A2E}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{7011A1BC-C5F3-4374-81B3-81493CD9B1C5}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{705A9499-0508-4DB6-A0DA-B07CB757CB71}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{712F08D0-B161-4F7E-B97A-01B05C400584}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{7329836A-FF09-48A1-85E6-9FCE61342786}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{74DC73B1-AEAB-46BE-AF7B-9676ADA91C79}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{75D38908-D88F-4BCD-8673-ACBA9F14C821}" = protocol=6 | dir=out | app=c:\program files\iminent\mmserver\iminent.mmserver.exe | 
"{79B7172D-5A63-4FD2-A06D-789F731AABD2}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{7BE8CB32-F8AF-44F9-9EB4-CA3F3D28B706}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{7C352E82-A9AE-4161-A086-6A7FDB17CB58}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{82CCB4E1-227E-431E-8A38-6A6F97BE8229}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8365281E-FE34-4F34-ACFC-BB8639624FBE}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"{8A7CBBDB-F778-4169-9CF9-06BE3DB69BB1}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{8AAAE017-0EEE-4EFE-BEE9-AD38B6809B3F}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{8F8628ED-03FB-459A-9828-7FAF30B5029F}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{8FEA870F-A015-41D5-B12C-B48681121F49}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{90CFDA12-EC19-4C9C-93BD-4D5F0DF0B93C}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{91279B02-AC12-4F1E-9045-79C9BDED63A4}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{9170DEBD-144B-42BF-92FB-5492B0B97876}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{92DAADF2-E286-41EA-AD09-4CE91022D5AF}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{977C7884-AED8-430E-9144-1338B53EBDAC}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{98C48465-0D56-46F2-AFBA-4F1826F61E23}" = protocol=17 | dir=in | app=c:\program files\lgnas\nasdetector\nasdetector.exe | 
"{9B0936E0-523C-4AB4-982B-4BB8AC559731}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{9CC6AE99-3770-4BD5-ABE1-8B0C4E4DCB8A}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{9F4A847F-D43B-42E3-AD21-5688C065B128}" = protocol=6 | dir=in | app=c:\program files\landwirtschafts simulator 2011\farmingsimulator2011.exe | 
"{A1CC2240-AEF8-4204-B042-CD1095CC280D}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{A25973C6-12CF-4C19-AF17-86BDFB75B5B8}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{A3732A94-E176-4A4F-B187-D744E879CF77}" = protocol=6 | dir=in | app=c:\program files\landwirtschafts simulator 2011\game.exe | 
"{A76CDABD-2FB8-43DE-80E2-B8BD9FC372FD}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{A8109008-5F0E-46FF-9DAC-D1CBCEFC9376}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{A90B3C99-CF4F-4544-835B-9E8BDA060145}" = protocol=17 | dir=in | app=c:\program files\landwirtschafts simulator 2011\farmingsimulator2011.exe | 
"{A9DBA0F3-E2BF-4D3F-9A76-39C9A0947EBB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{AC3A0640-F4C2-4B7E-B8B4-413A71852736}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{AC9635B3-D98E-4D91-8B97-2CD66B5783E8}" = protocol=6 | dir=out | app=c:\program files\iminent\imbooster\imbooster.exe | 
"{B1747447-BF0E-422B-B6B7-E4A8E68AF401}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{B2853FF3-0A8E-43D7-8CC4-3219CF3221C3}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{B40D92F6-73DA-4845-BCCB-426269BC6EEC}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{B628B371-F445-49D8-B181-97125F42E99E}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{BAB63DAB-B2DE-4371-AE2E-135634F56F49}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{BC894A4C-B3BD-4CB5-9063-20D69D9E44FA}" = protocol=6 | dir=in | app=c:\program files\iminent\mmserver\iminent.mmserver.exe | 
"{C2E53F8F-64CD-49C6-8D66-3CDF0F739606}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{C2E57F66-7940-429E-8FF5-CBF18FB5B1E8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{C3A4033A-3F0F-419C-ACE5-BEC637D3D1DA}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{C58D1DCD-EE4E-4840-8553-81311D85DC70}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{C663D907-5F36-46D4-891B-2F9126AD1BE8}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{C6D3DF86-C56D-4A0D-A9B7-451108644B9E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{CCA07642-C99D-461B-990F-A2E81292271F}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{CDE31234-C3CC-45AB-BAF1-08B2356C4393}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{D089D7B7-95C5-4821-8AB4-9D5021A0F7C4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{D2A238BA-6013-4A05-A7DF-2F8EDC0ED6CF}" = protocol=17 | dir=in | app=c:\program files\searchqu toolbar\datamngr\toolbar\dtuser.exe | 
"{D3EF62A3-F4B2-4A3C-AC80-B64A40991BF1}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{D565D3CA-4C44-4462-98CD-C71E9E5292B0}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{D8286C37-31A3-456B-96E7-51C01B820700}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{D9B3EA17-0C0D-45BD-8AF6-4EA77EA2F314}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{DC69D7D6-C91D-4829-87D1-360A048FD903}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{DF221089-7BD5-46C6-A634-E80D1DF92CE5}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{E635663D-12F6-4FC4-8DC2-12AA1BBF5A15}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{E8B60ED1-4A67-43E2-A373-8193F101C35E}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"{E8B6F1F3-99E0-471C-8124-940E991DDC39}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{EB48FF3E-C256-4C0E-9594-FDB88D9D3E50}" = protocol=6 | dir=in | app=c:\program files\searchqu toolbar\datamngr\toolbar\dtuser.exe | 
"{F1101A87-0E34-472D-8164-19D1ADF188E2}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe | 
"{F1CE6CA0-8BDB-4DFA-BBA9-872AA517DDC0}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{F315DCD3-0B59-4F42-9BE3-B66552AAA5F7}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{F6548B0C-5362-4354-AF36-28E59F03792C}" = protocol=17 | dir=in | app=c:\program files\landwirtschafts simulator 2011\game.exe | 
"{F66CB2D4-D35C-45CD-8E6F-E2EC92917714}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{F96A2944-D4AF-453E-A674-38E75BBA035C}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{FAE6C358-C4A9-4B18-92D4-4665779AE73D}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{FC52596E-010B-41B6-81A0-33F919895C11}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"TCP Query User{10ECA3A8-B5F2-4F81-8B66-DBF220F8976F}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{3B497CA2-34F2-46FD-825C-CDD8F6340BFB}C:\team17\worms2\frontend.exe" = protocol=6 | dir=in | app=c:\team17\worms2\frontend.exe | 
"TCP Query User{412001A3-3FF8-428D-8B53-A4274F1BA699}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{4EDC2E1F-8DE3-46B4-90CB-19CCF9D2B712}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{4EF09714-D2F2-4879-9159-F27352479B1C}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe | 
"TCP Query User{549B736E-6DC4-4FD9-BBB2-1B6752134463}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{65DAC3FB-121F-467F-9330-896576A5A7FF}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | 
"TCP Query User{81C149D8-EEB4-426C-AC3C-9799CABC53E2}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | 
"TCP Query User{B67DBBF1-ACE6-4D5E-BE22-3BBEB8B1037D}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{C42D7F3E-7804-4177-8A1C-0940A55A7379}C:\program files\motorola\software update\msu.exe" = protocol=6 | dir=in | app=c:\program files\motorola\software update\msu.exe | 
"TCP Query User{CF8E1166-9340-4BA5-BBD1-3DDDAA12375C}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"TCP Query User{D01091A6-C9CC-4242-BC86-3899BCA700A7}C:\program files\ws_ftp\ws_ftp95.exe" = protocol=6 | dir=in | app=c:\program files\ws_ftp\ws_ftp95.exe | 
"TCP Query User{D33545E8-764C-4394-AFED-5AC272B6F744}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"TCP Query User{E43557DA-AF16-421B-A49A-415280A38953}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{EB6A1FF4-4C10-49E9-ACF9-B57380E9C389}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
"TCP Query User{ED9E25E4-1781-49F9-B0B6-43F5300E3B25}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{01E375B9-E3CB-460A-B3A6-27EE354E1077}C:\program files\motorola\software update\msu.exe" = protocol=17 | dir=in | app=c:\program files\motorola\software update\msu.exe | 
"UDP Query User{0683E01C-8237-41D2-A849-0EE87465F524}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{11730B34-FDDE-4A85-AFA0-DEC333F78C5B}C:\program files\ws_ftp\ws_ftp95.exe" = protocol=17 | dir=in | app=c:\program files\ws_ftp\ws_ftp95.exe | 
"UDP Query User{1D131489-9A37-40E8-872C-75D3246BFD3A}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{377AA072-31ED-4073-86F2-4065960F001E}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{3CAB603B-C142-47B7-B07A-17AC38774F05}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"UDP Query User{437BE1CB-487A-434B-B399-FE4C0403B89D}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe | 
"UDP Query User{4FF3F819-CF78-4F6C-B58F-7924EBFEE8DA}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{5001422C-26EE-4188-8334-0DC78F453230}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
"UDP Query User{55862774-3A6E-498E-B9A1-AD30B2581E67}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{724EED51-F6B8-4BA0-A49D-F1675AB8C270}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"UDP Query User{A9AFE218-0C4C-412B-B84D-041C5A8E47BB}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{AEF77A85-1C1D-4899-A3D6-8FE8D0556E34}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{D4B910B3-336E-4C74-90B6-D9D4BCC516CD}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | 
"UDP Query User{E7585E13-A285-46CD-A494-941D998BC189}C:\team17\worms2\frontend.exe" = protocol=17 | dir=in | app=c:\team17\worms2\frontend.exe | 
"UDP Query User{EB8BAD84-C0C5-4E17-8511-E5E5EC731E90}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0420F95C-11FF-4E02-B967-6CC22B188F9F}" = Nero BackItUp
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}" = Macromedia Dreamweaver MX 2004
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2411" = CanoScan LiDE 70
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}" = Corel Graphics Suite 11
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{241E9E85-7173-4AEC-9EE4-82A205EE6075}" = Application Suite
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 35
"{32E00E5E-22B1-4D5A-9DC2-CD75E087A5E6}" = Steuer-Spar-Erklärung 2009
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{397516AE-7DFE-4F90-84E0-BD616D559434}" = Nero BurnRights
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51E2F9B3-A972-4F58-B4EF-4D9676D9F5D1}" = Nero RescueAgent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{59DC43FF-8F26-40B2-A566-C69C9457BF7D}" = Moorhuhn Soccer
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5D90E53A-BD7C-8F32-9B82-7733D0F0BC8E}" = Adobe Download Assistant
"{5FCCD531-1B38-4A94-924C-127F722F1031}" = Nero 8 Essentials
"{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}" = Logitech Harmony Remote Software
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6844E55F-37A1-42BC-B316-326B48C49ADC}" = Pro Evolution Soccer 2012 DEMO
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C3CF7AC-5AB0-42D9-93C0-68166A57AFB6}" = Nero Express
"{6F3D2F66-F050-45E3-BEB1-6523FE6D6690}" = MotoHelper MergeModules
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81388290-5DFA-493E-83D6-244B652DE5AA}" = LG NASDetector
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{870815CA-6B60-47B6-88DD-A67F42D2F03E}" = GPL MPEG-1/2 DirectShow Decoder Filter
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}" = AGEIA PhysX v7.11.13
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9DBDBDAB-E729-451E-A7A7-858607C08E98}" = zacman for smartphone (arm/xscale)
"{9F5FD796-86F0-4360-85F8-D54C0F5411EB}" = Steuer-Spar-Erklärung 2011
"{A05BD6BC-4710-402C-8BF3-B72A09119AE5}" = Doodle Outlook Plugin
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2008-12-16
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}" = AAVUpdateManager
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BBE67B86-FCD7-4D3C-8B00-063DEAD8E30C}" = Steuer-Spar-Erklärung 2008
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{BFEDA49F-2E91-4B54-A366-F5A198FE1173}" = DVB-PC TV Star
"{C35CCBEB-5A54-4DD8-9EC8-110F2A8154B3}" = Motorola Mobile Drivers Installation 5.1.0
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}" = Steuer-Spar-Erklärung 2012
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C1}" = WinZip 15.0
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D032A7F0-8B5C-4603-8B46-235025D5F9C1}" = TechniSat DVB-PC TV Star
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D4BA029E-0303-48D2-B9F9-2763D468DC64}" = MainConcept DTV Decoder Standard
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86
"{D8D22773-14BF-4178-A683-3DBA515C2A26}" = WISO Mein Geld 2008 Professional
"{D8E1DFEE-622B-46BA-AEFF-AB7E541C0B21}" = Steuer-Spar-Erklärung 2010
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E08CC458-41FB-4BB5-9B08-2C83DB55A5B9}" = Nero BackItUp and Burn
"{E0D51394-1D45-460A-B62D-383BC4F8B335}" = QuickTime
"{E38DA569-3CC2-4E9A-BAE2-77D9295DE734}" = Motorola Software Update
"{E583ED6F-BD99-4066-A420-C815BF692B69}" = Macromedia Fireworks MX 2004
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile-Gerätecenter: Treiberupdate
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0312AC6-988B-11DA-9C49-000476F770CC}" = CIB pdf brewer 2.5.22
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1F33D9B-49B4-4D17-B1D9-CA16E9E65062}" = Iminent
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.4.2
"{F7E1CA14-B39D-452A-960B-39423DDDD933}" = DriveImage XML (Private Edition)
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"AudioCon" = AudioCon
"Audiograbber" = Audiograbber 1.83 SE 
"Audiograbber-Lame" = Audiograbber Lame-MP3-Plugin
"AudioNoise_is1" = AudioNoise 1.3.2
"Avidemux 2.5" = Avidemux 2.5
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"Bagger-Simulator 2008" = Bagger-Simulator 2008
"Bounty Hunter 2099 Pinball" = Bounty Hunter 2099 Pinball
"CanoScan Toolbox 5.0" = Canon CanoScan Toolbox 5.0
"Catan - Das Kartenspiel MMP" = Catan - Das Kartenspiel MMP
"Catan Online Welt" = Catan Online Welt
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CodeWallet Pro 2006 Desktop Companion" = CodeWallet Pro 2006 Desktop Companion
"CodeWallet Pro 2006 for Windows Mobile" = CodeWallet Pro 2006 for Windows Mobile
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"Designer 2.0_is1" = Designer 2.0
"Digital Image Recovery_is1" = Digital Image Recovery 1.47
"DivX Setup" = DivX-Setup
"dm-Fotowelt" = dm-Fotowelt
"DVBViewer_is1" = DVBViewer Technisat Edition
"DVD Flick_is1" = DVD Flick 1.3.0.7
"EASEUS Todo Backup Home 2.0_is1" = EASEUS Todo Backup Home 2.0
"ENTERPRISER" = Microsoft Office Enterprise 2007
"FarmingSimulator2008_is1" = Landwirtschafts Simulator 2008
"FarmingSimulator2011DE_is1" = Landwirtschafts Simulator 2011
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.8
"Free DVD Video Burner_is1" = Free DVD Video Burner version 3.1.3.1117
"Free Monitor for Google_is1" = Free Monitor for Google 2.4
"Free MP4 Video Converter_is1" = Free MP4 Video Converter version 5.0.6.221
"Free Video Dub_is1" = Free Video Dub version 2.0.0.1117
"Free Video to Android Converter_is1" = Free Video to Android Converter version 2.2.17.324
"Free Video to DVD Converter_is1" = Free Video to DVD Converter version 5.0.6.221
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 4.2.19.324
"Free WAV to MP3 Converter" = Free WAV to MP3 Converter
"Free YouTube Download_is1" = Free YouTube Download version 2.10.33.324
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.26.706
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IMBoosterARP" = Iminent
"InstallShield_{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}" = CorelDRAW Graphics Suite 11
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InterActual Player" = InterActual Player
"IrfanView" = IrfanView (remove only)
"LetsTrade" = LetsTrade Komponenten
"MAGIX Foto Clinic 5.5 D" = MAGIX Foto Clinic 5.5 (D)
"MAGIX Foto Manager 2007 D" = MAGIX Foto Manager 2007 (D)
"MAGIX Goya burnR D" = MAGIX Goya burnR (D)
"MAGIX Music Manager 2006 D" = MAGIX Music Manager 2006 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service (D)
"MAGIX Video deluxe 2007 PLUS D" = MAGIX Video deluxe 2007 PLUS (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MotoHelper" = MotoHelper 2.0.46 Driver 5.0.0
"MPE" = MyPhoneExplorer
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 6.0" = RealPlayer
"ResInfo" = WR-Tools ResInfo
"Rossmann Fotoservice_is1" = Rossmann Fotoservice
"Rossmannr Online Print Wizard Installer_is1" = Rossmann Online Print Wizard Installer 1.0
"Scriptdoc" = Windows Script V5.6 Dokumentation
"Searchqu Toolbar" = Searchqu Toolbar
"SuperMailer" = SuperMailer 5.00
"TmNationsForever_is1" = TmNationsForever
"Uninstall_is1" = Uninstall 1.0.0.1
"Vistumbler" = Vistumbler
"VLC media player" = VLC media player 1.1.8
"WhisRaider" = WhisRaider
"Windows Mobile Device Handbook" = Windows Mobile-Ressourcen
"Worms2" = Worms2
"X10Hardware" = X10 Hardware(TM)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Juniper_Setup_Client" = Juniper Networks, Inc. Setup Client
"Neoteris_Host_Checker" = Juniper Networks Host Checker
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 23.09.2012 21:00:22 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description = 
 
