Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows Sicherheitscenter deaktiviert sich von selbst und URL-Redirect bei Google Suchen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 22.12.2012, 18:22   #1
Dirk3127
 
Windows Sicherheitscenter deaktiviert sich von selbst und URL-Redirect bei Google Suchen - Standard

Windows Sicherheitscenter deaktiviert sich von selbst und URL-Redirect bei Google Suchen



Hallo,

meine Freundin hat sich auf ihrem Laptop scheinbar etwas eingefangen. Bisher sind mir folgende Symptome aufgefallen:

1. Der Windows Sicherheitscenter Dienst deaktiviert sich scheinbar von selbst. Wenn ich versuche ihn von Hand zu starten, deaktiviert er sich nach ca. 30 Sekunden wieder.

2. Beim Klick auf Google Suchergebnisse wird man auf dubiose Seiten umgeleitet und nicht auf das eigentliche Suchergebnis.

Das selbe Problem scheinen gerade einige zu haben. Ich habe hier bereits diverse Threads dazu gelesen. Da ihr empfehlt, dass jeder individuelle Hilfe benötigt, wende ich mich nun an euch.

Bevor ich auf das Trojaner-Board gestoßen bin, habe ich folgende Versuche gemacht um dem Problem Herr zu werden:

1. Virenscan mit AVIRA => ergebnislos
2. Virenscan mit einer aktuellen AVIRA Rescue CD (Boot CD)=> ergebnislos
3. Incredibar deinstalliert
4. Firefox deinstalliert und stattdessen Chrome installiert
5. Spybot Search & Destroy installiert, gescannt und "autofixen" lassen => ergebnislos

Hier kommen meine Logfiles
OTL.txt
Zitat:
OTL logfile created on: 22.12.2012 17:15:52 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Marie\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,25 Gb Available Physical Memory | 75,02% Memory free
5,99 Gb Paging File | 5,06 Gb Available in Paging File | 84,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289,10 Gb Total Space | 230,76 Gb Free Space | 79,82% Space Free | Partition Type: NTFS
Drive D: | 8,98 Gb Total Space | 1,66 Gb Free Space | 18,47% Space Free | Partition Type: NTFS

Computer Name: MARIES-NOTEBOOK | User Name: Marie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.12.22 16:34:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marie\Desktop\OTL.exe
PRC - [2012.12.04 15:36:48 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.12.04 12:13:51 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.12.04 12:04:24 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.11.21 19:00:02 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.11.13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2012.11.13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.06.08 03:02:10 | 000,021,432 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012.06.08 03:02:02 | 003,521,464 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012.03.01 00:59:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.02.29 21:58:46 | 000,857,408 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012.02.29 21:58:36 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011.09.15 12:06:04 | 000,088,576 | ---- | M] () -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2006.10.26 13:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe


========== Modules (No Company Name) ==========

MOD - [2012.11.19 19:53:28 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\0e5254a1a3d59b3a037029e5af1bd32b\System.Runtime.Remoting.ni.dll
MOD - [2012.11.19 19:52:57 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\38e2909de0b5e7887b46dd28725ba718\System.Management.ni.dll
MOD - [2012.11.19 19:52:05 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\aebb94e0eea9c39ec18a7915a711f621\System.Xaml.ni.dll
MOD - [2012.11.17 15:57:52 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7c8bffb6e42a248341d7821a8464ef0b\PresentationFramework.ni.dll
MOD - [2012.11.17 15:57:34 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74fade4c3e490c62af3d60742fb078a\PresentationCore.ni.dll
MOD - [2012.11.17 15:57:20 | 003,882,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\dfe6e22159d3f5bf61b5bfe1da6f2758\WindowsBase.ni.dll
MOD - [2012.11.17 15:57:19 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\46215c6276fca8ba6b8a765dfa384c73\PresentationFramework.Aero.ni.dll
MOD - [2012.11.17 15:54:28 | 013,198,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\ecbb113bbad9034fa8385c15f73fb4cf\System.Windows.Forms.ni.dll
MOD - [2012.11.17 15:54:14 | 001,666,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\a8dfd1388afc0a50f39f9e1dc7ecd45c\System.Drawing.ni.dll
MOD - [2012.11.17 15:54:11 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\14d2241be401f66cc1898dc5dc383b80\System.Core.ni.dll
MOD - [2012.11.17 15:54:09 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e10bbd79027aa4c1ca8950b78fd640d4\System.Xml.ni.dll
MOD - [2012.11.17 15:54:04 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\c63fe1e324904c893d2a5d02f0783658\System.Configuration.ni.dll
MOD - [2012.11.17 15:54:03 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\379599837ade465016dd5d96798b2766\System.ni.dll
MOD - [2012.11.17 15:53:56 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\dbc34d53e1fbedabecd201fe4f264961\mscorlib.ni.dll
MOD - [2012.11.13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2012.11.13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2012.07.01 10:16:11 | 000,115,137 | ---- | M] () -- C:\Users\Marie\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll
MOD - [2012.06.08 03:02:10 | 000,021,432 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2012.02.20 20:29:04 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.02.20 20:28:42 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SDWSCService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService)
SRV - [2012.12.12 16:31:17 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.04 12:13:51 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.12.04 12:04:24 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.03.01 00:59:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2011.09.15 12:06:04 | 000,088,576 | ---- | M] () [Auto | Running] -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.04.29 03:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.10.26 13:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe -- (MDM)


========== Driver Services (SafeList) ==========

DRV - [2012.11.27 10:01:26 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.11.22 15:51:13 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.11.22 15:50:51 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.08.27 14:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2012.03.01 00:59:00 | 010,819,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012.01.17 13:45:56 | 000,148,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2011.06.02 06:47:22 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011.06.02 06:47:22 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2011.06.02 06:47:22 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2010.12.21 06:55:02 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2010.12.21 06:55:02 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus)
DRV - [2010.12.21 06:55:02 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.06.23 10:24:58 | 000,023,040 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2009.10.26 23:54:24 | 000,025,088 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009.10.09 02:37:44 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.04.29 03:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2008.10.03 03:39:28 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox


========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:se archFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Google Drive = C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup File not found
O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Marie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C0247E75-0AA2-455B-AF60-20BA7883F377}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{8558ad0b-1619-11e1-beb2-001f1646b2f8}\Shell - "" = AutoRun
O33 - MountPoints2\{8558ad0b-1619-11e1-beb2-001f1646b2f8}\Shell\AutoRun\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{8558ad0b-1619-11e1-beb2-001f1646b2f8}\Shell\configure\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{8558ad0b-1619-11e1-beb2-001f1646b2f8}\Shell\install\command - "" = G:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.12.22 17:14:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Marie\Desktop\OTL.exe
[2012.12.22 14:26:40 | 000,000,000 | ---D | C] -- C:\Users\Marie\Documents\ProcAlyzer Dumps
[2012.12.22 14:24:25 | 000,000,000 | R--D | C] -- C:\Users\Marie\Dropbox
[2012.12.22 14:22:59 | 000,000,000 | ---D | C] -- C:\Users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012.12.22 14:22:11 | 000,000,000 | ---D | C] -- C:\Users\Marie\AppData\Roaming\Dropbox
[2012.12.17 08:23:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.12.17 08:23:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2012.12.17 08:23:18 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe
[2012.12.17 08:23:14 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2012.12.17 08:22:48 | 000,000,000 | ---D | C] -- C:\Users\Marie\AppData\Local\Programs
[2012.12.17 08:21:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.12.17 08:15:00 | 000,000,000 | ---D | C] -- C:\Users\Marie\AppData\Roaming\Avira
[2012.12.17 08:09:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.12.17 08:09:24 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.12.17 08:09:23 | 000,134,336 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2012.12.17 08:09:23 | 000,083,944 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.12.17 08:09:23 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.12.17 08:09:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.12.17 08:09:18 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.12.16 20:13:27 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2012.12.02 15:19:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.12.02 15:18:30 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.12.02 15:18:29 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.12.02 15:18:29 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1

========== Files - Modified Within 30 Days ==========

[2012.12.22 17:13:06 | 000,000,000 | ---- | M] () -- C:\Users\Marie\defogger_reenable
[2012.12.22 16:52:37 | 000,302,592 | ---- | M] () -- C:\Users\Marie\Desktop\gmer.exe
[2012.12.22 16:52:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.22 16:43:06 | 000,016,384 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.22 16:43:06 | 000,016,384 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.22 16:40:28 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.12.22 16:40:28 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.12.22 16:40:28 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.12.22 16:40:28 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.12.22 16:35:50 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.22 16:35:25 | 000,343,000 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.12.22 16:35:22 | 000,000,306 | ---- | M] () -- C:\Windows\tasks\Rmdhlbjksp.job
[2012.12.22 16:35:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.22 16:34:58 | 2413,711,360 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.22 16:34:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marie\Desktop\OTL.exe
[2012.12.22 16:33:53 | 000,050,477 | ---- | M] () -- C:\Users\Marie\Desktop\Defogger.exe
[2012.12.22 14:31:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.22 14:24:25 | 000,001,046 | ---- | M] () -- C:\Users\Marie\Desktop\Dropbox.lnk
[2012.12.22 14:23:17 | 000,001,056 | ---- | M] () -- C:\Users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.12.17 08:23:25 | 000,002,115 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2012.12.17 08:22:00 | 000,002,223 | ---- | M] () -- C:\Users\Marie\Desktop\Google Chrome.lnk
[2012.12.17 08:09:34 | 000,001,940 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.12.06 17:14:50 | 000,114,688 | RHS- | M] () -- C:\Windows\System32\3DAudiou.dll
[2012.12.02 15:19:02 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.11.27 10:01:26 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys

========== Files Created - No Company Name ==========

[2012.12.22 17:15:11 | 000,302,592 | ---- | C] () -- C:\Users\Marie\Desktop\gmer.exe
[2012.12.22 17:13:06 | 000,000,000 | ---- | C] () -- C:\Users\Marie\defogger_reenable
[2012.12.22 17:12:05 | 000,050,477 | ---- | C] () -- C:\Users\Marie\Desktop\Defogger.exe
[2012.12.22 14:24:25 | 000,001,046 | ---- | C] () -- C:\Users\Marie\Desktop\Dropbox.lnk
[2012.12.22 14:23:17 | 000,001,056 | ---- | C] () -- C:\Users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.12.17 08:23:25 | 000,002,127 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2012.12.17 08:23:25 | 000,002,115 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2012.12.17 08:22:00 | 000,002,223 | ---- | C] () -- C:\Users\Marie\Desktop\Google Chrome.lnk
[2012.12.17 08:09:34 | 000,001,940 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.12.06 17:14:50 | 000,114,688 | RHS- | C] () -- C:\Windows\System32\3DAudiou.dll
[2012.12.06 17:14:50 | 000,000,306 | ---- | C] () -- C:\Windows\tasks\Rmdhlbjksp.job
[2012.12.02 15:19:02 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.05.23 17:49:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.05.23 17:49:32 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2012.05.23 17:49:32 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012.05.23 17:49:32 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012.05.23 17:49:32 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2012.02.07 18:53:01 | 000,001,719 | ---- | C] () -- C:\Users\Marie\.recently-used.xbel
[2011.11.23 23:27:51 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

========== ZeroAccess Check ==========

[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012.04.14 08:22:56 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\CoSoSys
[2011.11.23 22:45:35 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\DAEMON Tools Lite
[2012.12.22 16:36:06 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Dropbox
[2012.02.18 12:30:15 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\inkscape
[2012.03.24 14:03:46 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Origin
[2011.11.26 14:56:47 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Outlook
[2012.07.01 10:11:01 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Samsung
[2012.01.08 12:12:18 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\TeamViewer

========== Purity Check ==========



< End of report >
Extras.txt
Zitat:
OTL Extras logfile created on: 22.12.2012 17:15:52 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Marie\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,25 Gb Available Physical Memory | 75,02% Memory free
5,99 Gb Paging File | 5,06 Gb Available in Paging File | 84,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289,10 Gb Total Space | 230,76 Gb Free Space | 79,82% Space Free | Partition Type: NTFS
Drive D: | 8,98 Gb Total Space | 1,66 Gb Free Space | 18,47% Space Free | Partition Type: NTFS

Computer Name: MARIES-NOTEBOOK | User Name: Marie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Users\Marie\Downloads\OnlineFotoservice\CEWE FOTOSCHAU.exe" -d "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OnlineFotoservice] -- "C:\Users\Marie\Downloads\OnlineFotoservice\OnlineFotoservice.exe" "%1"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03AF332B-B1C0-4D46-B892-785127344D14}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{060CE7AC-2AE1-4154-8C8D-B33900E677F9}" = lport=138 | protocol=17 | dir=in | app=system |
"{074446EE-1BAE-43D7-8B35-EC4CC2E7A702}" = rport=137 | protocol=17 | dir=out | app=system |
"{0B465B00-918B-4DBC-8F3F-A771D642E466}" = rport=139 | protocol=6 | dir=out | app=system |
"{130EA202-C335-4302-BB37-0F50296AA693}" = lport=10243 | protocol=6 | dir=in | app=system |
"{1E931591-69D2-4C65-9B61-EB803A3C7E16}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{23EE414A-8327-4420-9A93-6C8705BB2374}" = lport=139 | protocol=6 | dir=in | app=system |
"{5C007B47-D978-424D-AF96-3A43DAF7A512}" = rport=10243 | protocol=6 | dir=out | app=system |
"{5EC249B7-2360-46AF-AF3B-2665298BDBDC}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{719CCC64-4E54-409D-92EE-DCD58144F124}" = lport=137 | protocol=17 | dir=in | app=system |
"{7D51C580-D950-4624-A020-0484C7EC8E29}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8166044F-E360-4361-B012-7E439F0EB170}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{91064CF9-9C34-40BA-B063-FD7FC01173CD}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 |
"{94B666E9-ACC7-45DA-BB4C-E0C161330B61}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9BDCA94D-4A5B-4FF1-8D5C-2A475C928286}" = rport=445 | protocol=6 | dir=out | app=system |
"{A2F2EBD1-D117-480B-B62F-E36C7763BDBE}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 |
"{A62D616E-BAB1-455F-9886-B5423018DC08}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BFB55DAD-18FC-4C85-974E-518E5CDD208E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C0DFE268-4955-4705-99B3-117D8CE55234}" = rport=138 | protocol=17 | dir=out | app=system |
"{CF0AFADC-CB41-4DC4-AEA9-6C8CAD2D2DB3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CF7FE4A1-FB73-4B95-9D3F-B1C8706922F4}" = lport=445 | protocol=6 | dir=in | app=system |
"{D255381C-C6F2-480F-B3D4-DE8FC99E2FF5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EDAB0122-F97A-4029-B2BA-1FD3B0E54629}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EEB8E6F1-9AB5-4F9F-8F9F-AB25B4D007D5}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00502FB8-F9B0-44A9-8785-86672D11F854}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{050CC3B6-267A-4F88-9646-07FE5EAB55C2}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{053B5BB0-6C5A-4E22-8CDE-E1D7F9A4DCBF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{27AF1DBE-5B4C-496E-8994-D53B17083DBA}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{3ABC06BE-82E2-48B8-B90F-197547922454}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{3C56B307-6ADB-4632-90C9-F33C8131A3EE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{4061ED33-F983-455C-AE8C-3839300CEE78}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{45A523FF-312E-4371-B7E1-F5B09D74CDAA}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{486BFA81-C3EA-46D3-9BE0-A551537E22AC}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{4F7ED48B-5993-496A-A7A9-3EDD85B3F88A}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{54C0633F-B891-408A-BD41-F4D8CC2E4D36}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{57692F3A-0F1D-42CB-8FAC-2EB4FF85506B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6953E142-F866-43FC-B98D-9ADE67F708FC}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{6A115D9B-31DE-4731-8679-9896EEAD1580}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{74357F88-A706-488D-B774-4AA35E535174}" = protocol=17 | dir=in | app=c:\users\marie\appdata\roaming\dropbox\bin\dropbox.exe |
"{748F5824-6DC5-4764-B084-9D2F2AA0ECF0}" = protocol=6 | dir=in | app=c:\users\marie\appdata\roaming\dropbox\bin\dropbox.exe |
"{782566F1-B038-4F91-9C52-4A175A0C8858}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{795D3A03-D34F-4814-A483-08C1AF87B86C}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{854EB977-564D-489E-AE4A-46EC56B4C306}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8F6820CE-3DB1-4D88-99CC-DDAC1BA60C3E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9E562933-ED5E-448A-A190-0C5B90E23E31}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A0451A07-2D7D-497E-A489-FD9B7AA74DCA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AE0C8B17-4C06-4B6B-B972-4D81D724CC97}" = protocol=6 | dir=out | app=system |
"{B6C1DE64-A08F-4A6A-9BD9-F2B1858C468B}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{B8236A7B-CB90-4CCC-99F8-1DE73A1CF126}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C5135189-8739-47E5-99E0-F9CCB66555F1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C942E3B4-F489-43E1-813C-C8DB24C4234C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CFA0F44E-289E-4115-9B9C-B93279B059AC}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{DE39BDD4-EA76-4A5E-95EF-FA57739D72F2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DF678A70-2AE8-41CA-B38B-4E8D1B8B2B1D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E339FAD4-1C2A-4692-A733-A3C5A516D509}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FBC2DDEC-5433-4D33-9A40-96D5C27C4C3E}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{FC11571F-F289-48EE-B8F1-3303B84F1850}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"TCP Query User{0367B012-FDE3-442F-8027-72C79F39C2EB}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{8B5D16A8-804F-40C2-813C-C5FF001501EA}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0673654C-5296-453B-9798-B61CD7E03FEB}" = SES Driver
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1B6C0E95-182C-48E0-9C4B-4F916308249C}" = iTunes
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3276CB1-20B6-4AF9-AAEC-E72C83816495}" = IKEA Home Planner
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"EADM" = EA Download Manager
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"OnlineFotoservice" = OnlineFotoservice
"Origin" = Origin
"SynTPDeinstKey" = Synaptics Pointing Device Driver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10.12.2012 12:40:05 | Computer Name = Maries-Notebook | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10.12.2012 12:40:05 | Computer Name = Maries-Notebook | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5272

Error - 10.12.2012 12:40:05 | Computer Name = Maries-Notebook | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5272

Error - 10.12.2012 13:06:01 | Computer Name = Maries-Notebook | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10.12.2012 13:06:01 | Computer Name = Maries-Notebook | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1561694

Error - 10.12.2012 13:06:01 | Computer Name = Maries-Notebook | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1561694

Error - 13.12.2012 10:56:55 | Computer Name = Maries-Notebook | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\HTC\HTC
Sync 3.0\FDAgentForOutlook64.exe". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 22.12.2012 09:17:54 | Computer Name = Maries-Notebook | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567,
Zeitstempel: 0x4d6727a7 Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.1.7601.17859,
Zeitstempel: 0x4fd2d1d9 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0004b1e8 ID des fehlerhaften
Prozesses: 0x6fc Startzeit der fehlerhaften Anwendung: 0x01cde04491463719 Pfad der
fehlerhaften Anwendung: C:\Windows\Explorer.EXE Pfad des fehlerhaften Moduls: C:\Windows\system32\SHELL32.dll
Berichtskennung:
fdf87e0e-4c39-11e2-a0ae-001f1646b2f8

Error - 22.12.2012 09:18:00 | Computer Name = Maries-Notebook | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567,
Zeitstempel: 0x4d6727a7 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b60 Ausnahmecode: 0xc015000f Fehleroffset: 0x00083fbe ID des fehlerhaften
Prozesses: 0x6fc Startzeit der fehlerhaften Anwendung: 0x01cde04491463719 Pfad der
fehlerhaften Anwendung: C:\Windows\Explorer.EXE Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll
Berichtskennung:
01911b99-4c3a-11e2-a0ae-001f1646b2f8

Error - 22.12.2012 11:37:53 | Computer Name = Maries-Notebook | Source = Application Hang | ID = 1002
Description = Programm msinfo32.exe, Version 6.1.7601.17514 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 980 Startzeit: 01cde05a16b8f2c3 Endzeit: 0 Anwendungspfad: C:\Windows\system32\msinfo32.exe

Berichts-ID:
89d648e4-4c4d-11e2-84c2-001f1646b2f8

[ Spybot - Search and Destroy Events ]
Error - 17.12.2012 03:54:21 | Computer Name = Maries-Notebook | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions

Error - 22.12.2012 09:58:30 | Computer Name = Maries-Notebook | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions

[ System Events ]
Error - 09.04.2012 11:02:27 | Computer Name = Maries-Notebook | Source = WMPNetworkSvc | ID = 866321
Description =

Error - 09.04.2012 11:02:27 | Computer Name = Maries-Notebook | Source = WMPNetworkSvc | ID = 866317
Description =

Error - 09.04.2012 11:25:20 | Computer Name = Maries-Notebook | Source = DCOM | ID = 10010
Description =

Error - 12.04.2012 04:48:42 | Computer Name = Maries-Notebook | Source = DCOM | ID = 10010
Description =

Error - 12.04.2012 07:51:29 | Computer Name = Maries-Notebook | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 22.04.2012 10:20:56 | Computer Name = Maries-Notebook | Source = Microsoft-Windows-Application-Experience | ID = 205
Description = Der Dienst "Programmkompatibilitäts-Assistent" konnte Phase 2 nicht
initialisieren.

Error - 27.04.2012 06:33:18 | Computer Name = Maries-Notebook | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?27.?04.?2012 um 09:58:16 unerwartet heruntergefahren.

Error - 01.05.2012 14:05:28 | Computer Name = Maries-Notebook | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.

Error - 01.05.2012 14:05:29 | Computer Name = Maries-Notebook | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.

Error - 01.05.2012 14:05:29 | Computer Name = Maries-Notebook | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.


< End of report >
Gmer.txt
Zitat:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-12-22 17:56:34
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK3252GSX rev.LV011C
Running: gmer.exe; Driver: C:\Users\Marie\AppData\Local\Temp\fwpcrpoc.sys


---- System - GMER 1.0.15 ----

SSDT 902C8F2E ZwCreateSection
SSDT 902C8F38 ZwRequestWaitReplyPort
SSDT 902C8F33 ZwSetContextThread
SSDT 902C8F3D ZwSetSecurityObject
SSDT 902C8F42 ZwSystemDebugControl
SSDT 902C8ECF ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82C59A49 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C934D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82C9A62C 4 Bytes [2E, 8F, 2C, 90]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 82C9A988 4 Bytes JMP AF58E20F
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 82C9A9CC 4 Bytes [33, 8F, 2C, 90]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 82C9AA48 4 Bytes [3D, 8F, 2C, 90]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1667 82C9AA9C 4 Bytes [42, 8F, 2C, 90]
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3204] ntdll.dll!DbgUiRemoteBreakin 778AF17D 1 Byte [C3]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\00000049 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
So, ich hoffe ich habe alles richtig gemacht.

Vielen Dank schonmal im Voraus!