Error - 24.09.2012 14:05:19 | Computer Name = ***-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16450 arbeitet nicht mehr 
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: 1594  Anfangszeit: 01cd9a7f1da19fe0  Zeitpunkt
 der Beendigung: 30
 
Error - 28.09.2012 09:54:48 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 28.09.2012 13:21:55 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung javaw.exe, Version 6.0.350.10, Zeitstempel 0x503d64cb,
 fehlerhaftes Modul nvoglv32.dll, Version 7.15.11.6926, Zeitstempel 0x4761b346, 
Ausnahmecode 0xc0000005, Fehleroffset 0x0034617a,  Prozess-ID 0x1478, Anwendungsstartzeit
 01cd9d93315fa618.
 
Error - 29.09.2012 06:31:28 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung javaw.exe, Version 6.0.350.10, Zeitstempel 0x503d64cb,
 fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18541, Zeitstempel 0x4ec3e3d5, Ausnahmecode
 0xc0000005, Fehleroffset 0x00067967,  Prozess-ID 0x17c0, Anwendungsstartzeit 01cd9e2cc13cdcf5.
 
Error - 29.09.2012 06:36:13 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung javaw.exe, Version 6.0.350.10, Zeitstempel 0x503d64cb,
 fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18541, Zeitstempel 0x4ec3e3d5, Ausnahmecode
 0xc0000005, Fehleroffset 0x00068851,  Prozess-ID 0x1398, Anwendungsstartzeit 01cd9e2d9b9a8145.
 
Error - 29.09.2012 06:58:24 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung javaw.exe, Version 6.0.350.10, Zeitstempel 0x503d64cb,
 fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18541, Zeitstempel 0x4ec3e3d5, Ausnahmecode
 0xc0000005, Fehleroffset 0x00041caf,  Prozess-ID 0x10e4, Anwendungsstartzeit 01cd9e2e4ae16295.
 
Error - 01.10.2012 14:55:53 | Computer Name = ***-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16450 arbeitet nicht mehr 
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: 528  Anfangszeit: 01cda00640f20070  Zeitpunkt
 der Beendigung: 31
 
Error - 01.10.2012 16:00:14 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 01.10.2012 16:00:14 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description = 
 
[ OSession Events ]
Error - 13.11.2009 15:57:09 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 127
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 10.08.2010 17:24:37 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 28
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 17.10.2010 13:03:25 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 380
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 05.01.2011 17:29:30 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 142
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 27.05.2012 06:54:19 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 153
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 18.08.2012 17:15:31 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 19.08.2012 01:34:38 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 19.08.2012 09:12:04 | Computer Name = ***-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 02.09.2012 06:29:18 | Computer Name = ***-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 13.09.2012 15:14:29 | Computer Name = ***-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 13.09.2012 15:19:48 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 13.09.2012 15:19:48 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 13.09.2012 15:19:48 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 28.09.2012 13:41:52 | Computer Name = ***-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 04.10.2012 15:58:01 | Computer Name = ***-PC | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
         
4. GMER bricht mit Fehler ab

Alt 05.10.2012, 08:58   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bekomme Meldung "Troj/JSRedir-HZ" und "MW:JS:JJ677" - Standard

Bekomme Meldung "Troj/JSRedir-HZ" und "MW:JS:JJ677"



Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset




Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 05.10.2012, 19:14   #3
StefHei
 
Bekomme Meldung "Troj/JSRedir-HZ" und "MW:JS:JJ677" - Standard

Bekomme Meldung "Troj/JSRedir-HZ" und "MW:JS:JJ677"



Danke für die Rückmeldung ;-)

Malware hat etwas gefunden:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.10.05.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
*** :: ***-PC [Administrator]

05.10.2012 16:43:37
mbam-log-2012-10-05 (20-04-32).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 545395
Laufzeit: 3 Stunde(n), 1 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Program Files\DVBViewerTE\SkystarIR.exe (Spyware.Zbot) -> Keine Aktion durchgeführt.

(Ende)
         
ältere Logdateien:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.06.12

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Stefan :: STEFAN-PC [Administrator]

06.08.2012 22:00:23
mbam-log-2012-08-06 (22-00-23).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 527403
Laufzeit: 2 Stunde(n), 56 Minute(n), 37 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F22C37FD-2BCB-40b6-A12E-77DDA1FBDD88} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Code:
ATTFilter
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.08.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Stefan :: STEFAN-PC [Administrator]

22.07.2012 14:08:52
mbam-log-2012-07-22 (14-08-52).txt

Art des Suchlaufs: Benutzerdefinierter Suchlauf
Aktivierte Suchlaufeinstellungen: Dateisystem | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Heuristiks/Extra | P2P
Durchsuchte Objekte: 1
Laufzeit: 50 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Code:
ATTFilter
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.08.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Stefan :: STEFAN-PC [Administrator]

08.02.2012 19:09:09
mbam-log-2012-02-08 (19-09-09).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 527291
Laufzeit: 2 Stunde(n), 53 Minute(n), 29 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Habe noch mehr, falls gewünscht!

Und hier noch der ESET-Log:

Code:
ATTFilter
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
         
Und das Ergebnis:

Code:
ATTFilter
C:\Program Files\Searchqu Toolbar\Datamngr\datamngr.dll	a variant of Win32/Toolbar.SearchSuite application
C:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe	a variant of Win32/Toolbar.SearchSuite.A application
C:\Program Files\Searchqu Toolbar\Datamngr\DnsBHO.dll	a variant of Win32/Toolbar.SearchSuite application
C:\Program Files\Searchqu Toolbar\Datamngr\IEBHO.dll	Win32/Toolbar.SearchSuite application
Operating memory	multiple threats
         
__________________

Alt 06.10.2012, 20:00   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bekomme Meldung "Troj/JSRedir-HZ" und "MW:JS:JJ677" - Standard

Bekomme Meldung "Troj/JSRedir-HZ" und "MW:JS:JJ677"



adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 06.10.2012, 21:19   #5
StefHei
 
Bekomme Meldung "Troj/JSRedir-HZ" und "MW:JS:JJ677" - Standard

Bekomme Meldung "Troj/JSRedir-HZ" und "MW:JS:JJ677"



Ok, hier ist sie!

Code:
ATTFilter
# AdwCleaner v2.003 - Datei am 10/06/2012 um 22:19:18 erstellt
# Aktualisiert am 23/09/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Stefan - STEFAN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Stefan\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Ordner Gefunden : C:\Program Files\Iminent
Ordner Gefunden : C:\Program Files\Searchqu Toolbar
Ordner Gefunden : C:\ProgramData\Iminent
Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent
Ordner Gefunden : C:\Users\Alexandra\AppData\LocalLow\AskToolbar
Ordner Gefunden : C:\Users\Alexandra\AppData\LocalLow\BabylonToolbar
Ordner Gefunden : C:\Users\Alexandra\AppData\LocalLow\Searchqutoolbar
Ordner Gefunden : C:\Users\Marek\AppData\LocalLow\AskToolbar
Ordner Gefunden : C:\Users\Marek\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\Marek\AppData\LocalLow\ConduitEngine
Ordner Gefunden : C:\Users\Marek\AppData\LocalLow\PriceGong
Ordner Gefunden : C:\Users\Mika\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\Mika\AppData\LocalLow\ConduitEngine
Ordner Gefunden : C:\Users\Mika\AppData\LocalLow\PriceGong
Ordner Gefunden : C:\Users\Stefan\AppData\Local\Ilivid Player
Ordner Gefunden : C:\Users\Stefan\AppData\LocalLow\BabylonToolbar
Ordner Gefunden : C:\Users\Stefan\AppData\LocalLow\boost_interprocess
Ordner Gefunden : C:\Users\Stefan\AppData\LocalLow\Searchqutoolbar

***** [Registrierungsdatenbank] *****

Daten Gefunden : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
Schlüssel Gefunden : HKCU\Software\AppDataLow\HavingFunOnline
Schlüssel Gefunden : HKCU\Software\DataMngr
Schlüssel Gefunden : HKCU\Software\DataMngr_Toolbar
Schlüssel Gefunden : HKCU\Software\ilivid
Schlüssel Gefunden : HKCU\Software\Iminent
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ilivid
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IMBoosterARP
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu Toolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gefunden : HKCU\Software\pdfforge.org
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\SweetIm
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{26C9BBE4-6D45-4AB6-A5B4-E068C9F5EF6D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{479BF2D6-E362-4A99-B1AB-BC764D7B97AE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{4B6D6E60-FBD2-4E79-BF4B-886BC98F1797}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{796D822A-C3F9-4A97-BAAB-42FE7628EA63}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{C875C0A1-09E3-48D5-9F8E-BD337796FD14}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{D8F01233-2DE6-4EE7-8988-37263F00651B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{DD438708-AAB4-422D-A322-B619589F5680}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandle.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandler
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2431245
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}
Schlüssel Gefunden : HKLM\Software\DataMngr
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Schlüssel Gefunden : HKLM\Software\ilivid
Schlüssel Gefunden : HKLM\Software\Iminent
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gefunden : HKLM\Software\pdfforge.org
Schlüssel Gefunden : HKLM\Software\SearchquMediabarTb
Schlüssel Gefunden : HKLM\Software\SweetIm
Schlüssel Gefunden : HKU\S-1-5-21-781496924-3805918316-1371711088-1003\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gefunden : HKU\S-1-5-21-781496924-3805918316-1371711088-1003\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}
Schlüssel Gefunden : HKU\S-1-5-21-781496924-3805918316-1371711088-1003\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

*************************

AdwCleaner[R1].txt - [9799 octets] - [06/10/2012 22:19:19]

########## EOF - C:\AdwCleaner[R1].txt - [9859 octets] ##########
         


Alt 07.10.2012, 07:30   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bekomme Meldung "Troj/JSRedir-HZ" und "MW:JS:JJ677" - Standard

Bekomme Meldung "Troj/JSRedir-HZ" und "MW:JS:JJ677"



adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)
__________________
--> Bekomme Meldung "Troj/JSRedir-HZ" und "MW:JS:JJ677"

Alt 07.10.2012, 07:57   #7
StefHei
 
Bekomme Meldung "Troj/JSRedir-HZ" und "MW:JS:JJ677" - Standard

Bekomme Meldung "Troj/JSRedir-HZ" und "MW:JS:JJ677"



Guten Morgen ;-)