Alt 22.12.2012, 20:48   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Sicherheitscenter deaktiviert sich von selbst und URL-Redirect bei Google Suchen - Standard

Windows Sicherheitscenter deaktiviert sich von selbst und URL-Redirect bei Google Suchen



Hallo und

Schon irgendwelche Scans mit Malwarebytes oder anderen Tools gemacht? Log mit Funden da? Siehe => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon etwaig vorhandene Logs posten!
__________________

__________________

Alt 22.12.2012, 21:23   #3
Dirk3127
 
Windows Sicherheitscenter deaktiviert sich von selbst und URL-Redirect bei Google Suchen - Standard

Windows Sicherheitscenter deaktiviert sich von selbst und URL-Redirect bei Google Suchen



Hallo cosinus,

also Avira hat nichts gefunden.

Hier die Logs von Spybot (ich nehme die Code Tags, damit der Post übersichtlich bleibt):

Checks.121217-0853.txt
Code:
ATTFilter
Search results from Spybot - Search & Destroy

17.12.2012 08:53:03
Scan took 00:28:54.
83 items found.

IncrediBar: [SBI $430C5658] User settings (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\DisplayName

IncrediBar: [SBI $6FA574B7] User settings (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\URL

IncrediBar: [SBI $91B383C6] User settings (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\Internet Explorer\SearchScopes\DefaultScope

Microsoft.WindowsSecurityCenter_disabled: [SBI $2E20C9A9] Settings (Registry Change, nothing done)
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\a.vimeocdn.com\com.conviva.livePass.sol
  Properties.size=224
  Properties.md5=9342F735E4AD7CCEBF9641CDF85114E9
  Properties.filedate=1341661920
  Properties.filedatetext=2012-07-07 12:51:59

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\cache.spreadshirt.net\sprd_c7_629654.sol
  Properties.size=353
  Properties.md5=052A2EB3791BE49198BBE07CC843CC16
  Properties.filedate=1326563081
  Properties.filedatetext=2012-01-14 18:44:40

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\cdn.widgetserver.com\wbx_cookie.sol
  Properties.size=42
  Properties.md5=FA4F785C85DE06B7A58A9DAFE4FBC134
  Properties.filedate=1328025425
  Properties.filedatetext=2012-01-31 16:57:05

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\d.yimg.com\YEPBWPrefs.sol
  Properties.size=71
  Properties.md5=44E4AD8751E3572B0DABE75E83AFBE60
  Properties.filedate=1346351009
  Properties.filedatetext=2012-08-30 19:23:28

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\d.yimg.com\YEPVitalitySharedObject.sol
  Properties.size=59
  Properties.md5=97C752938B867713459D52B72F2AEDF5
  Properties.filedate=1342180084
  Properties.filedatetext=2012-07-13 12:48:04

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\demandware.edgesuite.net\com.jeroenwijering.players.sol
  Properties.size=66
  Properties.md5=C7747661FF69BB0E9AADF5B8DD7D6CAC
  Properties.filedate=1333189994
  Properties.filedatetext=2012-03-31 11:33:13

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\g-ecx.images-amazon.com\AlbumSampler.sol
  Properties.size=52
  Properties.md5=2BDD87C44F54C3BB84B60B16E0903D32
  Properties.filedate=1322403241
  Properties.filedatetext=2011-11-27 15:14:01

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\images-na.ssl-images-amazon.com\mercury.sol
  Properties.size=69
  Properties.md5=9B780A330908FA6943A1129D6116BFFB
  Properties.filedate=1322403113
  Properties.filedatetext=2011-11-27 15:11:53

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\images.buttinette.com\s7_storage_tracker.sol
  Properties.size=179
  Properties.md5=346A27005A2E8BCB79138C4B2B7F61E2
  Properties.filedate=1329321220
  Properties.filedatetext=2012-02-15 16:53:39

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\l.yimg.com\com.conviva.livePass.sol
  Properties.size=234
  Properties.md5=845AAE6F0BA82F1503332ABB2B9A6913
  Properties.filedate=1355670266
  Properties.filedatetext=2012-12-16 16:04:26

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\login.yahoo.com\loginCache.sol
  Properties.size=178
  Properties.md5=6DFD92250D055F9D49E16B4005DBC248
  Properties.filedate=1325427989
  Properties.filedatetext=2012-01-01 15:26:29

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\mail.google.com\wakeup.sol
  Properties.size=37
  Properties.md5=9A8B669D78B18C8C422C68AADF21639B
  Properties.filedate=1324043536
  Properties.filedatetext=2011-12-16 14:52:16

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\mpsnare.iesnare.com\stm.sol
  Properties.size=79
  Properties.md5=D7A2A38F1E4B2FB9ED02646030FC843E
  Properties.filedate=1326128513
  Properties.filedatetext=2012-01-09 18:01:52

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\pub.widgetbox.com\wbx_cookie.sol
  Properties.size=42
  Properties.md5=FA4F785C85DE06B7A58A9DAFE4FBC134
  Properties.filedate=1328025426
  Properties.filedatetext=2012-01-31 16:57:06

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\redblue.scene7.com\s7_storage_init.sol
  Properties.size=332
  Properties.md5=F61AF0EDEF0E85978C0B84F02AB85598
  Properties.filedate=1353349627
  Properties.filedatetext=2012-11-19 19:27:07

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\redblue.scene7.com\s7_storage_tracker.sol
  Properties.size=151
  Properties.md5=10D75CFDBDA6E90ED915D8BD4A51F98A
  Properties.filedate=1353349628
  Properties.filedatetext=2012-11-19 19:27:07

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\s-static.ak.fbcdn.net\www.simfy.de.sol
  Properties.size=79
  Properties.md5=C5AB0C230DBF5A49739B066478D80BFE
  Properties.filedate=1326566191
  Properties.filedatetext=2012-01-14 19:36:30

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\s.ytimg.com\soundData.sol
  Properties.size=80
  Properties.md5=7B8E0F4131264E68ACE3ABA160FBD6E0
  Properties.filedate=1354897784
  Properties.filedatetext=2012-12-07 17:29:43

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\s.ytimg.com\videostats.sol
  Properties.size=275
  Properties.md5=6CB7BB3C44FB9C2ABEA8C6F7EBD5B679
  Properties.filedate=1355324530
  Properties.filedatetext=2012-12-12 16:02:10

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\secureinclude.ebaystatic.com\ebayLSO.sol
  Properties.size=131
  Properties.md5=E01720047B1AFAC1985F1E67CD92575E
  Properties.filedate=1355667152
  Properties.filedatetext=2012-12-16 15:12:32

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\secureinclude.ebaystatic.com\ebayT.sol
  Properties.size=39
  Properties.md5=B43F43445AA3414DDC22EC80FBB22871
  Properties.filedate=1355667152
  Properties.filedatetext=2012-12-16 15:12:32

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\ssl.hurra.com\restore.hurra.com.sol
  Properties.size=178
  Properties.md5=B57176E8B906FF329A0F7B674A9E65C9
  Properties.filedate=1346449326
  Properties.filedatetext=2012-08-31 22:42:05

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\static-dhd24.dhd.de\com.jeroenwijering.sol
  Properties.size=64
  Properties.md5=BFCF048AB77E7E8D4D04079AE416ADC7
  Properties.filedate=1351263369
  Properties.filedatetext=2012-10-26 15:56:09

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\static.sevenload.net\analytics.sol
  Properties.size=419
  Properties.md5=DD5A2F84FD00E7AFA5B718F47C8F54D5
  Properties.filedate=1332870697
  Properties.filedatetext=2012-03-27 18:51:37

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\video.holidaycheck.de\com.jeroenwijering.sol
  Properties.size=53
  Properties.md5=7426C3B83D09F67D83E61F7FAC026BC3
  Properties.filedate=1341762768
  Properties.filedatetext=2012-07-08 16:52:47

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\web.de\PF_LSOConnector.sol
  Properties.size=56
  Properties.md5=E6504E0F08496F2133B7BBF56797CB32
  Properties.filedate=1334826457
  Properties.filedatetext=2012-04-19 10:07:37

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\www.baur.de\REGISTRY.sol
  Properties.size=42
  Properties.md5=F10611AA2C3676CBFB75469623E46626
  Properties.filedate=1346448064
  Properties.filedatetext=2012-08-31 22:21:04

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\www.baur.de\sol.sol
  Properties.size=374
  Properties.md5=F7BDE360C35478102599870968B1D207
  Properties.filedate=1346448064
  Properties.filedatetext=2012-08-31 22:21:04

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\www.cashback4you.de\pap20.sol
  Properties.size=98
  Properties.md5=F895615A504E7B8593870E0EEE1A6902
  Properties.filedate=1354179199
  Properties.filedatetext=2012-11-29 09:53:18

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\www.jochen-schweizer.de\lsoContent.sol
  Properties.size=143
  Properties.md5=D8BF3C3BB749DB244E55273E59FB4622
  Properties.filedate=1333190501
  Properties.filedatetext=2012-03-31 11:41:41

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\www.jochen-schweizer.de\lsoSearch.sol
  Properties.size=674
  Properties.md5=6690281A76C574BB13442C9F8AD16F72
  Properties.filedate=1333190310
  Properties.filedatetext=2012-03-31 11:38:29

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\www.jochen-schweizer.de\lsoTrack.sol
  Properties.size=138
  Properties.md5=E48AF8E4BD172B272B1C476E1D4D0DCF
  Properties.filedate=1334171782
  Properties.filedatetext=2012-04-11 20:16:22

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\www.lindt.com\analytics.sol
  Properties.size=419
  Properties.md5=1367C2A23338A8063308DF9BBCCBCADD
  Properties.filedate=1329926726
  Properties.filedatetext=2012-02-22 17:05:26

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\www.player.previewnetworks.com\analytics.sol
  Properties.size=419
  Properties.md5=949C3E86EE58399D458A57924FF04A5B
  Properties.filedate=1350641429
  Properties.filedatetext=2012-10-19 11:10:29

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\www.tripadvisor.de\TA.sol
  Properties.size=62
  Properties.md5=79376BCB45AFBB298862D9999CBF24CD
  Properties.filedate=1325865110
  Properties.filedatetext=2012-01-06 16:51:49

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\www.vistaprint.de\dataStorage.sol
  Properties.size=101
  Properties.md5=7060A5135565BFA4B1D636E0156BA65B
  Properties.filedate=1331980295
  Properties.filedatetext=2012-03-17 11:31:34

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\zcache.zgncdn.com\farm.sol
  Properties.size=60
  Properties.md5=C49910D8C02E5EA8C9DB0C0389F03472
  Properties.filedate=1325429452
  Properties.filedatetext=2012-01-01 15:50:52

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\zcache.zgncdn.com\hidden_chronicles.sol
  Properties.size=73
  Properties.md5=9FA5A37CF1288961478C3CD39103B7AC
  Properties.filedate=1325429452
  Properties.filedatetext=2012-01-01 15:50:52

Macromedia.FlashPlayer.Cookies: [SBI $1EF45977]  Text file (File, nothing done)
  C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\skype.com\#ui\preferences.sol
  Properties.size=234
  Properties.md5=389778655E8D3621C297BCF721A74ADA
  Properties.filedate=1353690504
  Properties.filedatetext=2012-11-23 18:08:24

Macromedia.FlashPlayer.Cookies: [SBI $1EF45977]  Text file (File, nothing done)
  C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\skype.com\#user\segment.sol
  Properties.size=49
  Properties.md5=AA33A3E3B5A7F4BE69ADC2DD11072002
  Properties.filedate=1326128853
  Properties.filedatetext=2012-01-09 18:07:32

Macromedia.FlashPlayer.Cookies: [SBI $1EF45977]  Text file (File, nothing done)
  C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\skype.com\#user\session.sol
  Properties.size=85
  Properties.md5=79CE168BB32E95B948CCE112358C99DD
  Properties.filedate=1326128852
  Properties.filedatetext=2012-01-09 18:07:32

Macromedia.FlashPlayer.Cookies: [SBI $1EF45977]  Text file (File, nothing done)
  C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\skypeassets.com\#ui\source.sol
  Properties.size=62
  Properties.md5=404B4CF103F7FA161BB4EF6E25B8940C
  Properties.filedate=1326128449
  Properties.filedatetext=2012-01-09 18:00:48

Macromedia.FlashPlayer.Cookies: [SBI $1EF45977]  Text file (File, nothing done)
  C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\www.mercedes-amg.com\main.swf\mercedes-amg.sol
  Properties.size=49
  Properties.md5=595932207662CE252EB321791682CA0B
  Properties.filedate=1325512021
  Properties.filedatetext=2012-01-02 14:47:00

Macromedia.FlashPlayer.Cookies: [SBI $1EF45977]  Text file (File, nothing done)
  C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\www.rtlregional.de\videoplayer.swf\rtl.sol
  Properties.size=35
  Properties.md5=F240BC8ED3BD00819E900DB730F278F4
  Properties.filedate=1326817961
  Properties.filedatetext=2012-01-17 17:32:40

Macromedia.FlashPlayer.Cookies: [SBI $1EF45977]  Text file (File, nothing done)
  C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\www.shirtalarm.de\procon.swf\procon.sol
  Properties.size=43
  Properties.md5=6D1767973771F6DB22960C55BB0B6B40
  Properties.filedate=1349006623
  Properties.filedatetext=2012-09-30 13:03:42

Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7]  Text file (File, nothing done)
  C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\a.affil.io\s\af.swf\afstorage.sol
  Properties.size=52
  Properties.md5=FA7AF9F917C2728475F8DA694A793A57
  Properties.filedate=1339746780
  Properties.filedatetext=2012-06-15 08:52:59

Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7]  Text file (File, nothing done)
  C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\flickr.com\slideShow\slideShow.swf\slideShowMS.sol
  Properties.size=47
  Properties.md5=B5EB1A9D23DCE0DCB62DE457339E1606
  Properties.filedate=1323009946
  Properties.filedatetext=2011-12-04 15:45:46

Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7]  Text file (File, nothing done)
  C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\heias.com\x\heias_sc.swf\heias.sol
  Properties.size=63
  Properties.md5=071E7C0453DDF97DA6FC56CED0620431
  Properties.filedate=1346312939
  Properties.filedatetext=2012-08-30 08:48:58

Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7]  Text file (File, nothing done)
  C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\microsites.pearl.de\bk\elkat.swf\elkat104526.sol
  Properties.size=46
  Properties.md5=66ECA971A35F9BC45917653DB0269F1C
  Properties.filedate=1333566815
  Properties.filedatetext=2012-04-04 20:13:34

Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7]  Text file (File, nothing done)
  C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\rtl-now.rtl.de\includes\vodplayer.liveab.swf\ConnectionInfo.sol
  Properties.size=140
  Properties.md5=57849C772F6FDFB9B723B0D6F3C904A7
  Properties.filedate=1346264182
  Properties.filedatetext=2012-08-29 19:16:22

Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7]  Text file (File, nothing done)
  C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\rtl-now.rtl.de\includes\vodplayer.liveab.swf\rtl.sol
  Properties.size=35
  Properties.md5=5B212BF5D6C0C96D5C55BEBFC6E624FA
  Properties.filedate=1346264154
  Properties.filedatetext=2012-08-29 19:15:53

Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7]  Text file (File, nothing done)
  C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\rtl-now.rtl.de\includes\vodplayer.liveab.swf\userinfo6.sol
  Properties.size=51
  Properties.md5=AC758E7DBD3EC839B33214227554B3CB
  Properties.filedate=1346264352
  Properties.filedatetext=2012-08-29 19:19:11

Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7]  Text file (File, nothing done)
  C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\www.rahmenversand.com\movies\flowplayer-3.2.7.swf\org.flowplayer.sol
  Properties.size=67
  Properties.md5=4461D292C4BCB0D2A78A05C4C6CDFDA5
  Properties.filedate=1353849532
  Properties.filedatetext=2012-11-25 14:18:51

Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7]  Text file (File, nothing done)
  C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\www2l.incredimail.com\fc\fc.swf\im.sol
  Properties.size=149
  Properties.md5=4DCE0F629C1F33B274219324CFF5A90B
  Properties.filedate=1339430521
  Properties.filedatetext=2012-06-11 17:02:01

Log: [SBI $8E73A7FB]  Install: setupact.log (File, nothing done)
  C:\Windows\setupact.log
  Properties.size=167615
  Properties.md5=3BA750E28F36913CF05EF694D8AA8535
  Properties.filedate=1355729645
  Properties.filedatetext=2012-12-17 08:34:05

Log: [SBI $8E73A7FB]  Install: DtcInstall.log (File, nothing done)
  C:\Windows\DtcInstall.log
  Properties.size=1774
  Properties.md5=0722A1C4A71696D35C0B2BFCC0BC0A46
  Properties.filedate=1322078144
  Properties.filedatetext=2011-11-23 20:55:44

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
  HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
  HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

MS Management Console: [SBI $ECD50EAD] Recent command list (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\Microsoft Management Console\Recent File List

MS Media Player: [SBI $5C51E349] Client ID (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\MediaPlayer\Player\Settings\Client ID

MS Direct3D: [SBI $7FB7B83F] Most recent application (Registry Change, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
  HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
  HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name

MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\DirectInput\MostRecentApplication\Name

MS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\DirectInput\MostRecentApplication\Id

MS Paint: [SBI $07867C39] Recent file list (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List

Windows.OpenWith: [SBI $F7204896] Open with list - .AVI extension (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList

Windows.OpenWith: [SBI $A1C94E79] Open with list - .BMP extension (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList

Windows.OpenWith: [SBI $F34FE1D0] Open with list - .CUE extension (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CUE\OpenWithList

Windows Explorer: [SBI $7308A845] Run history (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU

Windows Explorer: [SBI $AA0766B5] Stream history (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU

Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
  HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Cookie: [SBI $49804B54] Browser: Cookie (2) (Browser: Cookie, nothing done)
  

Cache: [SBI $49804B54] Browser: Cache (1) (Browser: Cache, nothing done)
  


--- Spybot - Search & Destroy version: 2.0.12.131  DLL (build: 20121113) ---

2012-11-13 blindman.exe (2.0.12.151)
2012-11-13 explorer.exe (2.0.12.173)
2012-11-13 SDBootCD.exe (2.0.12.109)
2012-11-13 SDCleaner.exe (2.0.12.110)
2012-11-13 SDDelFile.exe (2.0.12.94)
2012-11-13 SDFiles.exe (2.0.12.135)
2012-11-13 SDFileScanHelper.exe (2.0.12.1)
2012-11-13 SDFSSvc.exe (2.0.12.205)
2012-11-13 SDImmunize.exe (2.0.12.130)
2012-11-13 SDLogReport.exe (2.0.12.107)
2012-11-13 SDPESetup.exe (2.0.12.3)
2012-11-13 SDPEStart.exe (2.0.12.86)
2012-11-13 SDPhoneScan.exe (2.0.12.27)
2012-11-13 SDPRE.exe (2.0.12.13)
2012-11-13 SDPrepPos.exe (2.0.12.10)
2012-11-13 SDQuarantine.exe (2.0.12.103)
2012-11-13 SDRootAlyzer.exe (2.0.12.116)
2012-11-13 SDSBIEdit.exe (2.0.12.39)
2012-11-13 SDScan.exe (2.0.12.173)
2012-11-13 SDScript.exe (2.0.12.53)
2012-11-13 SDSettings.exe (2.0.12.130)
2012-11-13 SDShred.exe (2.0.12.105)
2012-11-13 SDSysRepair.exe (2.0.12.101)
2012-11-13 SDTools.exe (2.0.12.150)
2012-11-13 SDTray.exe (2.0.12.127)
2012-11-13 SDUpdate.exe (2.0.12.89)
2012-11-13 SDUpdSvc.exe (2.0.12.76)
2012-11-13 SDWelcome.exe (2.0.12.126)
2012-11-13 SDWSCSvc.exe (2.0.12.2)
2012-12-17 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2012-11-13 SDAdvancedCheckLibrary.dll (2.0.12.98)
2012-11-13 SDECon32.dll (2.0.12.113)
2012-11-13 SDEvents.dll (2.0.12.2)
2012-11-13 SDFileScanLibrary.dll (2.0.12.9)
2012-11-13 SDHelper.dll (2.0.12.88)
2012-11-13 SDImmunizeLibrary.dll (2.0.12.2)
2012-11-13 SDLists.dll (2.0.12.4)
2012-11-13 SDResources.dll (2.0.12.7)
2012-11-13 SDScanLibrary.dll (2.0.12.131)
2012-11-13 SDTasks.dll (2.0.12.15)
2012-11-13 SDWinLogon.dll (2.0.12.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2012-11-13 Tools.dll (2.0.12.36)
2012-11-13 UninsSrv.dll (2.0.12.52)
2012-11-14 Includes\Adware.sbi (*)
2012-11-14 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2012-11-14 Includes\Dialer.sbi (*)
2012-11-14 Includes\DialerC.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2012-11-14 Includes\Hijackers.sbi (*)
2012-11-14 Includes\HijackersC.sbi (*)
2012-11-14 Includes\iPhone.sbi (*)
2012-11-14 Includes\Keyloggers.sbi (*)
2012-11-14 Includes\KeyloggersC.sbi (*)
2012-11-14 Includes\Malware.sbi (*)
2012-11-14 Includes\MalwareC.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2012-11-14 Includes\PUPSC.sbi (*)
2012-11-14 Includes\Security.sbi (*)
2012-11-14 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2012-11-14 Includes\Spyware.sbi (*)
2012-11-14 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2005-02-17 Includes\Tracks.uti (*)
2012-11-14 Includes\Trojans.sbi (*)
2012-11-14 Includes\TrojansC-02.sbi (*)
2012-11-14 Includes\TrojansC-03.sbi (*)
2012-11-14 Includes\TrojansC-04.sbi (*)
2012-11-14 Includes\TrojansC-05.sbi (*)
2012-11-14 Includes\TrojansC.sbi (*)
         
Checks.121222-1454.txt
Code:
ATTFilter
Search results from Spybot - Search & Destroy

22.12.2012 14:54:06
Scan took 00:22:32.
23 items found.