Code:
ATTFilter
# AdwCleaner v2.003 - Datei am 10/07/2012 um 08:52:29 erstellt
# Aktualisiert am 23/09/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Stefan - STEFAN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Stefan\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Ordner Gelöscht : C:\Program Files\Iminent
Ordner Gelöscht : C:\Program Files\Searchqu Toolbar
Ordner Gelöscht : C:\ProgramData\Iminent
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent
Ordner Gelöscht : C:\Users\Alexandra\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Alexandra\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\Alexandra\AppData\LocalLow\Searchqutoolbar
Ordner Gelöscht : C:\Users\Marek\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Marek\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Marek\AppData\LocalLow\ConduitEngine
Ordner Gelöscht : C:\Users\Marek\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Mika\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Mika\AppData\LocalLow\ConduitEngine
Ordner Gelöscht : C:\Users\Mika\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Stefan\AppData\Local\Ilivid Player
Ordner Gelöscht : C:\Users\Stefan\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\Stefan\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\Stefan\AppData\LocalLow\Searchqutoolbar

***** [Registrierungsdatenbank] *****

Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
Schlüssel Gelöscht : HKCU\Software\AppDataLow\HavingFunOnline
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\ilivid
Schlüssel Gelöscht : HKCU\Software\Iminent
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ilivid
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IMBoosterARP
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gelöscht : HKCU\Software\pdfforge.org
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\SweetIm
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{26C9BBE4-6D45-4AB6-A5B4-E068C9F5EF6D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{479BF2D6-E362-4A99-B1AB-BC764D7B97AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4B6D6E60-FBD2-4E79-BF4B-886BC98F1797}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{796D822A-C3F9-4A97-BAAB-42FE7628EA63}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C875C0A1-09E3-48D5-9F8E-BD337796FD14}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D8F01233-2DE6-4EE7-8988-37263F00651B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DD438708-AAB4-422D-A322-B619589F5680}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandle.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandler
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2431245
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Schlüssel Gelöscht : HKLM\Software\ilivid
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : HKLM\Software\pdfforge.org
Schlüssel Gelöscht : HKLM\Software\SearchquMediabarTb
Schlüssel Gelöscht : HKLM\Software\SweetIm
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

*************************

AdwCleaner[R1].txt - [9928 octets] - [06/10/2012 22:19:19]
AdwCleaner[S1].txt - [9821 octets] - [07/10/2012 08:52:29]

########## EOF - C:\AdwCleaner[S1].txt - [9881 octets] ##########
         

Alt 07.10.2012, 09:18   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bekomme Meldung "Troj/JSRedir-HZ" und "MW:JS:JJ677" - Standard

Bekomme Meldung "Troj/JSRedir-HZ" und "MW:JS:JJ677"



Hätte da mal drei Fragen bevor es weiter geht (wir sind noch nicht fertig!)

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
3.) Die Werbeeinblendungen bzw Weiterleitungen wie zB Incredibar oder Mystart sind nun weg?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 07.10.2012, 10:41   #9
StefHei
 
Bekomme Meldung "Troj/JSRedir-HZ" und "MW:JS:JJ677" - Standard

Bekomme Meldung "Troj/JSRedir-HZ" und "MW:JS:JJ677"



Gern!

zu 1) Der Modus ging vorher und geht auch jetzt uneingeschränkt.

zu 2) Startmenü sieht gut aus. Leere Ordner sind auch nicht zu sehen.

zu 3) Sowas hatte ich nicht, zumindest nicht bewusst. Wäre mir aber sicher aufgefallen. Mein Problem ist vielmehr der "Befall" meiner Internetseiten. Da wäre mir auch wichtig, wie ich mich am Ende verhalten soll. Löschen der Dateien auf dem Host und Hochladen der lokalen Dateien oder wie?

Hier nochmal die Virenmeldung bei Aufruf der Internetseiten:

Zitat:
WARNING: ProxyAV has detected a virus/PUS in this file!

File has been dropped.

[..]

Antivirus Vendor: Sophos, Plc.
Scan Engine Version: 3.35.1
Machine name: AVHB02
Virus/PUS: "Troj/JSRedir-HZ" found!

Alt 07.10.2012, 18:53   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bekomme Meldung "Troj/JSRedir-HZ" und "MW:JS:JJ677" - Standard

Bekomme Meldung "Troj/JSRedir-HZ" und "MW:JS:JJ677"



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 07.10.2012, 20:08   #11
StefHei
 
Bekomme Meldung "Troj/JSRedir-HZ" und "MW:JS:JJ677" - Standard

Bekomme Meldung "Troj/JSRedir-HZ" und "MW:JS:JJ677"



OK!

Code:
ATTFilter
OTL logfile created on: 07.10.2012 20:46:33 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Stefan\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,17 Gb Available Physical Memory | 58,34% Memory free
4,24 Gb Paging File | 3,34 Gb Available in Paging File | 78,86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,60 Gb Total Space | 111,73 Gb Free Space | 25,07% Space Free | Partition Type: NTFS
Drive D: | 20,15 Gb Total Space | 11,03 Gb Free Space | 54,72% Space Free | Partition Type: FAT32
 
Computer Name: STEFAN-PC | User Name: Stefan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.07 20:45:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Stefan\Desktop\OTL.exe
PRC - [2012.09.09 16:06:47 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2012.08.08 17:36:14 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.05.09 19:20:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.09 19:20:27 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.09 19:20:27 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.11.11 15:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2011.08.19 11:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2011.08.12 13:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.06.28 14:48:58 | 000,974,848 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
PRC - [2011.04.26 22:23:02 | 000,223,088 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2011.04.26 22:22:44 | 000,681,840 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2011.01.22 16:58:30 | 000,069,000 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EASEUS\Todo Backup 2.0\bin\EuWatch.exe
PRC - [2011.01.22 16:58:30 | 000,055,688 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EASEUS\Todo Backup 2.0\bin\Agent.exe
PRC - [2009.04.11 08:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.10.24 16:35:44 | 000,128,296 | ---- | M] () -- C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
PRC - [2007.11.14 16:50:42 | 004,706,304 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2001.11.12 14:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Program Files\Common Files\X10\Common\X10nets.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.11.11 15:09:20 | 000,336,408 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2011.11.11 15:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2011.08.12 13:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2011.08.12 13:18:56 | 000,342,552 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011.08.12 13:18:56 | 000,128,536 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011.08.12 13:18:56 | 000,029,208 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011.08.12 13:18:54 | 007,956,504 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011.08.12 13:18:54 | 002,145,304 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011.04.26 22:22:44 | 000,681,840 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
MOD - [2011.04.19 12:39:46 | 000,315,392 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libtidy.dll
MOD - [2011.04.19 12:39:44 | 000,433,664 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libxml2.dll
MOD - [2011.01.22 16:57:54 | 000,050,056 | ---- | M] () -- C:\Program Files\EASEUS\Todo Backup 2.0\bin\CodeLog.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.09.09 16:06:47 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012.09.03 19:32:45 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.13 14:14:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.09 19:20:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.09 19:20:27 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.08.19 11:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011.04.26 22:23:02 | 000,223,088 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2011.01.22 16:58:30 | 000,055,688 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] -- C:\Program Files\EASEUS\Todo Backup 2.0\bin\Agent.exe -- (EASEUS Agent)
SRV - [2008.10.24 16:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService)
SRV - [2008.02.29 23:12:12 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2008.02.22 14:34:57 | 000,069,120 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe -- (GoogleDesktopManager)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.05.31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2001.11.12 14:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\DIAGNOSE\WSTGER\uxddrv.sys -- (uxddrv)
DRV - [2012.05.09 19:20:28 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.09 19:20:28 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.12.15 16:00:00 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.08.19 11:26:50 | 004,334,624 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2011.08.19 11:26:46 | 000,315,808 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011.04.04 14:55:38 | 000,020,480 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2011.03.31 14:53:22 | 000,024,064 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2011.03.16 22:42:02 | 000,101,376 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV07.sys -- (ACEDRV07)
DRV - [2011.03.04 19:27:19 | 000,279,712 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2011.03.04 19:27:18 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2011.01.22 16:58:24 | 000,021,896 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\eufs.sys -- (EUFS)
DRV - [2011.01.22 16:58:22 | 000,015,240 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\eudskacs.sys -- (EUDSKACS)
DRV - [2011.01.22 16:58:20 | 000,031,112 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\eubakup.sys -- (EUBAKUP)
DRV - [2011.01.22 16:58:18 | 000,188,296 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EuDisk.sys -- (EuDisk)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.04.01 14:31:50 | 000,023,424 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Motousbnet.sys -- (Motousbnet)
DRV - [2010.03.12 19:22:18 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2010.01.25 19:56:44 | 000,009,472 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motusbdevice.sys -- (motusbdevice)
DRV - [2009.04.11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2009.01.29 17:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2009.01.29 17:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motfilt.sys -- (BTCFilterService)
DRV - [2008.01.08 09:17:08 | 001,302,368 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2007.12.14 04:28:00 | 008,244,320 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007.11.02 15:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2007.10.31 12:23:20 | 000,115,744 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007.10.01 20:54:44 | 000,419,344 | ---- | M] (TechniSat Digital, S.A.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SkyNET.sys -- (SKYNET)
DRV - [2007.09.21 11:38:22 | 000,554,496 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2007.09.10 20:17:40 | 001,035,168 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007.07.07 15:13:10 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2006.11.30 16:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2006.11.17 11:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-21-781496924-3805918316-1371711088-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-781496924-3805918316-1371711088-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\S-1-5-21-781496924-3805918316-1371711088-1003\..\SearchScopes,DefaultScope = {51DD28B5-EACA-4F35-B291-9C25A2E55699}
IE - HKU\S-1-5-21-781496924-3805918316-1371711088-1003\..\SearchScopes\{31CF9EBE-5755-4a1d-AC25-2834D952D9B4}: "URL" = hxxp://search.pdfcreator-toolbar.org/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field
IE - HKU\S-1-5-21-781496924-3805918316-1371711088-1003\..\SearchScopes\{51DD28B5-EACA-4F35-B291-9C25A2E55699}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA_de
IE - HKU\S-1-5-21-781496924-3805918316-1371711088-1003\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www27.yoog.com/search.php?q={searchTerms}
IE - HKU\S-1-5-21-781496924-3805918316-1371711088-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.3088: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.3146: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.3006: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Stefan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.11.20 18:11:53 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2010.12.22 00:26:09 | 000,427,674 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 14729 more lines...
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EaseUs Watch] C:\Program Files\EASEUS\Todo Backup 2.0\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd)
O4 - HKLM..\Run: [IMBooster] C:\Program Files\Iminent\IMBooster\imbooster.exe /warmup File not found
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe ( )
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-781496924-3805918316-1371711088-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Last.fm Helper.lnk =  File not found
O4 - Startup: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Stefan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O4 - Startup: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\netuse.bat ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKU\S-1-5-21-781496924-3805918316-1371711088-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Stefan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Stefan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-781496924-3805918316-1371711088-1003\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKU\S-1-5-21-781496924-3805918316-1371711088-1003\..Trusted Ranges: GD ([http] in Lokales Intranet)
O15 - HKU\S-1-5-21-781496924-3805918316-1371711088-1003\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} file:///E:/components/hidinputmonitorx.ocx (HidInputMonitorX Control)
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://photoservice.fujicolor.eu/ips-opdata/objects/jordan.cab (JordanUploader Class)
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} file:///E:/components/A9.ocx (A9Helper.A9)
O16 - DPF: {6678BE91-1E04-4A4A-9C32-63145EA79C2A} hxxp://fifa-online.easports.com/fo3-theme/addons/EAFO3AXLauncher.cab (EAFO3AXLauncher Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1231834711663 (MUWebControl Class)
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} file:///E:/components/wmvhdrating.ocx (WMVHDRatingCtrl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://seva.f-i.de/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{34B37002-36E9-4A77-9DC4-D081363E3413}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F590491-063E-4E74-978F-82A33451A8F9}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F076153C-EE15-41C0-8EB0-C3697B4B3D66}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-781496924-3805918316-1371711088-1003..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-18\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-781496924-3805918316-1371711088-1003\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Server4PC.lnk - C:\Program Files\TechniSat DVB\bin\Server4PC.exe - (TechniSat Digital, S.A.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE - (WinZip Computing, S.L.)
MsConfig - StartUpReg: NBKeyScan - hkey= - key= - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
MsConfig - StartUpReg: TrayServer - hkey= - key= - C:\MAGIX\Video_deluxe_2007_PLUS\Trayserver.exe (MAGIX AG)
MsConfig - StartUpReg: Windows Defender - hkey= - key= -  File not found
MsConfig - State: "startup" - 2
 