Microsoft.WindowsSecurityCenter_disabled: [SBI $2E20C9A9] Settings (Registry Change, nothing done)
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start

Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7]  Text file (File, nothing done)
  C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\a.affil.io\s\af.swf\afstorage.sol
  Properties.size=52
  Properties.md5=6B24E811E02383454CEDF151946E1EC8
  Properties.filedate=1355836535
  Properties.filedatetext=2012-12-18 14:15:35

FastClick: [SBI $8E73A7FB] Tracking cookie (Internet Explorer (Benutzer): Marie) (Browser: Cookie, nothing done)
  

MediaPlex: [SBI $8E73A7FB] Tracking cookie (Internet Explorer (Benutzer): Marie) (Browser: Cookie, nothing done)
  

MediaPlex: [SBI $8E73A7FB] Tracking cookie (Internet Explorer (Benutzer): Marie) (Browser: Cookie, nothing done)
  

Log: [SBI $8E73A7FB]  Install: setupact.log (File, nothing done)
  C:\Windows\setupact.log
  Properties.size=1120
  Properties.md5=1624FAC8DD8EC5DB0A7F49DE35B09C12
  Properties.filedate=1356183300
  Properties.filedatetext=2012-12-22 14:34:59

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
  HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
  HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

MS Management Console: [SBI $ECD50EAD] Recent command list (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\Microsoft Management Console\Recent File List

MS Direct3D: [SBI $7FB7B83F] Most recent application (Registry Change, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
  HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
  HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name

MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\DirectInput\MostRecentApplication\Name

MS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\DirectInput\MostRecentApplication\Id

MS Office 12.0: [SBI $31A61065] Internet history (Registry Value, nothing done)
  HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\Office\12.0\Common\Internet\UseRWHlinkNavigation

MS Office 12.0 (Excel): [SBI $546355D5] Recent Cartel List (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\Office\12.0\Excel\File MRU

MS Office 12.0 (PowerPoint): [SBI $242E8728] Recent Slideshow List (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\Office\12.0\PowerPoint\File MRU

MS Office 12.0 (Word): [SBI $E357B233] Recent Document List (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\Office\12.0\Word\File MRU

Cookie: [SBI $49804B54] Browser: Cookie (21) (Browser: Cookie, nothing done)
  

Cache: [SBI $49804B54] Browser: Cache (79) (Browser: Cache, nothing done)
  

Verlauf: [SBI $49804B54] Browser: History (35) (Browser: History, nothing done)
  


--- Spybot - Search & Destroy version: 2.0.12.131  DLL (build: 20121113) ---

2012-11-13 blindman.exe (2.0.12.151)
2012-11-13 explorer.exe (2.0.12.173)
2012-11-13 SDBootCD.exe (2.0.12.109)
2012-11-13 SDCleaner.exe (2.0.12.110)
2012-11-13 SDDelFile.exe (2.0.12.94)
2012-11-13 SDFiles.exe (2.0.12.135)
2012-11-13 SDFileScanHelper.exe (2.0.12.1)
2012-11-13 SDFSSvc.exe (2.0.12.205)
2012-11-13 SDImmunize.exe (2.0.12.130)
2012-11-13 SDLogReport.exe (2.0.12.107)
2012-11-13 SDPESetup.exe (2.0.12.3)
2012-11-13 SDPEStart.exe (2.0.12.86)
2012-11-13 SDPhoneScan.exe (2.0.12.27)
2012-11-13 SDPRE.exe (2.0.12.13)
2012-11-13 SDPrepPos.exe (2.0.12.10)
2012-11-13 SDQuarantine.exe (2.0.12.103)
2012-11-13 SDRootAlyzer.exe (2.0.12.116)
2012-11-13 SDSBIEdit.exe (2.0.12.39)
2012-11-13 SDScan.exe (2.0.12.173)
2012-11-13 SDScript.exe (2.0.12.53)
2012-11-13 SDSettings.exe (2.0.12.130)
2012-11-13 SDShred.exe (2.0.12.105)
2012-11-13 SDSysRepair.exe (2.0.12.101)
2012-11-13 SDTools.exe (2.0.12.150)
2012-11-13 SDTray.exe (2.0.12.127)
2012-11-13 SDUpdate.exe (2.0.12.89)
2012-11-13 SDUpdSvc.exe (2.0.12.76)
2012-11-13 SDWelcome.exe (2.0.12.126)
2012-11-13 SDWSCSvc.exe (2.0.12.2)
2012-12-17 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2012-11-13 SDAdvancedCheckLibrary.dll (2.0.12.98)
2012-11-13 SDECon32.dll (2.0.12.113)
2012-11-13 SDEvents.dll (2.0.12.2)
2012-11-13 SDFileScanLibrary.dll (2.0.12.9)
2012-11-13 SDHelper.dll (2.0.12.88)
2012-11-13 SDImmunizeLibrary.dll (2.0.12.2)
2012-11-13 SDLists.dll (2.0.12.4)
2012-11-13 SDResources.dll (2.0.12.7)
2012-11-13 SDScanLibrary.dll (2.0.12.131)
2012-11-13 SDTasks.dll (2.0.12.15)
2012-11-13 SDWinLogon.dll (2.0.12.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2012-11-13 Tools.dll (2.0.12.36)
2012-11-13 UninsSrv.dll (2.0.12.52)
2012-12-18 Includes\Adware.sbi (*)
2012-12-18 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2012-11-14 Includes\Dialer.sbi (*)
2012-11-14 Includes\DialerC.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2012-11-14 Includes\Hijackers.sbi (*)
2012-11-14 Includes\HijackersC.sbi (*)
2012-11-14 Includes\iPhone.sbi (*)
2012-11-14 Includes\Keyloggers.sbi (*)
2012-12-18 Includes\KeyloggersC.sbi (*)
2012-11-21 Includes\Malware.sbi (*)
2012-12-18 Includes\MalwareC.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2012-12-19 Includes\PUPSC.sbi (*)
2012-11-14 Includes\Security.sbi (*)
2012-11-14 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2012-11-14 Includes\Spyware.sbi (*)
2012-11-14 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2012-12-11 Includes\Trojans.sbi (*)
2012-11-14 Includes\TrojansC-02.sbi (*)
2012-12-18 Includes\TrojansC-03.sbi (*)
2012-11-29 Includes\TrojansC-04.sbi (*)
2012-11-14 Includes\TrojansC-05.sbi (*)
2012-12-03 Includes\TrojansC.sbi (*)
         
Firewall.log
Code:
ATTFilter
SDFSSvc.exe [2012-12-17 08:23:29] 0.0.0.0  Successfully started listening on port 21322.
SDFSSvc.exe [2012-12-17 15:18:48] 0.0.0.0  Successfully started listening on port 21322.
SDFSSvc.exe [2012-12-17 15:44:55] 0.0.0.0  Successfully started listening on port 21322.
SDFSSvc.exe [2012-12-17 19:03:57] 0.0.0.0  Successfully started listening on port 21322.
SDFSSvc.exe [2012-12-17 21:18:41] 0.0.0.0  Successfully started listening on port 21322.
SDFSSvc.exe [2012-12-19 16:39:06] 0.0.0.0  Successfully started listening on port 21322.
SDFSSvc.exe [2012-12-20 14:48:57] 0.0.0.0  Successfully started listening on port 21322.
SDFSSvc.exe [2012-12-22 14:02:20] 0.0.0.0  Successfully started listening on port 21322.
SDFSSvc.exe [2012-12-22 16:35:26] 0.0.0.0  Successfully started listening on port 21322.
SDFSSvc.exe [2012-12-22 18:01:05] 0.0.0.0  Successfully started listening on port 21322.
SDFSSvc.exe [2012-12-22 21:04:23] 0.0.0.0  Successfully started listening on port 21322.
         
Immunization-Browsers.log
Code:
ATTFilter
[ Mozilla Firefox & compatibles ]
. G: No path updating needed.
. G: No path updating needed.
. G: No path updating needed.
. a: User S-1-5-21-33246612-3796881123-789927732-1001 is not on a different drive
. A: Found Shell Folder AppData registry information: C:\Users\Marie\AppData\Roaming\
. A: Found Shell Folder Local AppData registry information: C:\Users\Marie\AppData\Local\
. G: No path updating needed.
. G: No path updating needed.
. a: User S-1-5-21-33246612-3796881123-789927732-1004 is not on a different drive
. A: Found Shell Folder AppData registry information: \
. A: Found Shell Folder Local AppData registry information: \
. C: Found AppData environment information: \
. F: Guessed (PE incompatible): C:\Users\Marie\AppData\Roaming\
. G: No path updating needed.
. G: No path updating needed.
. G: No path updating needed.
. Final AppData found: C:\Users\Marie\AppData\Roaming\
. Final AppData found: C:\Users\Marie\AppData\Roaming\
i Browser detection took 00.016 seconds.

[ Mozilla Firefox Portable & compatibles ]
i Browser detection took 00.000 seconds.

[ Mozilla Firefox & compatibles ]
. G: No path updating needed.
. G: No path updating needed.
. G: No path updating needed.
. a: User S-1-5-21-33246612-3796881123-789927732-1001 is not on a different drive
. A: Found Shell Folder AppData registry information: C:\Users\Marie\AppData\Roaming\
. A: Found Shell Folder Local AppData registry information: C:\Users\Marie\AppData\Local\
. G: No path updating needed.
. G: No path updating needed.
. a: User S-1-5-21-33246612-3796881123-789927732-1004 is not on a different drive
. A: Found Shell Folder AppData registry information: \
. A: Found Shell Folder Local AppData registry information: \
. C: Found AppData environment information: \
. F: Guessed (PE incompatible): C:\Users\Marie\AppData\Roaming\
. G: No path updating needed.
. G: No path updating needed.
. G: No path updating needed.
. Final AppData found: C:\Users\Marie\AppData\Roaming\
. Final AppData found: C:\Users\Marie\AppData\Roaming\
i Browser detection took 00.000 seconds.

[ Mozilla Firefox Portable & compatibles ]
i Browser detection took 00.000 seconds.

[ Mozilla Firefox & compatibles ]
. G: No path updating needed.
. G: No path updating needed.
. G: No path updating needed.
. a: User S-1-5-21-33246612-3796881123-789927732-1001 is not on a different drive
. A: Found Shell Folder AppData registry information: C:\Users\Marie\AppData\Roaming\
. A: Found Shell Folder Local AppData registry information: C:\Users\Marie\AppData\Local\
. G: No path updating needed.
. G: No path updating needed.
. a: User S-1-5-21-33246612-3796881123-789927732-1004 is not on a different drive
. A: Found Shell Folder AppData registry information: \
. A: Found Shell Folder Local AppData registry information: \
. C: Found AppData environment information: \
. F: Guessed (PE incompatible): C:\Users\Marie\AppData\Roaming\
. G: No path updating needed.
. G: No path updating needed.
. G: No path updating needed.
. Final AppData found: C:\Users\Marie\AppData\Roaming\
. Final AppData found: C:\Users\Marie\AppData\Roaming\
i Browser detection took 00.015 seconds.

[ Mozilla Firefox Portable & compatibles ]
i Browser detection took 00.000 seconds.

[ Mozilla Firefox & compatibles ]
. G: No path updating needed.
. G: No path updating needed.
. G: No path updating needed.
. a: User S-1-5-21-33246612-3796881123-789927732-1001 is not on a different drive
. A: Found Shell Folder AppData registry information: C:\Users\Marie\AppData\Roaming\
. A: Found Shell Folder Local AppData registry information: C:\Users\Marie\AppData\Local\
. G: No path updating needed.
. G: No path updating needed.
. a: User S-1-5-21-33246612-3796881123-789927732-1004 is not on a different drive
. A: Found Shell Folder AppData registry information: \
. A: Found Shell Folder Local AppData registry information: \
. C: Found AppData environment information: \
. F: Guessed (PE incompatible): C:\Users\Marie\AppData\Roaming\
. G: No path updating needed.
. G: No path updating needed.
. G: No path updating needed.
. Final AppData found: C:\Users\Marie\AppData\Roaming\
. Final AppData found: C:\Users\Marie\AppData\Roaming\
i Browser detection took 00.000 seconds.

[ Mozilla Firefox Portable & compatibles ]
i Browser detection took 00.000 seconds.

[ Opera ]
. G: No path updating needed.
. G: No path updating needed.
. G: No path updating needed.
. a: User S-1-5-21-33246612-3796881123-789927732-1001 is not on a different drive
. A: Found Shell Folder AppData registry information: C:\Users\Marie\AppData\Roaming\
. A: Found Shell Folder Local AppData registry information: C:\Users\Marie\AppData\Local\
. G: No path updating needed.
. G: No path updating needed.
. a: User S-1-5-21-33246612-3796881123-789927732-1004 is not on a different drive
. A: Found Shell Folder AppData registry information: \
. A: Found Shell Folder Local AppData registry information: \
. C: Found AppData environment information: \
. F: Guessed (PE incompatible): C:\Users\Marie\AppData\Roaming\
. G: No path updating needed.
. G: No path updating needed.
. G: No path updating needed.
. Probing possible profile in C:\Program Files\Opera\Opera\profile\...
. Probing possible profile in C:\Program Files\Opera\Opera7\profile\...
. Probing possible profile in C:\Program Files\Opera\Opera75\profile\...
. Probing possible profile in C:\Program Files\Opera\Opera80\profile\...
. Probing possible profile in C:\Program Files\Opera\Opera90\profile\...
. Probing possible profile in C:\Program Files\Opera\Opera95\profile\...
. Probing possible profile in C:\Program Files\Opera\Opera96\profile\...
i Browser detection took 00.000 seconds.