SafeBootMin: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger -  File not found
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\Windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: VIDC.MKVC - C:\Windows\System32\KMVIDC32.DLL ()
Drivers32: vidc.VSPX - C:\Windows\System32\vspxvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
System Restore Service not available.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.07 20:45:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Stefan\Desktop\OTL.exe
[2012.10.05 20:19:44 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.10.04 23:05:05 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Desktop\10_2012
[2012.09.10 19:49:10 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[1 C:\Users\Stefan\AppData\Roaming\*.tmp files -> C:\Users\Stefan\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.07 20:48:21 | 000,642,258 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.07 20:48:21 | 000,607,268 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.07 20:48:21 | 000,131,710 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.07 20:48:21 | 000,108,644 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.07 20:45:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Stefan\Desktop\OTL.exe
[2012.10.07 20:41:44 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.07 20:41:41 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.07 20:41:41 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.07 20:41:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.07 11:42:16 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.10.06 22:18:59 | 000,513,501 | ---- | M] () -- C:\Users\Stefan\Desktop\adwcleaner.exe
[2012.10.05 23:06:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.05 22:30:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.04 23:22:04 | 000,302,592 | ---- | M] () -- C:\Users\Stefan\Desktop\vmnl35d1.exe
[2012.10.04 23:05:48 | 000,000,000 | ---- | M] () -- C:\Users\Stefan\defogger_reenable
[2012.10.04 23:05:33 | 000,050,477 | ---- | M] () -- C:\Users\Stefan\Desktop\Defogger.exe
[2012.10.04 22:52:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\Packard Bell Data Secure for Stefan.job
[2012.10.04 21:59:50 | 000,604,856 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.10.04 21:34:49 | 000,000,870 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.26 20:34:01 | 000,100,864 | ---- | M] () -- C:\Users\Stefan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\Users\Stefan\AppData\Roaming\*.tmp files -> C:\Users\Stefan\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.06 22:18:54 | 000,513,501 | ---- | C] () -- C:\Users\Stefan\Desktop\adwcleaner.exe
[2012.10.04 23:22:02 | 000,302,592 | ---- | C] () -- C:\Users\Stefan\Desktop\vmnl35d1.exe
[2012.10.04 23:05:48 | 000,000,000 | ---- | C] () -- C:\Users\Stefan\defogger_reenable
[2012.10.04 23:05:28 | 000,050,477 | ---- | C] () -- C:\Users\Stefan\Desktop\Defogger.exe
[2011.11.20 17:35:13 | 000,047,104 | ---- | C] () -- C:\Windows\System32\KMVIDC32.DLL
[2011.08.19 11:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2011.08.19 11:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2011.08.19 11:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011.08.12 13:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2011.07.26 08:48:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011.07.13 14:24:53 | 000,038,446 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2011.04.04 19:15:27 | 000,000,016 | -H-- | C] () -- C:\Program Files\mxfilerelatedcache.mxc2
[2011.04.04 19:15:23 | 000,000,016 | -H-- | C] () -- C:\Users\Stefan\mxfilerelatedcache.mxc2
[2011.03.16 22:43:07 | 000,000,098 | ---- | C] () -- C:\Windows\Videodeluxe.INI
[2011.03.13 14:33:00 | 000,000,032 | ---- | C] () -- C:\Windows\System32\EUOD.DAT
[2011.03.04 19:11:40 | 000,279,712 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2011.03.04 19:11:37 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2011.01.23 15:19:04 | 000,038,426 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2011.01.20 19:02:49 | 000,000,051 | ---- | C] () -- C:\Windows\wininit.ini
[2010.12.24 11:55:29 | 000,321,536 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
[2010.09.29 23:29:14 | 000,000,680 | ---- | C] () -- C:\Users\Stefan\AppData\Local\d3d9caps.dat
[2010.09.27 21:44:34 | 000,006,138 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\mdbu.bin
[2010.08.22 16:45:41 | 000,139,152 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\PnkBstrK.sys
[2009.11.09 22:26:45 | 000,038,425 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\Kommagetrennte Werte (DOS).ADR
[2009.01.24 20:01:36 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008.12.13 02:15:46 | 000,000,000 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\Default.PLS
[2008.07.12 18:18:53 | 000,000,000 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\wklnhst.dat
[2008.04.02 16:00:56 | 000,000,557 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\TheLastRipper.xml
[2008.03.15 20:55:36 | 000,100,864 | ---- | C] () -- C:\Users\Stefan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.02.22 21:34:03 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2008.02.22 14:44:08 | 000,000,094 | ---- | C] () -- C:\Users\Stefan\AppData\Local\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2008.09.07 17:42:50 | 000,000,000 | ---D | M] -- C:\Users\Alexandra\AppData\Roaming\Canon
[2008.09.03 21:33:59 | 000,000,000 | ---D | M] -- C:\Users\Alexandra\AppData\Roaming\fotobuch.de AG
[2010.11.21 12:45:37 | 000,000,000 | ---D | M] -- C:\Users\Alexandra\AppData\Roaming\Juniper Networks
[2012.09.29 15:45:40 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\.minecraft
[2009.05.03 17:24:28 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Amazon
[2008.07.06 11:31:08 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\ASCON Installer
[2011.04.14 17:32:47 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\avidemux
[2010.09.27 21:15:49 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Buhl Data Service GmbH
[2011.11.19 11:00:14 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Byotov
[2008.04.13 20:19:56 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Canon
[2010.11.26 21:58:32 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\cock
[2011.01.20 19:43:34 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Codecd3d
[2011.07.22 14:44:13 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2008.02.25 23:30:16 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\CoSoSys
[2009.01.13 14:23:39 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Crystal Player
[2012.10.07 20:42:25 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Dropbox
[2012.07.10 14:15:48 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\DVDVideoSoft
[2011.05.29 14:39:08 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.08.28 12:32:22 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\FarmingSimulator2008
[2008.09.03 17:51:32 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\fotobuch.de AG
[2009.04.25 10:05:22 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Free Monitor for Google
[2011.04.01 23:23:30 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\GetRightToGo
[2011.01.26 00:02:14 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Itsth
[2010.11.21 18:58:38 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Juniper Networks
[2012.08.04 23:00:01 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\kock
[2011.11.20 20:06:43 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Leadertech
[2010.01.09 23:16:16 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\LimeWire
[2011.07.22 14:39:11 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\MAGIX
[2011.01.26 00:32:10 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\MyPhoneExplorer
[2008.04.16 15:02:28 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\NewSoft
[2010.03.15 21:02:42 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Pegasys Inc
[2008.04.13 20:12:31 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\ScanSoft
[2008.12.31 17:20:39 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Skinux
[2010.10.03 22:33:35 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\SMSout
[2008.08.06 22:42:53 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Sonavis
[2010.07.31 20:47:15 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\SuperMailer
[2008.07.12 18:18:54 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Template
[2008.09.17 21:13:08 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\TVcentral-Core
[2012.08.04 23:03:31 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\UAs
[2011.11.18 18:22:14 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Upur
[2012.08.04 23:03:31 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\xmldm
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.09.29 15:45:40 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\.minecraft
[2011.07.22 14:56:33 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Adobe
[2009.05.03 17:24:28 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Amazon
[2012.06.15 18:32:59 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\ArcSoft
[2008.07.06 11:31:08 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\ASCON Installer
[2011.04.14 17:32:47 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\avidemux
[2011.12.25 10:19:47 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Avira
[2010.09.27 21:15:49 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Buhl Data Service GmbH
[2011.11.19 11:00:14 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Byotov
[2008.04.13 20:19:56 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Canon
[2010.11.26 21:58:32 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\cock
[2011.01.20 19:43:34 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Codecd3d
[2011.07.22 14:44:13 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011.01.10 22:03:05 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Corel
[2008.02.25 23:30:16 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\CoSoSys
[2009.01.13 14:23:39 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Crystal Player
[2008.12.13 02:15:53 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\CyberLink
[2011.10.31 23:21:14 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\DivX
[2012.10.07 20:42:25 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Dropbox
[2011.04.14 17:29:38 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\DVD Flick
[2012.01.20 20:31:45 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\dvdcss
[2012.07.10 14:15:48 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\DVDVideoSoft
[2011.05.29 14:39:08 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.08.28 12:32:22 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\FarmingSimulator2008
[2008.09.03 17:51:32 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\fotobuch.de AG
[2009.04.25 10:05:22 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Free Monitor for Google
[2011.04.01 23:23:30 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\GetRightToGo
[2008.04.04 23:51:22 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Google
[2008.02.29 23:25:01 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Help
[2008.02.22 14:43:49 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Identities
[2009.01.05 19:26:09 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\InstallShield
[2011.01.26 00:02:14 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Itsth
[2010.11.21 18:58:38 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Juniper Networks
[2012.08.04 23:00:01 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\kock
[2011.11.20 20:06:43 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Leadertech
[2010.01.09 23:16:16 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\LimeWire
[2011.02.27 16:59:51 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Logitech
[2008.02.29 23:19:23 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Macromedia
[2011.07.22 14:39:11 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\MAGIX
[2011.01.17 20:44:40 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Media Center Programs
[2011.11.20 20:06:43 | 000,000,000 | --SD | M] -- C:\Users\Stefan\AppData\Roaming\Microsoft
[2011.01.26 00:32:10 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\MyPhoneExplorer
[2011.09.04 19:52:29 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Nero
[2008.04.16 15:02:28 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\NewSoft
[2010.03.15 21:02:42 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Pegasys Inc
[2008.03.01 01:35:45 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Real
[2008.04.13 20:12:31 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\ScanSoft
[2008.12.31 17:20:39 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Skinux
[2012.09.06 20:41:04 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Skype
[2010.10.03 22:33:35 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\SMSout
[2008.08.06 22:42:53 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Sonavis
[2012.02.12 20:48:57 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\SUPERAntiSpyware.com
[2010.07.31 20:47:15 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\SuperMailer
[2008.07.12 18:18:54 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Template
[2008.09.17 21:13:08 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\TVcentral-Core
[2012.08.04 23:03:31 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\UAs
[2011.11.18 18:22:14 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Upur
[2011.08.14 19:14:58 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\vlc
[2012.08.04 23:03:31 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\xmldm
 
< %APPDATA%\*.exe /s >
[2007.05.10 10:29:40 | 000,057,344 | ---- | M] (SBS) -- C:\Users\Stefan\AppData\Roaming\ASCON Installer\ASUNINST.EXE
[2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Stefan\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2012.05.24 20:39:24 | 000,872,144 | ---- | M] (Dropbox, Inc.) -- C:\Users\Stefan\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe
[2012.05.24 20:39:56 | 000,177,280 | ---- | M] (Dropbox, Inc.) -- C:\Users\Stefan\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2012.05.08 01:28:58 | 000,314,184 | ---- | M] (OPSWAT, Inc.) -- C:\Users\Stefan\AppData\Roaming\Juniper Networks\Host Checker\64bitProxy.exe
[2011.11.15 03:22:50 | 000,334,920 | ---- | M] (Juniper Networks") -- C:\Users\Stefan\AppData\Roaming\Juniper Networks\Host Checker\dsHostChecker.exe
[2011.11.15 03:22:50 | 000,253,000 | ---- | M] (Juniper Networks) -- C:\Users\Stefan\AppData\Roaming\Juniper Networks\Host Checker\dsHostCheckerProxy.exe
[2011.11.15 03:22:52 | 000,171,080 | ---- | M] () -- C:\Users\Stefan\AppData\Roaming\Juniper Networks\Host Checker\InstallHelper.exe
[2011.11.15 03:23:06 | 000,057,880 | ---- | M] () -- C:\Users\Stefan\AppData\Roaming\Juniper Networks\Host Checker\uninstall.exe
[2011.10.16 19:56:34 | 000,149,368 | ---- | M] () -- C:\Users\Stefan\AppData\Roaming\Juniper Networks\Setup Client\dsmmf.exe
[2011.10.16 19:56:58 | 000,282,544 | ---- | M] (Juniper Networks, Inc.) -- C:\Users\Stefan\AppData\Roaming\Juniper Networks\Setup Client\JuniperCompMgrInstaller.exe
[2011.10.16 19:56:32 | 000,571,256 | ---- | M] (Juniper Networks, Inc.) -- C:\Users\Stefan\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupClient.exe
[2011.10.16 19:56:06 | 000,348,224 | ---- | M] (Juniper Networks, Inc.) -- C:\Users\Stefan\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupClientOCX.exe
[2011.10.16 19:49:44 | 000,236,576 | ---- | M] () -- C:\Users\Stefan\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupXP.exe
[2011.10.16 19:56:58 | 000,056,952 | ---- | M] (Juniper Networks, Inc.) -- C:\Users\Stefan\AppData\Roaming\Juniper Networks\Setup Client\uninstall.exe
[2011.11.20 20:06:43 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\Stefan\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
[2012.02.07 20:34:08 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Users\Stefan\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
[2012.08.30 23:08:35 | 000,006,656 | R--- | M] () -- C:\Users\Stefan\AppData\Roaming\Microsoft\Installer\{9DBDBDAB-E729-451E-A7A7-858607C08E98}\zacman.exe
[2008.02.08 12:10:10 | 000,004,608 | ---- | M] (Curio Laboratories) -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\SendTo\RemoveOnReboot.exe
 
< %SYSTEMDRIVE%\*.exe >
[2007.11.07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
 
< MD5 for: AGP440.SYS  >
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2007.09.10 13:13:48 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c2a1b5ae\atapi.sys
[2007.09.10 13:13:48 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20518_none_dbd8b4d73d81c9d0\atapi.sys
[2008.02.22 21:39:51 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.02.22 21:39:51 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.02.22 21:39:51 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys
[2008.02.22 21:39:51 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007.01.12 23:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\HomeCinema\PowerDirector\EventLog.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: NVSTOR32.SYS  >
[2007.10.31 12:23:20 | 000,115,744 | ---- | M] (NVIDIA Corporation) MD5=4876E7C3184BDF50EDE043FEF616B867 -- C:\Windows\System32\drivers\nvstor32.sys
[2007.10.31 12:23:20 | 000,115,744 | ---- | M] (NVIDIA Corporation) MD5=4876E7C3184BDF50EDE043FEF616B867 -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_a4ed2674\nvstor32.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2007.11.14 23:54:45 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2007.11.14 23:54:45 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >
[2006.11.02 15:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006.11.02 15:01:49 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2008.02.28 23:45:51 | 000,000,350 | ---- | C] () -- C:\Windows\Tasks\Packard Bell Data Secure for Stefan.job
[2012.03.24 10:15:22 | 000,001,094 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012.03.24 10:15:23 | 000,001,098 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012.03.31 17:40:46 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

< End of report >
         

Alt 07.10.2012, 20:44   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bekomme Meldung "Troj/JSRedir-HZ" und "MW:JS:JJ677" - Standard

Bekomme Meldung "Troj/JSRedir-HZ" und "MW:JS:JJ677"



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - Startup: C:\Users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Last.fm Helper.lnk =  File not found
O4 - Startup: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\netuse.bat ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKU\S-1-5-21-781496924-3805918316-1371711088-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
:Files
C:\Users\Stefan\AppData\Roaming\Byotov
C:\Users\Stefan\AppData\Roaming\kock
C:\Users\Stefan\AppData\Roaming\xmdlm
C:\Users\Stefan\AppData\Roaming\UAs
C:\Users\Stefan\AppData\Roaming\upur
C:\Program Files\Searchqu Toolbar
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 07.10.2012, 21:17   #13
StefHei
 
Bekomme Meldung "Troj/JSRedir-HZ" und "MW:JS:JJ677" - Standard

Bekomme Meldung "Troj/JSRedir-HZ" und "MW:JS:JJ677"