[ Opera Portable & compatibles ]
i Browser detection took 00.000 seconds.

[ Opera ]
. G: No path updating needed.
. G: No path updating needed.
. G: No path updating needed.
. a: User S-1-5-21-33246612-3796881123-789927732-1001 is not on a different drive
. A: Found Shell Folder AppData registry information: C:\Users\Marie\AppData\Roaming\
. A: Found Shell Folder Local AppData registry information: C:\Users\Marie\AppData\Local\
. G: No path updating needed.
. G: No path updating needed.
. a: User S-1-5-21-33246612-3796881123-789927732-1004 is not on a different drive
. A: Found Shell Folder AppData registry information: \
. A: Found Shell Folder Local AppData registry information: \
. C: Found AppData environment information: \
. F: Guessed (PE incompatible): C:\Users\Marie\AppData\Roaming\
. G: No path updating needed.
. G: No path updating needed.
. G: No path updating needed.
. Probing possible profile in C:\Program Files\Opera\Opera\profile\...
. Probing possible profile in C:\Program Files\Opera\Opera7\profile\...
. Probing possible profile in C:\Program Files\Opera\Opera75\profile\...
. Probing possible profile in C:\Program Files\Opera\Opera80\profile\...
. Probing possible profile in C:\Program Files\Opera\Opera90\profile\...
. Probing possible profile in C:\Program Files\Opera\Opera95\profile\...
. Probing possible profile in C:\Program Files\Opera\Opera96\profile\...
i Browser detection took 00.016 seconds.

[ Opera Portable & compatibles ]
i Browser detection took 00.000 seconds.

[ Opera ]
. G: No path updating needed.
. G: No path updating needed.
. G: No path updating needed.
. a: User S-1-5-21-33246612-3796881123-789927732-1001 is not on a different drive
. A: Found Shell Folder AppData registry information: C:\Users\Marie\AppData\Roaming\
. A: Found Shell Folder Local AppData registry information: C:\Users\Marie\AppData\Local\
. G: No path updating needed.
. G: No path updating needed.
. a: User S-1-5-21-33246612-3796881123-789927732-1004 is not on a different drive
. A: Found Shell Folder AppData registry information: \
. A: Found Shell Folder Local AppData registry information: \
. C: Found AppData environment information: \
. F: Guessed (PE incompatible): C:\Users\Marie\AppData\Roaming\
. G: No path updating needed.
. G: No path updating needed.
. G: No path updating needed.
. Probing possible profile in C:\Program Files\Opera\Opera\profile\...
. Probing possible profile in C:\Program Files\Opera\Opera7\profile\...
. Probing possible profile in C:\Program Files\Opera\Opera75\profile\...
. Probing possible profile in C:\Program Files\Opera\Opera80\profile\...
. Probing possible profile in C:\Program Files\Opera\Opera90\profile\...
. Probing possible profile in C:\Program Files\Opera\Opera95\profile\...
. Probing possible profile in C:\Program Files\Opera\Opera96\profile\...
i Browser detection took 00.000 seconds.

[ Opera Portable & compatibles ]
i Browser detection took 00.000 seconds.
         
RootAlyzer.121217-2201.txt
Code:
ATTFilter
// info: Rootkit removal help file
// copyright: (c) 2008-2012 Safer-Networking Ltd. All rights reserved.

:: RootAlyzer Results
File:"No admin in ACL","C:\Windows\System32\3DAudiou.dll"
File:"No admin in ACL","C:\Users\All Users\Microsoft\OFFICE\DATA"
File:"No admin in ACL","C:\Users\All Users\Microsoft\OFFICE\DATA\OPA12.BAK"
File:"No admin in ACL","C:\Users\All Users\Microsoft\OFFICE\DATA\opa12.dat"
File:"No admin in ACL","C:\ProgramData\Microsoft\OFFICE\DATA"
RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\","LogonSoundPlayed"
         
RootAlyzer.121222-1431.txt
Code:
ATTFilter
// info: Rootkit removal help file
// copyright: (c) 2008-2012 Safer-Networking Ltd. All rights reserved.

:: RootAlyzer Results
         
RootkitQuickScan.log
Code:
ATTFilter
RootAlyzer Quick Scan Results

Dateien im Windows-Verzeichnis
----------------------------------------
92 Dateien wurden überprüft.
Keine versteckten Dateien gefunden.
========================================

Dateien im Systemverzeichnis
----------------------------------------
2950 Dateien wurden überprüft.
Keine versteckten Dateien gefunden.
========================================

Systemweite Starteinträge
----------------------------------------

Keine versteckten Einträge gefunden.
========================================

Winlogon-Einträge
----------------------------------------

Keine versteckten Einträge gefunden.
========================================

Versteckte Prozesse (mittels Handles)
----------------------------------------
0 Handle-Prozess-IDs für 67 Prozesse.
Keine versteckten Prozesse entdeckt.
========================================

Versteckte Prozesse (mittels Threads)
----------------------------------------
67 Prozesse überprüft.
Keine versteckten Prozesse entdeckt.
========================================

Master Boot Records
----------------------------------------
2 MBRs überprüft.
Unbekannte MBRs: PhysicalDrive1
PhysicalDrive1
========================================
         
Scanner.log
Code:
ATTFilter
SDFSSvc.exe [2012-12-17 08:23:29] 0.0.0.0  Successfully started listening on port 21323.
SDFileScanLibrary.dll [2012-12-17 08:24:09] Loaded databases.
SDFSSvc.exe [2012-12-17 15:18:48] 0.0.0.0  Successfully started listening on port 21323.
SDFileScanLibrary.dll [2012-12-17 15:19:22] Loaded databases.
SDFSSvc.exe [2012-12-17 15:44:55] 0.0.0.0  Successfully started listening on port 21323.
SDFileScanLibrary.dll [2012-12-17 15:45:29] Loaded databases.
SDFSSvc.exe [2012-12-17 19:03:57] 0.0.0.0  Successfully started listening on port 21323.
SDFileScanLibrary.dll [2012-12-17 19:04:32] Loaded databases.
SDFSSvc.exe [2012-12-17 21:18:41] 0.0.0.0  Successfully started listening on port 21323.
SDFileScanLibrary.dll [2012-12-17 21:19:12] Loaded databases.
SDFSSvc.exe [2012-12-19 16:39:06] 0.0.0.0  Successfully started listening on port 21323.
SDFileScanLibrary.dll [2012-12-19 16:39:38] Loaded databases.
SDFSSvc.exe [2012-12-20 14:48:57] 0.0.0.0  Successfully started listening on port 21323.
SDFileScanLibrary.dll [2012-12-20 14:49:30] Loaded databases.
SDFSSvc.exe [2012-12-22 14:02:20] 0.0.0.0  Successfully started listening on port 21323.
SDFileScanLibrary.dll [2012-12-22 14:02:52] Loaded databases.
SDFSSvc.exe [2012-12-22 16:35:26] 0.0.0.0  Successfully started listening on port 21323.
SDFileScanLibrary.dll [2012-12-22 16:36:11] Loaded databases.
SDFSSvc.exe [2012-12-22 18:01:05] 0.0.0.0  Successfully started listening on port 21323.
SDFileScanLibrary.dll [2012-12-22 18:01:39] Loaded databases.
SDFSSvc.exe [2012-12-22 21:04:23] 0.0.0.0  Successfully started listening on port 21323.
SDFileScanLibrary.dll [2012-12-22 21:04:56] Loaded databases.
         
SDCleaner.log
Code:
ATTFilter
[i] 2012-12-17 08:54:20 : 
[i] 2012-12-17 08:54:20 Processing: 121217-082408.xml
[i] 2012-12-17 08:54:20 : 
[i] 2012-12-17 08:54:20 Product: IncrediBar
[i] 2012-12-17 08:54:20 Already cleaned: HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\  DisplayName
[i] 2012-12-17 08:54:20 Already cleaned: HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\  URL
[i] 2012-12-17 08:54:20 Already cleaned: HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\Internet Explorer\SearchScopes\  DefaultScope
[i] 2012-12-17 08:54:20 : 
[i] 2012-12-17 08:54:20 Product: Microsoft.WindowsSecurityCenter_disabled
[i] 2012-12-17 08:54:20 Already cleaned: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\  Start
[i] 2012-12-17 08:54:20 : 
[i] 2012-12-17 08:54:20 Product: Macromedia.FlashPlayer.Cookies
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\a.vimeocdn.com\  com.conviva.livePass.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\cache.spreadshirt.net\  sprd_c7_629654.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\cdn.widgetserver.com\  wbx_cookie.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\d.yimg.com\  YEPBWPrefs.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\d.yimg.com\  YEPVitalitySharedObject.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\demandware.edgesuite.net\  com.jeroenwijering.players.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\g-ecx.images-amazon.com\  AlbumSampler.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\images-na.ssl-images-amazon.com\  mercury.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\images.buttinette.com\  s7_storage_tracker.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\l.yimg.com\  com.conviva.livePass.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\login.yahoo.com\  loginCache.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\mail.google.com\  wakeup.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\mpsnare.iesnare.com\  stm.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\pub.widgetbox.com\  wbx_cookie.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\redblue.scene7.com\  s7_storage_init.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\redblue.scene7.com\  s7_storage_tracker.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\s-static.ak.fbcdn.net\  www.simfy.de.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\s.ytimg.com\  soundData.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\s.ytimg.com\  videostats.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\secureinclude.ebaystatic.com\  ebayLSO.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\secureinclude.ebaystatic.com\  ebayT.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\ssl.hurra.com\  restore.hurra.com.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\static-dhd24.dhd.de\  com.jeroenwijering.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\static.sevenload.net\  analytics.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\video.holidaycheck.de\  com.jeroenwijering.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\web.de\  PF_LSOConnector.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\www.baur.de\  REGISTRY.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\www.baur.de\  sol.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\www.cashback4you.de\  pap20.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\www.jochen-schweizer.de\  lsoContent.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\www.jochen-schweizer.de\  lsoSearch.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\www.jochen-schweizer.de\  lsoTrack.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\www.lindt.com\  analytics.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\www.player.previewnetworks.com\  analytics.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\www.tripadvisor.de\  TA.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\www.vistaprint.de\  dataStorage.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\zcache.zgncdn.com\  farm.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\zcache.zgncdn.com\  hidden_chronicles.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\skype.com\#ui\  preferences.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\skype.com\#user\  segment.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\skype.com\#user\  session.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\skypeassets.com\#ui\  source.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\www.mercedes-amg.com\main.swf\  mercedes-amg.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\www.rtlregional.de\videoplayer.swf\  rtl.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\www.shirtalarm.de\procon.swf\  procon.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\a.affil.io\s\af.swf\  afstorage.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\flickr.com\slideShow\slideShow.swf\  slideShowMS.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\heias.com\x\heias_sc.swf\  heias.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\microsites.pearl.de\bk\elkat.swf\  elkat104526.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\rtl-now.rtl.de\includes\vodplayer.liveab.swf\  ConnectionInfo.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\rtl-now.rtl.de\includes\vodplayer.liveab.swf\  rtl.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\rtl-now.rtl.de\includes\vodplayer.liveab.swf\  userinfo6.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\www.rahmenversand.com\movies\flowplayer-3.2.7.swf\  org.flowplayer.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\www2l.incredimail.com\fc\fc.swf\  im.sol
[i] 2012-12-17 08:54:20 : 
[i] 2012-12-17 08:54:20 Product: Log
[+] 2012-12-17 08:54:20 Moving into quarantine: C:\Windows\  setupact.log
[+] 2012-12-17 08:54:20 Moving into quarantine: C:\Windows\  DtcInstall.log
[+] 2012-12-17 08:54:21 Successfully cleaned: C:\Windows\  setupact.log
[+] 2012-12-17 08:54:21 Successfully cleaned: C:\Windows\  DtcInstall.log
[i] 2012-12-17 08:54:21 : 
[i] 2012-12-17 08:54:21 Product: Internet Explorer
[i] 2012-12-17 08:54:21 Already cleaned: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\  User Agent
[i] 2012-12-17 08:54:21 Already cleaned: HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\  User Agent
[i] 2012-12-17 08:54:21 Already cleaned: HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\  User Agent
[i] 2012-12-17 08:54:21 : 
[i] 2012-12-17 08:54:21 Product: MS Management Console
[i] 2012-12-17 08:54:21 Already cleaned: HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\Microsoft Management Console\Recent File List  
[i] 2012-12-17 08:54:21 : 
[i] 2012-12-17 08:54:21 Product: MS Media Player
[i] 2012-12-17 08:54:21 Already cleaned: HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\MediaPlayer\Player\Settings\  Client ID
[i] 2012-12-17 08:54:21 : 
[i] 2012-12-17 08:54:21 Product: MS Direct3D
[i] 2012-12-17 08:54:21 Already cleaned: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\  Name
[i] 2012-12-17 08:54:21 Already cleaned: HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\  Name
[i] 2012-12-17 08:54:21 Already cleaned: HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\Direct3D\MostRecentApplication\  Name
[i] 2012-12-17 08:54:21 Already cleaned: HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\  Name
[i] 2012-12-17 08:54:21 : 
[i] 2012-12-17 08:54:21 Product: MS DirectDraw
[i] 2012-12-17 08:54:21 Already cleaned: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\  Name
[i] 2012-12-17 08:54:21 : 
[i] 2012-12-17 08:54:21 Product: MS DirectInput
[i] 2012-12-17 08:54:21 Already cleaned: HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\DirectInput\MostRecentApplication\  Name
[i] 2012-12-17 08:54:21 Already cleaned: HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\DirectInput\MostRecentApplication\  Id
[i] 2012-12-17 08:54:21 : 
[i] 2012-12-17 08:54:21 Product: MS Paint
[i] 2012-12-17 08:54:21 Already cleaned: HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List  
[i] 2012-12-17 08:54:21 : 
[i] 2012-12-17 08:54:21 Product: Windows.OpenWith
[i] 2012-12-17 08:54:21 Already cleaned: HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList  
[i] 2012-12-17 08:54:21 Already cleaned: HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList  
[i] 2012-12-17 08:54:21 Already cleaned: HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CUE\OpenWithList  
[i] 2012-12-17 08:54:21 : 
[i] 2012-12-17 08:54:21 Product: Windows Explorer
[i] 2012-12-17 08:54:21 Already cleaned: HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU  
[i] 2012-12-17 08:54:21 Already cleaned: HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU  
[i] 2012-12-17 08:54:21 : 
[i] 2012-12-17 08:54:21 Product: Windows Media SDK
[i] 2012-12-17 08:54:21 Already cleaned: HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\Windows Media\WMSDK\General\  ComputerName
[i] 2012-12-17 08:54:21 Already cleaned: HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\Windows Media\WMSDK\General\  UniqueID
[i] 2012-12-17 08:54:21 Already cleaned: HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\Windows Media\WMSDK\General\  VolumeSerialNumber
[i] 2012-12-17 08:54:21 : 
[i] 2012-12-17 08:54:21 Product: Cookie
[i] 2012-12-17 08:54:21 Already cleaned: Internet Explorer (Benutzer) (Marie)  Cookies
[i] 2012-12-17 08:54:21 : 
[i] 2012-12-17 08:54:21 Product: Cache
[i] 2012-12-17 08:54:21 Already cleaned: Internet Explorer (Benutzer) (Marie)  Cache
[i] 2012-12-17 08:54:21 : 
[i] 2012-12-17 08:54:21 Summary: 
[i] 2012-12-17 08:54:21 Errors while cleaning: 0
[i] 2012-12-17 08:54:21 Files moved into quarantine: 2
[i] 2012-12-17 08:54:21 Files successfully cleaned: 83
[+] 2012-12-17 08:54:21 : Gratulation, alles (aus Datei 121217-082408.xml) wurde gelˆscht.
[i] 2012-12-22 14:58:29 : 
[i] 2012-12-22 14:58:29 Processing: 121222-143133.xml
[i] 2012-12-22 14:58:29 : 
[i] 2012-12-22 14:58:29 Product: Microsoft.WindowsSecurityCenter_disabled
[i] 2012-12-22 14:58:29 Already cleaned: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\  Start
[i] 2012-12-22 14:58:29 : 
[i] 2012-12-22 14:58:29 Product: Macromedia.FlashPlayer.Cookies
[i] 2012-12-22 14:58:29 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\a.affil.io\s\af.swf\  afstorage.sol
[i] 2012-12-22 14:58:29 : 
[i] 2012-12-22 14:58:29 Product: FastClick
[i] 2012-12-22 14:58:29 Already cleaned: Cookie (Internet Explorer (Benutzer): Marie)  Cookie:marie@fastclick.net/ ()
[i] 2012-12-22 14:58:29 : 
[i] 2012-12-22 14:58:29 Product: MediaPlex
[i] 2012-12-22 14:58:29 Already cleaned: Cookie (Internet Explorer (Benutzer): Marie)  Cookie:marie@mediaplex.com/ ()
[i] 2012-12-22 14:58:29 Already cleaned: Cookie (Internet Explorer (Benutzer): Marie)  Cookie:marie@apmebf.com/ ()
[i] 2012-12-22 14:58:29 : 
[i] 2012-12-22 14:58:29 Product: Log
[+] 2012-12-22 14:58:29 Moving into quarantine: C:\Windows\  setupact.log
[+] 2012-12-22 14:58:29 Successfully cleaned: C:\Windows\  setupact.log
[i] 2012-12-22 14:58:29 : 
[i] 2012-12-22 14:58:29 Product: Internet Explorer
[i] 2012-12-22 14:58:29 Already cleaned: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\  User Agent
[i] 2012-12-22 14:58:29 Already cleaned: HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\  User Agent
[i] 2012-12-22 14:58:29 : 
[i] 2012-12-22 14:58:29 Product: MS Management Console
[i] 2012-12-22 14:58:29 Already cleaned: HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\Microsoft Management Console\Recent File List  
[i] 2012-12-22 14:58:29 : 
[i] 2012-12-22 14:58:29 Product: MS Direct3D
[i] 2012-12-22 14:58:29 Already cleaned: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\  Name
[i] 2012-12-22 14:58:29 Already cleaned: HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\  Name
[i] 2012-12-22 14:58:29 Already cleaned: HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\Direct3D\MostRecentApplication\  Name
[i] 2012-12-22 14:58:29 Already cleaned: HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\  Name
[i] 2012-12-22 14:58:29 : 
[i] 2012-12-22 14:58:29 Product: MS DirectDraw
[i] 2012-12-22 14:58:29 Already cleaned: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\  Name
[i] 2012-12-22 14:58:29 : 
[i] 2012-12-22 14:58:29 Product: MS DirectInput
[i] 2012-12-22 14:58:29 Already cleaned: HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\DirectInput\MostRecentApplication\  Name
[i] 2012-12-22 14:58:29 Already cleaned: HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\DirectInput\MostRecentApplication\  Id
[i] 2012-12-22 14:58:29 : 
[i] 2012-12-22 14:58:29 Product: MS Office 12.0
[i] 2012-12-22 14:58:29 Already cleaned: HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\Office\12.0\Common\Internet\  UseRWHlinkNavigation
[i] 2012-12-22 14:58:29 : 
[i] 2012-12-22 14:58:29 Product: MS Office 12.0 (Excel)
[i] 2012-12-22 14:58:29 Already cleaned: HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\Office\12.0\Excel\File MRU  
[i] 2012-12-22 14:58:29 : 
[i] 2012-12-22 14:58:29 Product: MS Office 12.0 (PowerPoint)
[i] 2012-12-22 14:58:29 Already cleaned: HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\Office\12.0\PowerPoint\File MRU  
[i] 2012-12-22 14:58:29 : 
[i] 2012-12-22 14:58:29 Product: MS Office 12.0 (Word)
[i] 2012-12-22 14:58:29 Already cleaned: HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\Office\12.0\Word\File MRU  
[i] 2012-12-22 14:58:29 : 
[i] 2012-12-22 14:58:29 Product: Cookie
[i] 2012-12-22 14:58:29 Already cleaned: Internet Explorer (Benutzer) (Marie)  Cookies
[i] 2012-12-22 14:58:29 : 
[i] 2012-12-22 14:58:29 Product: Cache
[i] 2012-12-22 14:58:29 Already cleaned: Internet Explorer (Benutzer) (Marie)  Cache
[i] 2012-12-22 14:58:29 : 
[i] 2012-12-22 14:58:29 Product: Verlauf
[i] 2012-12-22 14:58:29 Already cleaned: Internet Explorer (Benutzer) (Marie)  History
[i] 2012-12-22 14:58:29 : 
[i] 2012-12-22 14:58:29 Summary: 
[i] 2012-12-22 14:58:29 Errors while cleaning: 0
[i] 2012-12-22 14:58:29 Files moved into quarantine: 1
[i] 2012-12-22 14:58:29 Files successfully cleaned: 23
[+] 2012-12-22 14:58:29 : Gratulation, alles (aus Datei 121222-143133.xml) wurde gelˆscht.
         