Code:
ATTFilter
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
C:\Users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Last.fm Helper.lnk moved successfully.
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\netuse.bat moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL\\CheckedValue deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLinkedConnections deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL\\CheckedValue deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL\\CheckedValue not found.
Registry value HKEY_USERS\S-1-5-21-781496924-3805918316-1371711088-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
========== FILES ==========
C:\Users\Stefan\AppData\Roaming\Byotov folder moved successfully.
C:\Users\Stefan\AppData\Roaming\kock folder moved successfully.
File\Folder C:\Users\Stefan\AppData\Roaming\xmdlm not found.
C:\Users\Stefan\AppData\Roaming\UAs folder moved successfully.
C:\Users\Stefan\AppData\Roaming\Upur folder moved successfully.
File\Folder C:\Program Files\Searchqu Toolbar not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Stefan\Desktop\cmd.bat deleted successfully.
C:\Users\Stefan\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Alexandra
->Temp folder emptied: 12398982 bytes
->Temporary Internet Files folder emptied: 181043078 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 912 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Marek
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Mika
->Temp folder emptied: 2212563 bytes
->Temporary Internet Files folder emptied: 89491 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Stefan
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 3391488 bytes
->Java cache emptied: 4759233 bytes
->Flash cache emptied: 523 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 486806 bytes
RecycleBin emptied: 601088 bytes
 
Total Files Cleaned = 196,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 10072012_221101

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         

Alt 07.10.2012, 21:18   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bekomme Meldung "Troj/JSRedir-HZ" und "MW:JS:JJ677" - Standard

Bekomme Meldung "Troj/JSRedir-HZ" und "MW:JS:JJ677"



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 07.10.2012, 21:24   #15
StefHei
 
Bekomme Meldung "Troj/JSRedir-HZ" und "MW:JS:JJ677" - Standard

Bekomme Meldung "Troj/JSRedir-HZ" und "MW:JS:JJ677"



Code:
ATTFilter
22:21:02.0303 3128  TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
22:21:02.0366 3128  ============================================================
22:21:02.0366 3128  Current date / time: 2012/10/07 22:21:02.0366
22:21:02.0366 3128  SystemInfo:
22:21:02.0366 3128  
22:21:02.0366 3128  OS Version: 6.0.6002 ServicePack: 2.0
22:21:02.0366 3128  Product type: Workstation
22:21:02.0366 3128  ComputerName: STEFAN-PC
22:21:02.0366 3128  UserName: Stefan
22:21:02.0366 3128  Windows directory: C:\Windows
22:21:02.0366 3128  System windows directory: C:\Windows
22:21:02.0366 3128  Processor architecture: Intel x86
22:21:02.0366 3128  Number of processors: 2
22:21:02.0366 3128  Page size: 0x1000
22:21:02.0366 3128  Boot type: Normal boot
22:21:02.0366 3128  ============================================================
22:21:02.0740 3128  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:21:02.0771 3128  ============================================================
22:21:02.0771 3128  \Device\Harddisk0\DR0:
22:21:02.0771 3128  MBR partitions:
22:21:02.0787 3128  \Device\Harddisk0\DR0\Partition1: MBR, Type 0xB, StartLBA 0x37B31C38, BlocksNum 0x2853009
22:21:02.0787 3128  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x37B31BBA
22:21:02.0787 3128  ============================================================
22:21:02.0818 3128  C: <-> \Device\Harddisk0\DR0\Partition2
22:21:02.0834 3128  D: <-> \Device\Harddisk0\DR0\Partition1
22:21:02.0834 3128  ============================================================
22:21:02.0834 3128  Initialize success
22:21:02.0834 3128  ============================================================
22:22:46.0948 5844  ============================================================
22:22:46.0948 5844  Scan started
22:22:46.0948 5844  Mode: Manual; SigCheck; TDLFS; 
22:22:46.0948 5844  ============================================================
22:22:47.0291 5844  ================ Scan system memory ========================
22:22:47.0291 5844  System memory - ok
22:22:47.0291 5844  ================ Scan services =============================
22:22:47.0385 5844  [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
22:22:47.0478 5844  !SASCORE - ok
22:22:47.0790 5844  [ 651C54AC4EC5C5397C5AFF5D575CA45B ] 3xHybrid        C:\Windows\system32\DRIVERS\3xHybrid.sys
22:22:47.0884 5844  3xHybrid - ok
22:22:47.0931 5844  [ 585E64BB6DFBC0A2F1F0B554DED012DF ] 61883           C:\Windows\system32\DRIVERS\61883.sys
22:22:48.0071 5844  61883 - ok
22:22:48.0180 5844  [ 7EEB488346FBFA3731276C3EE8A8FD9E ] AAV UpdateService C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
22:22:48.0212 5844  AAV UpdateService - ok
22:22:48.0258 5844  [ 4E5451DD0AEC8504D7F8030DD2D4C416 ] ACEDRV07        C:\Windows\system32\drivers\ACEDRV07.sys
22:22:48.0290 5844  ACEDRV07 ( UnsignedFile.Multi.Generic ) - warning
22:22:48.0290 5844  ACEDRV07 - detected UnsignedFile.Multi.Generic (1)
22:22:48.0336 5844  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
22:22:48.0352 5844  ACPI - ok
22:22:48.0461 5844  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
22:22:48.0461 5844  AdobeARMservice - ok
22:22:48.0539 5844  [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:22:48.0555 5844  AdobeFlashPlayerUpdateSvc - ok
22:22:48.0602 5844  [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
22:22:48.0617 5844  adp94xx - ok
22:22:48.0664 5844  [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci         C:\Windows\system32\drivers\adpahci.sys
22:22:48.0680 5844  adpahci - ok
22:22:48.0695 5844  [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
22:22:48.0711 5844  adpu160m - ok
22:22:48.0726 5844  [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320         C:\Windows\system32\drivers\adpu320.sys
22:22:48.0742 5844  adpu320 - ok
22:22:48.0789 5844  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
22:22:48.0929 5844  AeLookupSvc - ok
22:22:48.0992 5844  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys
22:22:49.0070 5844  AFD - ok
22:22:49.0101 5844  [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440          C:\Windows\system32\drivers\agp440.sys
22:22:49.0116 5844  agp440 - ok
22:22:49.0163 5844  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
22:22:49.0179 5844  aic78xx - ok
22:22:49.0226 5844  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
22:22:49.0288 5844  ALG - ok
22:22:49.0319 5844  [ 496EDA16A127AC9A38BB285BEF17DBB5 ] aliide          C:\Windows\system32\drivers\aliide.sys
22:22:49.0335 5844  aliide - ok
22:22:49.0366 5844  [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
22:22:49.0382 5844  amdagp - ok
22:22:49.0397 5844  [ 6F65F4147C54398D7280B18CEBBED215 ] amdide          C:\Windows\system32\drivers\amdide.sys
22:22:49.0413 5844  amdide - ok
22:22:49.0444 5844  [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
22:22:49.0584 5844  AmdK7 - ok
22:22:49.0616 5844  [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
22:22:49.0678 5844  AmdK8 - ok
22:22:49.0803 5844  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
22:22:49.0818 5844  AntiVirSchedulerService - ok
22:22:49.0865 5844  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
22:22:49.0881 5844  AntiVirService - ok
22:22:49.0959 5844  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
22:22:50.0037 5844  Appinfo - ok
22:22:50.0099 5844  [ 5F673180268BB1FDB69C99B6619FE379 ] arc             C:\Windows\system32\drivers\arc.sys
22:22:50.0099 5844  arc - ok
22:22:50.0162 5844  [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
22:22:50.0162 5844  arcsas - ok
22:22:50.0208 5844  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
22:22:50.0255 5844  AsyncMac - ok
22:22:50.0286 5844  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi           C:\Windows\system32\drivers\atapi.sys
22:22:50.0302 5844  atapi - ok
22:22:50.0364 5844  [ E46D344412D1ABC60C58E95C73BCDC70 ] atksgt          C:\Windows\system32\DRIVERS\atksgt.sys
22:22:50.0380 5844  atksgt - ok
22:22:50.0427 5844  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:22:50.0458 5844  AudioEndpointBuilder - ok
22:22:50.0489 5844  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
22:22:50.0505 5844  Audiosrv - ok
22:22:50.0552 5844  [ F4B56425A00BEB32F5FA6603FF7B0EA2 ] Avc             C:\Windows\system32\DRIVERS\avc.sys
22:22:50.0598 5844  Avc - ok
22:22:50.0676 5844  [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
22:22:50.0692 5844  avgntflt - ok
22:22:50.0739 5844  [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
22:22:50.0754 5844  avipbb - ok
22:22:50.0786 5844  [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
22:22:50.0801 5844  avkmgr - ok
22:22:50.0848 5844  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
22:22:50.0910 5844  Beep - ok
22:22:51.0004 5844  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll
22:22:51.0051 5844  BFE - ok
22:22:51.0113 5844  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\System32\qmgr.dll
22:22:51.0207 5844  BITS - ok
22:22:51.0269 5844  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
22:22:51.0332 5844  bowser - ok
22:22:51.0363 5844  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
22:22:51.0410 5844  BrFiltLo - ok
22:22:51.0441 5844  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
22:22:51.0488 5844  BrFiltUp - ok
22:22:51.0519 5844  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
22:22:51.0566 5844  Browser - ok
22:22:51.0612 5844  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
22:22:51.0659 5844  Brserid - ok
22:22:51.0690 5844  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
22:22:51.0768 5844  BrSerWdm - ok
22:22:51.0800 5844  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
22:22:51.0862 5844  BrUsbMdm - ok
22:22:51.0893 5844  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
22:22:51.0956 5844  BrUsbSer - ok
22:22:52.0018 5844  [ 4813DF77EDE536A52E3737971F910BAA ] BTCFilterService C:\Windows\system32\DRIVERS\motfilt.sys
22:22:52.0080 5844  BTCFilterService - ok
22:22:52.0127 5844  [ 6D39C954799B63BA866910234CF7D726 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
22:22:52.0190 5844  BthEnum - ok
22:22:52.0221 5844  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
22:22:52.0283 5844  BTHMODEM - ok
22:22:52.0314 5844  [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
22:22:52.0361 5844  BthPan - ok
22:22:52.0439 5844  [ 611FF3F2F095C8D4A6D4CFD9DCC09793 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
22:22:52.0502 5844  BTHPORT - ok
22:22:52.0548 5844  [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ         C:\Windows\System32\bthserv.dll
22:22:52.0564 5844  BthServ - ok
22:22:52.0611 5844  [ D330803EAB2A15CAEC7F011F1D4CB30E ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
22:22:52.0642 5844  BTHUSB - ok
22:22:52.0689 5844  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
22:22:52.0751 5844  cdfs - ok
22:22:52.0782 5844  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
22:22:52.0845 5844  cdrom - ok
22:22:52.0907 5844  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll
22:22:52.0954 5844  CertPropSvc - ok
22:22:52.0985 5844  [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass        C:\Windows\system32\drivers\circlass.sys
22:22:53.0048 5844  circlass - ok
22:22:53.0126 5844  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
22:22:53.0172 5844  CLFS - ok
22:22:53.0235 5844  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:22:53.0297 5844  clr_optimization_v2.0.50727_32 - ok
22:22:53.0360 5844  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:22:53.0391 5844  clr_optimization_v4.0.30319_32 - ok
22:22:53.0406 5844  [ 59172A0724F2AB769F31D61B0571D75B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
22:22:53.0422 5844  cmdide - ok
22:22:53.0438 5844  [ 82B8C91D327CFECF76CB58716F7D4997 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
22:22:53.0453 5844  Compbatt - ok
22:22:53.0469 5844  COMSysApp - ok
22:22:53.0484 5844  [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
22:22:53.0484 5844  crcdisk - ok
22:22:53.0500 5844  [ 22A7F883508176489F559EE745B5BF5D ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
22:22:53.0562 5844  Crusoe - ok
22:22:53.0594 5844  [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
22:22:53.0656 5844  CryptSvc - ok
22:22:53.0687 5844  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
22:22:53.0750 5844  DcomLaunch - ok
22:22:53.0781 5844  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
22:22:53.0843 5844  DfsC - ok
22:22:53.0921 5844  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
22:22:54.0124 5844  DFSR - ok
22:22:54.0218 5844  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
22:22:54.0264 5844  Dhcp - ok
22:22:54.0311 5844  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
22:22:54.0327 5844  disk - ok
22:22:54.0389 5844  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
22:22:54.0452 5844  Dnscache - ok
22:22:54.0483 5844  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll
22:22:54.0498 5844  dot3svc - ok
22:22:54.0576 5844  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
22:22:54.0623 5844  DPS - ok
22:22:54.0670 5844  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
22:22:54.0701 5844  drmkaud - ok
22:22:54.0857 5844  [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
22:22:54.0935 5844  DXGKrnl - ok
22:22:54.0998 5844  [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
22:22:55.0060 5844  E1G60 - ok
22:22:55.0122 5844  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
22:22:55.0154 5844  EapHost - ok
22:22:55.0247 5844  [ 2EA8CCC4AF7D9223DD397D8CCB636F5D ] EASEUS Agent    C:\Program Files\EASEUS\Todo Backup 2.0\bin\Agent.exe
22:22:55.0310 5844  EASEUS Agent ( UnsignedFile.Multi.Generic ) - warning
22:22:55.0310 5844  EASEUS Agent - detected UnsignedFile.Multi.Generic (1)
22:22:55.0356 5844  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
22:22:55.0372 5844  Ecache - ok
22:22:55.0434 5844  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
22:22:55.0497 5844  ehRecvr - ok
22:22:55.0512 5844  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe
22:22:55.0559 5844  ehSched - ok
22:22:55.0575 5844  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll
22:22:55.0606 5844  ehstart - ok
22:22:55.0653 5844  [ E8F3F21A71720C84BCF423B80028359F ] elxstor         C:\Windows\system32\drivers\elxstor.sys
22:22:55.0684 5844  elxstor - ok
22:22:55.0715 5844  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
22:22:55.0793 5844  EMDMgmt - ok
22:22:55.0856 5844  [ 0C7F516415333F854D2CE45C6F2D6420 ] EUBAKUP         C:\Windows\system32\drivers\eubakup.sys
22:22:55.0887 5844  EUBAKUP ( UnsignedFile.Multi.Generic ) - warning
22:22:55.0887 5844  EUBAKUP - detected UnsignedFile.Multi.Generic (1)
22:22:55.0949 5844  [ F986EE234B05769C7FBD8DEF8D20E32F ] EuDisk          C:\Windows\system32\DRIVERS\EuDisk.sys
22:22:55.0996 5844  EuDisk ( UnsignedFile.Multi.Generic ) - warning
22:22:55.0996 5844  EuDisk - detected UnsignedFile.Multi.Generic (1)
22:22:56.0012 5844  [ DB677F262DDB5DE277C8F655EBD114F5 ] EUDSKACS        C:\Windows\system32\drivers\eudskacs.sys
22:22:56.0043 5844  EUDSKACS ( UnsignedFile.Multi.Generic ) - warning
22:22:56.0043 5844  EUDSKACS - detected UnsignedFile.Multi.Generic (1)
22:22:56.0074 5844  [ 42F734E7EB6C05E97DF18C0EB16C350A ] EUFS            C:\Windows\system32\drivers\eufs.sys
22:22:56.0105 5844  EUFS ( UnsignedFile.Multi.Generic ) - warning
22:22:56.0105 5844  EUFS - detected UnsignedFile.Multi.Generic (1)
22:22:56.0152 5844  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll
22:22:56.0199 5844  EventSystem - ok
22:22:56.0277 5844  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys
22:22:56.0308 5844  exfat - ok
22:22:56.0370 5844  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
22:22:56.0417 5844  fastfat - ok
22:22:56.0448 5844  [ 63BDADA84951B9C03E641800E176898A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
22:22:56.0511 5844  fdc - ok
22:22:56.0542 5844  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
22:22:56.0589 5844  fdPHost - ok
22:22:56.0604 5844  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
22:22:56.0667 5844  FDResPub - ok
22:22:56.0729 5844  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
22:22:56.0745 5844  FileInfo - ok
22:22:56.0776 5844  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
22:22:56.0823 5844  Filetrace - ok
22:22:56.0870 5844  [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
22:22:56.0932 5844  flpydisk - ok
22:22:56.0994 5844  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
22:22:57.0026 5844  FltMgr - ok
22:22:57.0088 5844  [ 8CE364388C8ECA59B14B539179276D44 ] FontCache       C:\Windows\system32\FntCache.dll
22:22:57.0182 5844  FontCache - ok
22:22:57.0244 5844  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:22:57.0260 5844  FontCache3.0.0.0 - ok
22:22:57.0306 5844  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
22:22:57.0353 5844  Fs_Rec - ok
22:22:57.0400 5844  [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
22:22:57.0400 5844  gagp30kx - ok
22:22:57.0462 5844  [ 4A381768FCAF9096EC96A29F9602A3ED ] GoogleDesktopManager C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
22:22:57.0509 5844  GoogleDesktopManager ( UnsignedFile.Multi.Generic ) - warning
22:22:57.0509 5844  GoogleDesktopManager - detected UnsignedFile.Multi.Generic (1)
22:22:57.0556 5844  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll
22:22:57.0634 5844  gpsvc - ok
22:22:57.0696 5844  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
22:22:57.0712 5844  gupdate - ok
22:22:57.0743 5844  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
22:22:57.0759 5844  gupdatem - ok
22:22:57.0806 5844  [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
22:22:57.0821 5844  gusvc - ok
22:22:57.0852 5844  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:22:57.0899 5844  HdAudAddService - ok
22:22:57.0977 5844  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
22:22:57.0993 5844  HDAudBus - ok
22:22:58.0040 5844  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
22:22:58.0086 5844  HidBth - ok
22:22:58.0102 5844  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
22:22:58.0149 5844  HidIr - ok
22:22:58.0180 5844  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\system32\hidserv.dll
22:22:58.0211 5844  hidserv - ok
22:22:58.0258 5844  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
22:22:58.0289 5844  HidUsb - ok
22:22:58.0320 5844  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
22:22:58.0352 5844  hkmsvc - ok
22:22:58.0383 5844  [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
22:22:58.0398 5844  HpCISSs - ok
22:22:58.0445 5844  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
22:22:58.0508 5844  HTTP - ok
22:22:58.0523 5844  [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
22:22:58.0539 5844  i2omp - ok
22:22:58.0617 5844  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
22:22:58.0664 5844  i8042prt - ok
22:22:58.0679 5844  [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
22:22:58.0695 5844  iaStorV - ok
22:22:58.0742 5844  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:22:58.0835 5844  idsvc - ok
22:22:58.0851 5844  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
22:22:58.0866 5844  iirsp - ok
22:22:58.0898 5844  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
22:22:58.0944 5844  IKEEXT - ok
22:22:59.0022 5844  [ 56661BEAE591E59067710B6CBCA78184 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
22:22:59.0303 5844  IntcAzAudAddService - ok
22:22:59.0334 5844  [ E5EA1C17DA5065032E346591FF64F3AF ] intelide        C:\Windows\system32\drivers\intelide.sys
22:22:59.0350 5844  intelide - ok
22:22:59.0412 5844  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
22:22:59.0490 5844  intelppm - ok
22:22:59.0553 5844  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
22:22:59.0600 5844  IPBusEnum - ok
22:22:59.0631 5844  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:22:59.0678 5844  IpFilterDriver - ok
22:22:59.0724 5844  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
22:22:59.0771 5844  iphlpsvc - ok
22:22:59.0818 5844  [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
22:22:59.0865 5844  IPMIDRV - ok
22:22:59.0896 5844  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
22:22:59.0943 5844  IPNAT - ok
22:23:00.0005 5844  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
22:23:00.0052 5844  IRENUM - ok
22:23:00.0083 5844  [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
22:23:00.0099 5844  isapnp - ok
22:23:00.0146 5844  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
22:23:00.0161 5844  iScsiPrt - ok
22:23:00.0177 5844  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
22:23:00.0192 5844  iteatapi - ok
22:23:00.0224 5844  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
22:23:00.0239 5844  iteraid - ok
22:23:00.0270 5844  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
22:23:00.0286 5844  kbdclass - ok
22:23:00.0317 5844  [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
22:23:00.0364 5844  kbdhid - ok
22:23:00.0380 5844  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
22:23:00.0426 5844  KeyIso - ok
22:23:00.0473 5844  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
22:23:00.0504 5844  KSecDD - ok
22:23:00.0567 5844  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
22:23:00.0629 5844  KtmRm - ok
22:23:00.0692 5844  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\system32\srvsvc.dll
22:23:00.0754 5844  LanmanServer - ok
22:23:00.0816 5844  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:23:00.0848 5844  LanmanWorkstation - ok
22:23:00.0863 5844  [ 8CCF9ED46D52AF1375875F74A91FFACF ] lirsgt          C:\Windows\system32\DRIVERS\lirsgt.sys
22:23:00.0879 5844  lirsgt - ok
22:23:00.0926 5844  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
22:23:00.0972 5844  lltdio - ok
22:23:01.0035 5844  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
22:23:01.0066 5844  lltdsvc - ok
22:23:01.0082 5844  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
22:23:01.0144 5844  lmhosts - ok
22:23:01.0206 5844  [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
22:23:01.0222 5844  LSI_FC - ok
22:23:01.0253 5844  [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
22:23:01.0269 5844  LSI_SAS - ok
22:23:01.0300 5844  [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
22:23:01.0316 5844  LSI_SCSI - ok
22:23:01.0347 5844  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
22:23:01.0394 5844  luafv - ok
22:23:01.0472 5844  [ 7521C0C58EE91BE90B6CC33E792D10C7 ] LVRS            C:\Windows\system32\DRIVERS\lvrs.sys
22:23:01.0487 5844  LVRS - ok
22:23:01.0659 5844  [ 37E57C48AF530DF01CDD4E8A2AD77B51 ] LVUVC           C:\Windows\system32\DRIVERS\lvuvc.sys
22:23:01.0877 5844  LVUVC - ok
22:23:01.0924 5844  [ D5BA9B816AFEF5292FE13C9A6267B6AB ] Macromedia Licensing Service C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
22:23:01.0955 5844  Macromedia Licensing Service ( UnsignedFile.Multi.Generic ) - warning
22:23:01.0955 5844  Macromedia Licensing Service - detected UnsignedFile.Multi.Generic (1)
22:23:01.0986 5844  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
22:23:02.0018 5844  Mcx2Svc - ok
22:23:02.0064 5844  [ D153B14FC6598EAE8422A2037553ADCE ] megasas         C:\Windows\system32\drivers\megasas.sys
22:23:02.0064 5844  megasas - ok
22:23:02.0158 5844  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
22:23:02.0189 5844  MMCSS - ok
22:23:02.0220 5844  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
22:23:02.0252 5844  Modem - ok
22:23:02.0330 5844  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
22:23:02.0376 5844  monitor - ok
22:23:02.0423 5844  [ F4EA1193A52C8FE4B8A135E210ABE546 ] motccgp         C:\Windows\system32\DRIVERS\motccgp.sys
22:23:02.0486 5844  motccgp - ok
22:23:02.0501 5844  [ B812DA6605CAF02641312F1F65C75419 ] motccgpfl       C:\Windows\system32\DRIVERS\motccgpfl.sys
22:23:02.0564 5844  motccgpfl - ok
22:23:02.0595 5844  [ 69814ACD50A9D6D28296050EF6215D46 ] motmodem        C:\Windows\system32\DRIVERS\motmodem.sys
22:23:02.0642 5844  motmodem - ok
22:23:02.0720 5844  [ 3BBC6C2402242401F791548AAEBF3D39 ] MotoHelper      C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
22:23:02.0735 5844  MotoHelper - ok
22:23:02.0766 5844  [ FD8C2CEF7AD8B23C6714103D621FAC1F ] MotoSwitchService C:\Windows\system32\DRIVERS\motswch.sys
22:23:02.0813 5844  MotoSwitchService - ok
22:23:02.0844 5844  [ DDC489D40B49F443787E7FFA75373522 ] Motousbnet      C:\Windows\system32\DRIVERS\Motousbnet.sys
22:23:02.0860 5844  Motousbnet - ok
22:23:02.0907 5844  [ 2136CCA3D1BF7C0248E5366B1A6C24E3 ] motusbdevice    C:\Windows\system32\DRIVERS\motusbdevice.sys
22:23:02.0969 5844  motusbdevice - ok
22:23:02.0985 5844  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
22:23:03.0000 5844  mouclass - ok
22:23:03.0063 5844  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
22:23:03.0110 5844  mouhid - ok
22:23:03.0156 5844  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
22:23:03.0172 5844  MountMgr - ok
22:23:03.0219 5844  [ 583A41F26278D9E0EA548163D6139397 ] mpio            C:\Windows\system32\drivers\mpio.sys
22:23:03.0234 5844  mpio - ok
22:23:03.0266 5844  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
22:23:03.0312 5844  mpsdrv - ok
22:23:03.0359 5844  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
22:23:03.0390 5844  MpsSvc - ok
22:23:03.0422 5844  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
22:23:03.0437 5844  Mraid35x - ok
22:23:03.0453 5844  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
22:23:03.0468 5844  MRxDAV - ok
22:23:03.0515 5844  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
22:23:03.0531 5844  mrxsmb - ok
22:23:03.0593 5844  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:23:03.0640 5844  mrxsmb10 - ok
22:23:03.0671 5844  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:23:03.0687 5844  mrxsmb20 - ok
22:23:03.0718 5844  [ 86068B8B54A5EB092F51657F00B2222A ] msahci          C:\Windows\system32\drivers\msahci.sys
22:23:03.0734 5844  msahci - ok
22:23:03.0765 5844  [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
22:23:03.0796 5844  msdsm - ok
22:23:03.0827 5844  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
22:23:03.0874 5844  MSDTC - ok
22:23:03.0936 5844  [ 343291A4DFD7C923C3F71F550830EC1C ] MSDV            C:\Windows\system32\DRIVERS\msdv.sys
22:23:03.0983 5844  MSDV - ok
22:23:04.0014 5844  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
22:23:04.0046 5844  Msfs - ok
22:23:04.0108 5844  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
22:23:04.0124 5844  msisadrv - ok
22:23:04.0170 5844  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
22:23:04.0217 5844  MSiSCSI - ok
22:23:04.0233 5844  msiserver - ok
22:23:04.0264 5844  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
22:23:04.0311 5844  MSKSSRV - ok
22:23:04.0358 5844  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
22:23:04.0389 5844  MSPCLOCK - ok
22:23:04.0420 5844  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
22:23:04.0467 5844  MSPQM - ok
22:23:04.0498 5844  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
22:23:04.0514 5844  MsRPC - ok
22:23:04.0560 5844  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
22:23:04.0576 5844  mssmbios - ok
22:23:04.0607 5844  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
22:23:04.0654 5844  MSTEE - ok
22:23:04.0685 5844  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys
22:23:04.0701 5844  Mup - ok
22:23:04.0748 5844  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
22:23:04.0794 5844  napagent - ok
22:23:04.0841 5844  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
22:23:04.0888 5844  NativeWifiP - ok
22:23:04.0950 5844  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
22:23:04.0982 5844  NDIS - ok
22:23:05.0028 5844  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
22:23:05.0075 5844  NdisTapi - ok
22:23:05.0122 5844  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
22:23:05.0153 5844  Ndisuio - ok
22:23:05.0184 5844  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
22:23:05.0216 5844  NdisWan - ok
22:23:05.0262 5844  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
22:23:05.0294 5844  NDProxy - ok
22:23:05.0418 5844  [ C5052FB77AA42ED440F9F6B4E37145A9 ] Nero BackItUp Scheduler 3 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
22:23:05.0481 5844  Nero BackItUp Scheduler 3 - ok
22:23:05.0528 5844  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
22:23:05.0574 5844  NetBIOS - ok
22:23:05.0621 5844  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
22:23:05.0668 5844  netbt - ok
22:23:05.0715 5844  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
22:23:05.0730 5844  Netlogon - ok
22:23:05.0808 5844  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
22:23:05.0855 5844  Netman - ok
22:23:05.0918 5844  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
22:23:05.0980 5844  netprofm - ok
22:23:06.0042 5844  [ 9BA2F93E4F01EC58E722B36639E0CE5D ] netr28u         C:\Windows\system32\DRIVERS\netr28u.sys
22:23:06.0120 5844  netr28u - ok
22:23:06.0183 5844  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:23:06.0198 5844  NetTcpPortSharing - ok
22:23:06.0230 5844  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
22:23:06.0245 5844  nfrd960 - ok
22:23:06.0292 5844  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
22:23:06.0339 5844  NlaSvc - ok
22:23:06.0417 5844  [ 74149BCF0307BB76D68C0F8912DF731C ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
22:23:06.0432 5844  NMIndexingService - ok
22:23:06.0479 5844  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
22:23:06.0495 5844  Npfs - ok
22:23:06.0542 5844  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
22:23:06.0588 5844  nsi - ok
22:23:06.0620 5844  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
22:23:06.0666 5844  nsiproxy - ok
22:23:06.0729 5844  [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
22:23:06.0822 5844  Ntfs - ok
22:23:06.0854 5844  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
22:23:06.0900 5844  ntrigdigi - ok
22:23:06.0932 5844  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
22:23:06.0978 5844  Null - ok
22:23:07.0041 5844  [ B896FB556B4DC1E1D2943559EA79C5C5 ] NVENETFD        C:\Windows\system32\DRIVERS\nvmfdx32.sys
22:23:07.0150 5844  NVENETFD - ok
22:23:07.0415 5844  [ C5823E05F760FF5B4C698752B1B8030D ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:23:07.0852 5844  nvlddmkm - ok
22:23:07.0883 5844  [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
22:23:07.0899 5844  nvraid - ok
22:23:07.0961 5844  [ 7EC12A73067BACA25A8E3E2A58AE83D8 ] nvsmu           C:\Windows\system32\DRIVERS\nvsmu.sys
22:23:08.0008 5844  nvsmu - ok
22:23:08.0024 5844  [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor          C:\Windows\system32\drivers\nvstor.sys
22:23:08.0039 5844  nvstor - ok
22:23:08.0102 5844  [ 4876E7C3184BDF50EDE043FEF616B867 ] nvstor32        C:\Windows\system32\DRIVERS\nvstor32.sys
22:23:08.0117 5844  nvstor32 - ok
22:23:08.0133 5844  [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
22:23:08.0148 5844  nv_agp - ok
22:23:08.0258 5844  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:23:08.0273 5844  odserv - ok
22:23:08.0320 5844  [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
22:23:08.0351 5844  ohci1394 - ok
22:23:08.0414 5844  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:23:08.0429 5844  ose - ok
22:23:08.0476 5844  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
22:23:08.0538 5844  p2pimsvc - ok
22:23:08.0570 5844  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
22:23:08.0616 5844  p2psvc - ok
22:23:08.0648 5844  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys
22:23:08.0710 5844  Parport - ok
22:23:08.0757 5844  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
22:23:08.0772 5844  partmgr - ok
22:23:08.0804 5844  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
22:23:08.0866 5844  Parvdm - ok
22:23:08.0897 5844  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
22:23:08.0928 5844  PcaSvc - ok
22:23:08.0960 5844  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys
22:23:08.0975 5844  pci - ok
22:23:09.0006 5844  [ 1636D43F10416AEB483BC6001097B26C ] pciide          C:\Windows\system32\drivers\pciide.sys
22:23:09.0022 5844  pciide - ok
22:23:09.0053 5844  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
22:23:09.0069 5844  pcmcia - ok
22:23:09.0116 5844  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
22:23:09.0287 5844  PEAUTH - ok
22:23:09.0365 5844  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
22:23:09.0506 5844  pla - ok
22:23:09.0552 5844  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
22:23:09.0599 5844  PlugPlay - ok
22:23:09.0677 5844  [ A1DD33D16F277CE34124EE52AB2C0F14 ] PnkBstrA        C:\Windows\system32\PnkBstrA.exe
22:23:09.0677 5844  PnkBstrA - ok
22:23:09.0724 5844  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
22:23:09.0771 5844  PNRPAutoReg - ok
22:23:09.0802 5844  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
22:23:09.0833 5844  PNRPsvc - ok
22:23:09.0880 5844  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
22:23:09.0989 5844  PolicyAgent - ok
22:23:10.0036 5844  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
22:23:10.0067 5844  PptpMiniport - ok
22:23:10.0114 5844  [ 0E3CEF5D28B40CF273281D620C50700A ] Processor       C:\Windows\system32\drivers\processr.sys
22:23:10.0161 5844  Processor - ok
22:23:10.0192 5844  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll
22:23:10.0239 5844  ProfSvc - ok
22:23:10.0270 5844  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
22:23:10.0270 5844  ProtectedStorage - ok
22:23:10.0317 5844  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
22:23:10.0364 5844  PSched - ok
22:23:10.0442 5844  [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys
22:23:10.0442 5844  PxHelp20 - ok
22:23:10.0520 5844  [ CCDAC889326317792480C0A67156A1EC ] ql2300          C:\Windows\system32\drivers\ql2300.sys
22:23:10.0566 5844  ql2300 - ok
22:23:10.0598 5844  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
22:23:10.0598 5844  ql40xx - ok
22:23:10.0660 5844  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
22:23:10.0691 5844  QWAVE - ok
22:23:10.0738 5844  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
22:23:10.0738 5844  QWAVEdrv - ok
22:23:10.0832 5844  [ 8F97D374AD1857E1EED85A79F29A1D3D ] RapiMgr         C:\Windows\WindowsMobile\rapimgr.dll
22:23:10.0847 5844  RapiMgr - ok
22:23:10.0863 5844  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
22:23:10.0910 5844  RasAcd - ok
22:23:10.0941 5844  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
22:23:10.0988 5844  RasAuto - ok
22:23:11.0019 5844  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
22:23:11.0081 5844  Rasl2tp - ok
22:23:11.0112 5844  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
22:23:11.0144 5844  RasMan - ok
22:23:11.0206 5844  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
22:23:11.0222 5844  RasPppoe - ok
22:23:11.0253 5844  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
22:23:11.0268 5844  RasSstp - ok
22:23:11.0284 5844  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
22:23:11.0331 5844  rdbss - ok
22:23:11.0362 5844  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
22:23:11.0409 5844  RDPCDD - ok
22:23:11.0456 5844  [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
22:23:11.0518 5844  rdpdr - ok
22:23:11.0518 5844  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
22:23:11.0580 5844  RDPENCDD - ok
22:23:11.0627 5844  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
22:23:11.0690 5844  RDPWD - ok
22:23:11.0752 5844  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
22:23:11.0799 5844  RemoteAccess - ok
22:23:11.0830 5844  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
22:23:11.0877 5844  RemoteRegistry - ok
22:23:11.0924 5844  [ 6482707F9F4DA0ECBAB43B2E0398A101 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
22:23:11.0955 5844  RFCOMM - ok
22:23:12.0048 5844  [ 17E0BEF5CA5C9CE52CC8082AC6EBC449 ] RichVideo       C:\Program Files\CyberLink\Shared Files\RichVideo.exe
22:23:12.0064 5844  RichVideo - ok
22:23:12.0111 5844  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
22:23:12.0173 5844  RpcLocator - ok
22:23:12.0392 5844  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll
22:23:12.0438 5844  RpcSs - ok
22:23:12.0485 5844  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
22:23:12.0532 5844  rspndr - ok
22:23:12.0548 5844  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe
22:23:12.0563 5844  SamSs - ok
22:23:12.0626 5844  [ 39763504067962108505BFF25F024345 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
22:23:12.0641 5844  SASDIFSV - ok
22:23:12.0688 5844  [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
22:23:12.0688 5844  SASKUTIL - ok
22:23:13.0265 5844  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
22:23:13.0718 5844  sbp2port - ok
22:23:13.0749 5844  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
22:23:13.0796 5844  SCardSvr - ok
22:23:13.0874 5844  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
22:23:13.0952 5844  Schedule - ok
22:23:13.0983 5844  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll
22:23:13.0998 5844  SCPolicySvc - ok
22:23:14.0045 5844  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
22:23:14.0061 5844  SDRSVC - ok
22:23:14.0076 5844  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
22:23:14.0154 5844  secdrv - ok
22:23:14.0186 5844  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
22:23:14.0217 5844  seclogon - ok
22:23:14.0264 5844  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
22:23:14.0326 5844  SENS - ok
22:23:14.0357 5844  [ AC1F2A09B76B57356F906EEDA43CCC2A ] Ser2pl          C:\Windows\system32\DRIVERS\ser2pl.sys
22:23:14.0404 5844  Ser2pl - ok
22:23:14.0451 5844  [ CE9EC966638EF0B10B864DDEDF62A099 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
22:23:14.0482 5844  Serenum - ok
22:23:14.0529 5844  [ 6D663022DB3E7058907784AE14B69898 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
22:23:14.0560 5844  Serial - ok
22:23:14.0591 5844  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
22:23:14.0622 5844  sermouse - ok
22:23:14.0654 5844  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
22:23:14.0685 5844  SessionEnv - ok
22:23:14.0716 5844  [ 51CF56AA8BCC241F134B420B8F850406 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
22:23:14.0778 5844  sffdisk - ok
22:23:14.0810 5844  [ 96DED8B20C734AC41641CE275250E55D ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
22:23:14.0841 5844  sffp_mmc - ok
22:23:14.0872 5844  [ 8B08CAB1267B2C377883FC9E56981F90 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
22:23:14.0888 5844  sffp_sd - ok
22:23:14.0919 5844  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
22:23:14.0981 5844  sfloppy - ok
22:23:15.0012 5844  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
22:23:15.0075 5844  SharedAccess - ok
22:23:15.0122 5844  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:23:15.0184 5844  ShellHWDetection - ok
22:23:15.0246 5844  [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
22:23:15.0262 5844  sisagp - ok
22:23:15.0293 5844  [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
22:23:15.0293 5844  SiSRaid2 - ok
22:23:15.0309 5844  [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
22:23:15.0324 5844  SiSRaid4 - ok
22:23:15.0371 5844  [ DEC09E19220FE690CF9611D83C0E13D7 ] SKYNET          C:\Windows\system32\DRIVERS\SkyNET.SYS
22:23:15.0387 5844  SKYNET - ok
22:23:15.0434 5844  [ A37740568718F245E818D0C5575B9AA9 ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
22:23:15.0449 5844  SkypeUpdate - ok
22:23:15.0543 5844  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe
22:23:15.0761 5844  slsvc - ok
22:23:15.0824 5844  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
22:23:15.0855 5844  SLUINotify - ok
22:23:15.0886 5844  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
22:23:15.0933 5844  Smb - ok
22:23:15.0980 5844  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
22:23:15.0995 5844  SNMPTRAP - ok
22:23:16.0026 5844  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
22:23:16.0042 5844  spldr - ok
22:23:16.0089 5844  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe
22:23:16.0120 5844  Spooler - ok
22:23:16.0167 5844  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys
22:23:16.0229 5844  srv - ok
22:23:16.0307 5844  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
22:23:16.0323 5844  srv2 - ok
22:23:16.0354 5844  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
22:23:16.0385 5844  srvnet - ok
22:23:16.0432 5844  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
22:23:16.0463 5844  SSDPSRV - ok
22:23:16.0510 5844  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
22:23:16.0510 5844  ssmdrv - ok
22:23:16.0588 5844  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
22:23:16.0635 5844  SstpSvc - ok
22:23:16.0682 5844  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
22:23:16.0697 5844  stisvc - ok
22:23:16.0728 5844  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
22:23:16.0744 5844  swenum - ok
22:23:16.0775 5844  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll
22:23:16.0791 5844  swprv - ok
22:23:16.0822 5844  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
22:23:16.0838 5844  Symc8xx - ok
22:23:16.0853 5844  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
22:23:16.0869 5844  Sym_hi - ok
22:23:16.0884 5844  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
22:23:16.0900 5844  Sym_u3 - ok
22:23:16.0931 5844  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll
22:23:16.0962 5844  SysMain - ok
22:23:16.0994 5844  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:23:17.0040 5844  TabletInputService - ok
22:23:17.0087 5844  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll
22:23:17.0103 5844  TapiSrv - ok
22:23:17.0150 5844  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
22:23:17.0196 5844  TBS - ok
22:23:17.0274 5844  [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
22:23:17.0368 5844  Tcpip - ok
22:23:17.0399 5844  [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
22:23:17.0430 5844  Tcpip6 - ok
22:23:17.0462 5844  [ 2C2D4CFF5E09C73908F9B5AF49A51365 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
22:23:17.0524 5844  tcpipreg - ok
22:23:17.0571 5844  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
22:23:17.0586 5844  TDPIPE - ok
22:23:17.0633 5844  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
22:23:17.0680 5844  TDTCP - ok
22:23:17.0711 5844  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
22:23:17.0742 5844  tdx - ok
22:23:17.0789 5844  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
22:23:17.0789 5844  TermDD - ok
22:23:17.0820 5844  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll
22:23:17.0898 5844  TermService - ok
22:23:17.0930 5844  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
22:23:17.0945 5844  Themes - ok
22:23:17.0961 5844  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
22:23:17.0992 5844  THREADORDER - ok
22:23:18.0039 5844  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
22:23:18.0070 5844  TrkWks - ok
22:23:18.0101 5844  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:23:18.0117 5844  TrustedInstaller - ok
22:23:18.0164 5844  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
22:23:18.0210 5844  tssecsrv - ok
22:23:18.0304 5844  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
22:23:18.0320 5844  tunmp - ok
22:23:18.0366 5844  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
22:23:18.0398 5844  tunnel - ok
22:23:18.0429 5844  [ C3ADE15414120033A36C0F293D4A4121 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
22:23:18.0444 5844  uagp35 - ok
22:23:18.0491 5844  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
22:23:18.0554 5844  udfs - ok
22:23:18.0585 5844  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
22:23:18.0616 5844  UI0Detect - ok
22:23:18.0647 5844  [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
22:23:18.0647 5844  uliagpkx - ok
22:23:18.0694 5844  [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci         C:\Windows\system32\drivers\uliahci.sys
22:23:18.0710 5844  uliahci - ok
22:23:18.0725 5844  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
22:23:18.0741 5844  UlSata - ok
22:23:18.0772 5844  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
22:23:18.0788 5844  ulsata2 - ok
22:23:18.0850 5844  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
22:23:18.0866 5844  umbus - ok
22:23:18.0928 5844  [ 88BD96A1BAEED33EE8BDF9499C07A841 ] UMPass          C:\Windows\system32\DRIVERS\umpass.sys
22:23:18.0944 5844  UMPass - ok
22:23:19.0037 5844  [ 927754ABF077AEB5504BE4E0F2C60C1B ] UMVPFSrv        C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
22:23:19.0100 5844  UMVPFSrv - ok
22:23:19.0131 5844  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
22:23:19.0162 5844  upnphost - ok
22:23:19.0224 5844  [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
22:23:19.0287 5844  usbaudio - ok
22:23:19.0302 5844  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
22:23:19.0334 5844  usbccgp - ok
22:23:19.0412 5844  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
22:23:19.0458 5844  usbcir - ok
22:23:19.0490 5844  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
22:23:19.0552 5844  usbehci - ok
22:23:19.0583 5844  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
22:23:19.0630 5844  usbhub - ok
22:23:19.0677 5844  [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
22:23:19.0692 5844  usbohci - ok
22:23:19.0739 5844  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
22:23:19.0770 5844  usbprint - ok
22:23:19.0833 5844  [ A508C9BD8724980512136B039BBA65E9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
22:23:19.0848 5844  usbscan - ok
22:23:19.0880 5844  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:23:19.0911 5844  USBSTOR - ok
22:23:19.0926 5844  [ 325DBBACB8A36AF9988CCF40EAC228CC ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
22:23:20.0004 5844  usbuhci - ok
22:23:20.0036 5844  [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
22:23:20.0082 5844  usbvideo - ok
22:23:20.0129 5844  [ 35C9095FA7076466AFBFC5B9EC4B779E ] usb_rndisx      C:\Windows\system32\DRIVERS\usb8023x.sys
22:23:20.0176 5844  usb_rndisx - ok
22:23:20.0207 5844  uxddrv - ok
22:23:20.0238 5844  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll
22:23:20.0254 5844  UxSms - ok
22:23:20.0332 5844  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe
22:23:20.0379 5844  vds - ok
22:23:20.0426 5844  [ 7D92BE0028ECDEDEC74617009084B5EF ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
22:23:20.0472 5844  vga - ok
22:23:20.0504 5844  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
22:23:20.0550 5844  VgaSave - ok
22:23:20.0582 5844  [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp          C:\Windows\system32\drivers\viaagp.sys
22:23:20.0597 5844  viaagp - ok
22:23:20.0597 5844  [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
22:23:20.0644 5844  ViaC7 - ok
22:23:20.0675 5844  [ 7AA7EC9A08DC2C39649C413B1A26E298 ] viaide          C:\Windows\system32\drivers\viaide.sys
22:23:20.0675 5844  viaide - ok
22:23:20.0722 5844  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
22:23:20.0738 5844  volmgr - ok
22:23:20.0784 5844  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
22:23:20.0816 5844  volmgrx - ok
22:23:20.0831 5844  [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
22:23:20.0862 5844  volsnap - ok
22:23:20.0894 5844  [ D984439746D42B30FC65A4C3546C6829 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
22:23:20.0909 5844  vsmraid - ok
22:23:20.0956 5844  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe
22:23:21.0081 5844  VSS - ok
22:23:21.0128 5844  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll
22:23:21.0143 5844  W32Time - ok
22:23:21.0174 5844  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
22:23:21.0221 5844  WacomPen - ok
22:23:21.0252 5844  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
22:23:21.0346 5844  Wanarp - ok
22:23:21.0346 5844  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
22:23:21.0362 5844  Wanarpv6 - ok
22:23:21.0393 5844  [ 59E19BD13C3BDB857646B9E436BA27F7 ] WcesComm        C:\Windows\WindowsMobile\wcescomm.dll
22:23:21.0424 5844  WcesComm - ok
22:23:21.0455 5844  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll
22:23:21.0486 5844  wcncsvc - ok
22:23:21.0518 5844  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:23:21.0549 5844  WcsPlugInService - ok
22:23:21.0596 5844  [ 78FE9542363F297B18C027B2D7E7C07F ] Wd              C:\Windows\system32\drivers\wd.sys
22:23:21.0611 5844  Wd - ok
22:23:21.0658 5844  [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
22:23:21.0674 5844  Wdf01000 - ok
22:23:21.0720 5844  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
22:23:21.0752 5844  WdiServiceHost - ok
22:23:21.0752 5844  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
22:23:21.0767 5844  WdiSystemHost - ok
22:23:21.0798 5844  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll
22:23:21.0814 5844  WebClient - ok
22:23:21.0876 5844  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
22:23:21.0954 5844  Wecsvc - ok
22:23:22.0001 5844  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
22:23:22.0017 5844  wercplsupport - ok
22:23:22.0048 5844  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
22:23:22.0095 5844  WerSvc - ok
22:23:22.0157 5844  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
22:23:22.0188 5844  WinDefend - ok
22:23:22.0188 5844  WinHttpAutoProxySvc - ok
22:23:22.0220 5844  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
22:23:22.0251 5844  Winmgmt - ok
22:23:22.0344 5844  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll
22:23:22.0469 5844  WinRM - ok
22:23:22.0500 5844  [ 676F4B665BDD8053EAA53AC1695B8074 ] winusb          C:\Windows\system32\DRIVERS\winusb.sys
22:23:22.0532 5844  winusb - ok
22:23:22.0594 5844  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll
22:23:22.0641 5844  Wlansvc - ok
22:23:22.0672 5844  [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
22:23:22.0703 5844  WmiAcpi - ok
22:23:22.0766 5844  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
22:23:22.0781 5844  wmiApSrv - ok
22:23:22.0859 5844  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
22:23:22.0984 5844  WMPNetworkSvc - ok
22:23:22.0984 5844  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
22:23:23.0015 5844  WPCSvc - ok
22:23:23.0093 5844  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
22:23:23.0124 5844  WPDBusEnum - ok
22:23:23.0187 5844  [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
22:23:23.0218 5844  WpdUsb - ok
22:23:23.0312 5844  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
22:23:23.0358 5844  WPFFontCache_v0400 - ok
22:23:23.0405 5844  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
22:23:23.0452 5844  ws2ifsl - ok
22:23:23.0499 5844  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\System32\wscsvc.dll
22:23:23.0514 5844  wscsvc - ok
22:23:23.0514 5844  WSearch - ok
22:23:23.0624 5844  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
22:23:23.0748 5844  wuauserv - ok
22:23:23.0811 5844  [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
22:23:23.0842 5844  WUDFRd - ok
22:23:23.0873 5844  [ 575A4190D989F64732119E4114045A4F ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
22:23:23.0904 5844  wudfsvc - ok
22:23:23.0936 5844  [ AB2D77BF7222B007717ABB61B15F9AE2 ] X10Hid          C:\Windows\system32\Drivers\x10hid.sys
22:23:23.0936 5844  X10Hid - ok
22:23:23.0982 5844  [ 5A0C788C5BC5F2C993CB60940ADCF95E ] x10nets         C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
22:23:23.0998 5844  x10nets ( UnsignedFile.Multi.Generic ) - warning
22:23:23.0998 5844  x10nets - detected UnsignedFile.Multi.Generic (1)
22:23:24.0060 5844  [ 6BBF7A3BAB8FFDCCF82057FA2AAE2B7B ] XUIF            C:\Windows\system32\Drivers\x10ufx2.sys
22:23:24.0076 5844  XUIF - ok
22:23:24.0123 5844  ================ Scan global ===============================
22:23:24.0154 5844  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
22:23:24.0201 5844  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
22:23:24.0216 5844  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
22:23:24.0279 5844  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
22:23:24.0341 5844  [Global] - ok
22:23:24.0341 5844  ================ Scan MBR ==================================
22:23:24.0341 5844  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
22:23:25.0012 5844  \Device\Harddisk0\DR0 - ok
22:23:25.0012 5844  ================ Scan VBR ==================================
22:23:25.0028 5844  [ 86C4F7DEA41642C3CFD2D85928DA3D7C ] \Device\Harddisk0\DR0\Partition1
22:23:25.0028 5844  \Device\Harddisk0\DR0\Partition1 - ok
22:23:25.0043 5844  [ 953C0546D64A0D394CEE64F903D0C0F4 ] \Device\Harddisk0\DR0\Partition2
22:23:25.0043 5844  \Device\Harddisk0\DR0\Partition2 - ok
22:23:25.0043 5844  ============================================================
22:23:25.0043 5844  Scan finished
22:23:25.0043 5844  ============================================================
22:23:25.0043 4016  Detected object count: 9
22:23:25.0043 4016  Actual detected object count: 9
22:23:50.0939 4016  ACEDRV07 ( UnsignedFile.Multi.Generic ) - skipped by user
22:23:50.0939 4016  ACEDRV07 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:23:50.0939 4016  EASEUS Agent ( UnsignedFile.Multi.Generic ) - skipped by user
22:23:50.0939 4016  EASEUS Agent ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:23:50.0939 4016  EUBAKUP ( UnsignedFile.Multi.Generic ) - skipped by user
22:23:50.0939 4016  EUBAKUP ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:23:50.0939 4016  EuDisk ( UnsignedFile.Multi.Generic ) - skipped by user
22:23:50.0939 4016  EuDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:23:50.0939 4016  EUDSKACS ( UnsignedFile.Multi.Generic ) - skipped by user
22:23:50.0939 4016  EUDSKACS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:23:50.0939 4016  EUFS ( UnsignedFile.Multi.Generic ) - skipped by user
22:23:50.0939 4016  EUFS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:23:50.0939 4016  GoogleDesktopManager ( UnsignedFile.Multi.Generic ) - skipped by user
22:23:50.0939 4016  GoogleDesktopManager ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:23:50.0939 4016  Macromedia Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
22:23:50.0939 4016  Macromedia Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:23:50.0939 4016  x10nets ( UnsignedFile.Multi.Generic ) - skipped by user
22:23:50.0939 4016  x10nets ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Antwort

Themen zu Bekomme Meldung "Troj/JSRedir-HZ" und "MW:JS:JJ677"
7-zip, antivir, audiograbber, avira, bandoo, browser, converter, ebay, error, excel, firefox, flash player, geld, google, hijack, home, iexplore.exe, iminent, install.exe, intranet, logfile, mp3, ntdll.dll, office 2007, packard bell, problem, programm, realtek, security, smartphone, software, svchost.exe, trojaner, vista, wiso



Ähnliche Themen: Bekomme Meldung "Troj/JSRedir-HZ" und "MW:JS:JJ677"


  1. win 7 firefox langsam "keine Rückmeldung" immer wieder Meldung "ein skript auf dieser Seite ist eventuell beschädigt...."
    Plagegeister aller Art und deren Bekämpfung - 14.01.2015 (11)
  2. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  3. "EXP/CVE-2011-3402' [exploit]" heute gefunden und (bereits länger) "Server ist ausgelastet" Meldung
    Log-Analyse und Auswertung - 17.12.2013 (3)
  4. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  5. "Antiviren Werbung" "Langsamer PC" "PC stürzt ab" Banner und Popups beim surfen
    Plagegeister aller Art und deren Bekämpfung - 05.11.2013 (28)
  6. "Deutsche Post(eMail-Anhang)" Alle "EXE(Programme)" werden blockiert "WIN 7 Defender"
    Plagegeister aller Art und deren Bekämpfung - 27.12.2012 (3)
  7. "The document has moved. Redirecting"+"Popup unten rechts"+"Nicht alle Links anklickbar"
    Plagegeister aller Art und deren Bekämpfung - 24.10.2012 (38)
  8. Meldung "PUP.Dealio" und "Adware.WidgiToolbar" durch MBAM
    Log-Analyse und Auswertung - 01.09.2011 (31)
  9. "Stutter.X,"Windows XP recovery"-Aufforderung, "Festplatte beschädigt"-Meldung, Bildschrim schwarz,
    Log-Analyse und Auswertung - 28.05.2011 (20)
  10. Öffentliches Netzwerk: Opera sendet/empfängt Daten an/von "Dani-PC", "Anne-PC", "PAULA-HP"...
    Netzwerk und Hardware - 02.05.2011 (14)
  11. Netzwerk: Opera sendet/empfängt Daten an/von "Dani-PC", "Anne-PC", "PAULA-HP"...
    Alles rund um Windows - 16.04.2011 (0)
  12. "0.05870814618642739.exe" ("Win32:Trojan-gen") in "C:\Users\***\AppData\Local\Temp\"
    Plagegeister aller Art und deren Bekämpfung - 02.01.2011 (25)
  13. "Adware.Virtumonde"/"Downloader.MisleadApp"/"TR/VB.agt.4"/"NewDotNet.A.1350"/"Fakerec
    Plagegeister aller Art und deren Bekämpfung - 22.08.2008 (6)
  14. Popupfenster "Test", Meldung "Static", will Update
    Plagegeister aller Art und deren Bekämpfung - 12.10.2007 (10)
  15. Beheben des Problems "kein Internet"/"rsvp32_2.dll"/"Can't load library from memory"
    Plagegeister aller Art und deren Bekämpfung - 25.03.2007 (22)
  16. ">"">><meta http-equiv="Refresh" content="0;url=http://askimizsonsuza.com/code/">"">
    Plagegeister aller Art und deren Bekämpfung - 04.09.2006 (4)
  17. Bekomme "http://default.home/" und "ACCESS BLOCKED - VIRUS WARNING" nicht mehr los
    Log-Analyse und Auswertung - 16.01.2005 (5)

Zum Thema Bekomme Meldung "Troj/JSRedir-HZ" und "MW:JS:JJ677" - Hallo! Auf einigen von mir ins Netz gestellten Webseiten wird der Aufruf mit der Meldung über den trojaner "Troj/JSRedir-HZ" abgewiesen. Dies ist nur an meinem PC beim Arbeitgeber der Fall. - Bekomme Meldung "Troj/JSRedir-HZ" und "MW:JS:JJ677"...
Archiv
Du betrachtest: Bekomme Meldung "Troj/JSRedir-HZ" und "MW:JS:JJ677" auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.