Updates.log
Code:
ATTFilter
SDUpdSvc.exe [2012-12-17 08:23:32] [+] Background Updating Service got started...
SDUpdSvc.exe [2012-12-17 08:23:32] 0.0.0.0  Successfully started listening on port 21321.
SDUpdate.exe [2012-12-17 08:23:36] [+] Updating Service is active.
SDUpdate.exe [2012-12-17 08:23:36] [.] Trying to retrieve update info file from hxxp://updates1.safer-networking.org/spybotsd2.uid...
SDUpdate.exe [2012-12-17 08:23:36] [+] Retrieved update info file.
SDUpdate.exe [2012-12-17 08:23:38] [.] Info file part done.
SDUpdate.exe [2012-12-17 08:24:04] Includes\Adware.sbi (version 20121114) needs to be updated.
SDUpdate.exe [2012-12-17 08:24:04] Includes\AdwareC.sbi (version 20121114) needs to be updated.
SDUpdate.exe [2012-12-17 08:24:05] Includes\Malware.sbi (version 20121114) needs to be updated.
SDUpdate.exe [2012-12-17 08:24:05] Includes\MalwareC.sbi (version 20121114) needs to be updated.
SDUpdate.exe [2012-12-17 08:24:06] Includes\PUPSC.sbi (version 20121114) needs to be updated.
SDUpdate.exe [2012-12-17 08:24:06] Includes\Tracks.uti (version 20050217) needs to be updated.
SDUpdate.exe [2012-12-17 08:24:06] Includes\Trojans.sbi (version 20121114) needs to be updated.
SDUpdate.exe [2012-12-17 08:24:06] Includes\TrojansC.sbi (version 20121114) needs to be updated.
SDUpdate.exe [2012-12-17 08:24:06] Includes\TrojansC-03.sbi (version 20121114) needs to be updated.
SDUpdate.exe [2012-12-17 08:24:06] Includes\TrojansC-04.sbi (version 20121114) needs to be updated.
SDUpdSvc.exe [2012-12-17 15:18:50] [+] Background Updating Service got started...
SDUpdSvc.exe [2012-12-17 15:18:50] 0.0.0.0  Successfully started listening on port 21321.
SDUpdSvc.exe [2012-12-17 15:44:57] [+] Background Updating Service got started...
SDUpdSvc.exe [2012-12-17 15:44:57] 0.0.0.0  Successfully started listening on port 21321.
SDUpdSvc.exe [2012-12-17 19:03:59] [+] Background Updating Service got started...
SDUpdSvc.exe [2012-12-17 19:03:59] 0.0.0.0  Successfully started listening on port 21321.
SDUpdate.exe [2012-12-17 19:33:55] Includes\Adware.sbi (version 20121114) needs to be updated.
SDUpdate.exe [2012-12-17 19:33:55] Includes\AdwareC.sbi (version 20121114) needs to be updated.
SDUpdate.exe [2012-12-17 19:33:56] Includes\Malware.sbi (version 20121114) needs to be updated.
SDUpdate.exe [2012-12-17 19:33:56] Includes\MalwareC.sbi (version 20121114) needs to be updated.
SDUpdate.exe [2012-12-17 19:33:57] Includes\PUPSC.sbi (version 20121114) needs to be updated.
SDUpdate.exe [2012-12-17 19:33:57] Includes\Tracks.uti (version 20050217) needs to be updated.
SDUpdate.exe [2012-12-17 19:33:57] Includes\Trojans.sbi (version 20121114) needs to be updated.
SDUpdate.exe [2012-12-17 19:33:57] Includes\TrojansC.sbi (version 20121114) needs to be updated.
SDUpdate.exe [2012-12-17 19:33:57] Includes\TrojansC-03.sbi (version 20121114) needs to be updated.
SDUpdate.exe [2012-12-17 19:33:57] Includes\TrojansC-04.sbi (version 20121114) needs to be updated.
SDUpdSvc.exe [2012-12-17 21:18:56] [+] Background Updating Service got started...
SDUpdSvc.exe [2012-12-17 21:18:56] 0.0.0.0  Successfully started listening on port 21321.
SDUpdate.exe [2012-12-17 21:48:39] Includes\Adware.sbi (version 20121114) needs to be updated.
SDUpdate.exe [2012-12-17 21:48:39] Includes\AdwareC.sbi (version 20121114) needs to be updated.
SDUpdate.exe [2012-12-17 21:48:42] Includes\Malware.sbi (version 20121114) needs to be updated.
SDUpdate.exe [2012-12-17 21:48:42] Includes\MalwareC.sbi (version 20121114) needs to be updated.
SDUpdate.exe [2012-12-17 21:48:43] Includes\PUPSC.sbi (version 20121114) needs to be updated.
SDUpdate.exe [2012-12-17 21:48:44] Includes\Tracks.uti (version 20050217) needs to be updated.
SDUpdate.exe [2012-12-17 21:48:44] Includes\Trojans.sbi (version 20121114) needs to be updated.
SDUpdate.exe [2012-12-17 21:48:44] Includes\TrojansC.sbi (version 20121114) needs to be updated.
SDUpdate.exe [2012-12-17 21:48:44] Includes\TrojansC-03.sbi (version 20121114) needs to be updated.
SDUpdate.exe [2012-12-17 21:48:44] Includes\TrojansC-04.sbi (version 20121114) needs to be updated.
SDUpdSvc.exe [2012-12-19 16:39:09] [+] Background Updating Service got started...
SDUpdSvc.exe [2012-12-19 16:39:09] 0.0.0.0  Successfully started listening on port 21321.
SDUpdate.exe [2012-12-19 17:08:45] Includes\Adware.sbi (version 20121114) needs to be updated.
SDUpdate.exe [2012-12-19 17:08:45] Includes\AdwareC.sbi (version 20121114) needs to be updated.
SDUpdate.exe [2012-12-19 17:08:46] Includes\Malware.sbi (version 20121114) needs to be updated.
SDUpdate.exe [2012-12-19 17:08:46] Includes\MalwareC.sbi (version 20121114) needs to be updated.
SDUpdate.exe [2012-12-19 17:08:47] Includes\PUPSC.sbi (version 20121114) needs to be updated.
SDUpdate.exe [2012-12-19 17:08:48] Includes\Tracks.uti (version 20050217) needs to be updated.
SDUpdate.exe [2012-12-19 17:08:48] Includes\Trojans.sbi (version 20121114) needs to be updated.
SDUpdate.exe [2012-12-19 17:08:48] Includes\TrojansC.sbi (version 20121114) needs to be updated.
SDUpdate.exe [2012-12-19 17:08:48] Includes\TrojansC-03.sbi (version 20121114) needs to be updated.
SDUpdate.exe [2012-12-19 17:08:48] Includes\TrojansC-04.sbi (version 20121114) needs to be updated.
SDUpdSvc.exe [2012-12-20 14:48:58] [+] Background Updating Service got started...
SDUpdSvc.exe [2012-12-20 14:48:58] 0.0.0.0  Successfully started listening on port 21321.
SDUpdate.exe [2012-12-20 15:18:58] Includes\Adware.sbi (version 20121114) needs to be updated.
SDUpdate.exe [2012-12-20 15:18:58] Includes\AdwareC.sbi (version 20121114) needs to be updated.
SDUpdate.exe [2012-12-20 15:18:59] Includes\Malware.sbi (version 20121114) needs to be updated.
SDUpdate.exe [2012-12-20 15:18:59] Includes\MalwareC.sbi (version 20121114) needs to be updated.
SDUpdate.exe [2012-12-20 15:18:59] Includes\PUPSC.sbi (version 20121114) needs to be updated.
SDUpdate.exe [2012-12-20 15:19:00] Includes\Tracks.uti (version 20050217) needs to be updated.
SDUpdate.exe [2012-12-20 15:19:00] Includes\Trojans.sbi (version 20121114) needs to be updated.
SDUpdate.exe [2012-12-20 15:19:00] Includes\TrojansC.sbi (version 20121114) needs to be updated.
SDUpdate.exe [2012-12-20 15:19:00] Includes\TrojansC-03.sbi (version 20121114) needs to be updated.
SDUpdate.exe [2012-12-20 15:19:00] Includes\TrojansC-04.sbi (version 20121114) needs to be updated.
SDUpdSvc.exe [2012-12-22 14:02:21] [+] Background Updating Service got started...
SDUpdSvc.exe [2012-12-22 14:02:21] 0.0.0.0  Successfully started listening on port 21321.
SDUpdSvc.exe [2012-12-22 14:27:21] Trying to retrieving news...
SDUpdSvc.exe [2012-12-22 14:27:25] 10 news articles found.
SDUpdSvc.exe [2012-12-22 14:27:25] Started looking for updates...
SDUpdSvc.exe [2012-12-22 14:27:25] [+] Updating Service is active.
SDUpdSvc.exe [2012-12-22 14:27:25] [.] Trying to retrieve update info file from hxxp://updates3.safer-networking.org/spybotsd2.uid...
SDUpdSvc.exe [2012-12-22 14:27:25] [+] Retrieved update info file.
SDUpdSvc.exe [2012-12-22 14:27:25] [.] Info file part done.
SDUpdSvc.exe [2012-12-22 14:27:25] [.] Testing which updates apply to this version...
SDUpdSvc.exe [2012-12-22 14:27:25] [+] TrojansC-04.sbi (version 20121114) needs to be updated (to version 20121129).
SDUpdSvc.exe [2012-12-22 14:27:25] [+] TrojansC-03.sbi (version 20121114) needs to be updated (to version 20121218).
SDUpdSvc.exe [2012-12-22 14:27:25] [+] TrojansC.sbi (version 20121114) needs to be updated (to version 20121203).
SDUpdSvc.exe [2012-12-22 14:27:25] [+] Trojans.sbi (version 20121114) needs to be updated (to version 20121211).
SDUpdSvc.exe [2012-12-22 14:27:25] [+] Tracks.uti (version 20050217) needs to be updated (to version 20121119).
SDUpdSvc.exe [2012-12-22 14:27:25] [+] PUPSC.sbi (version 20121114) needs to be updated (to version 20121219).
SDUpdSvc.exe [2012-12-22 14:27:25] [+] MalwareC.sbi (version 20121114) needs to be updated (to version 20121218).
SDUpdSvc.exe [2012-12-22 14:27:25] [+] Malware.sbi (version 20121114) needs to be updated (to version 20121121).
SDUpdSvc.exe [2012-12-22 14:27:25] [+] KeyloggersC.sbi (version 20121114) needs to be updated (to version 20121218).
SDUpdSvc.exe [2012-12-22 14:27:25] [+] GoodBankScripts.sbs (version 20061102) needs to be updated (to version 20121218).
SDUpdSvc.exe [2012-12-22 14:27:25] [+] AdwareC.sbi (version 20121114) needs to be updated (to version 20121218).
SDUpdSvc.exe [2012-12-22 14:27:25] [+] Adware.sbi (version 20121114) needs to be updated (to version 20121218).
SDUpdSvc.exe [2012-12-22 14:27:25] [.] Downloading updates...
SDUpdSvc.exe [2012-12-22 14:27:25] [+] File "Adware.sbi" needs to be downloaded.
SDUpdSvc.exe [2012-12-22 14:27:25] [+] Downloaded archive "Adware.sbi-20121218.cab" from hxxp://www.antispyware-downloadserver.com/updates/spybot2/.
SDUpdSvc.exe [2012-12-22 14:27:25] [+] Extracted "Adware.sbi-20121218.cab"!
SDUpdSvc.exe [2012-12-22 14:27:25] [+] Installed "Adware.sbi".
SDUpdSvc.exe [2012-12-22 14:27:25] [+] File "AdwareC.sbi" needs to be downloaded.
SDUpdSvc.exe [2012-12-22 14:27:25] [+] Downloaded archive "AdwareC.sbi-20121218.cab" from hxxp://87.106.139.74/updates/spybot2/.
SDUpdSvc.exe [2012-12-22 14:27:25] [+] Extracted "AdwareC.sbi-20121218.cab"!
SDUpdSvc.exe [2012-12-22 14:27:25] [+] Installed "AdwareC.sbi".
SDUpdSvc.exe [2012-12-22 14:27:25] [+] File "GoodBankScripts.sbs" needs to be downloaded.
SDUpdSvc.exe [2012-12-22 14:27:25] [+] Downloaded archive "GoodBankScripts.sbs-20121218.cab" from hxxp://spybot.gehirnbrand.de/updates/spybot2files/.
SDUpdSvc.exe [2012-12-22 14:27:25] [+] Extracted "GoodBankScripts.sbs-20121218.cab"!
SDUpdSvc.exe [2012-12-22 14:27:25] [+] Installed "GoodBankScripts.sbs".
SDUpdSvc.exe [2012-12-22 14:27:25] [+] File "KeyloggersC.sbi" needs to be downloaded.
SDUpdSvc.exe [2012-12-22 14:27:26] [+] Downloaded archive "KeyloggersC.sbi-20121218.cab" from hxxp://87.106.139.74/updates/spybot2/.
SDUpdSvc.exe [2012-12-22 14:27:26] [+] Extracted "KeyloggersC.sbi-20121218.cab"!
SDUpdSvc.exe [2012-12-22 14:27:26] [+] Installed "KeyloggersC.sbi".
SDUpdSvc.exe [2012-12-22 14:27:26] [+] File "Malware.sbi" needs to be downloaded.
SDUpdSvc.exe [2012-12-22 14:27:27] [+] Downloaded archive "Malware.sbi-20121121.cab" from hxxp://updates4.safer-networking.org/spybot2/.
SDUpdSvc.exe [2012-12-22 14:27:27] [+] Extracted "Malware.sbi-20121121.cab"!
SDUpdSvc.exe [2012-12-22 14:27:27] [+] Installed "Malware.sbi".
SDUpdSvc.exe [2012-12-22 14:27:27] [+] File "MalwareC.sbi" needs to be downloaded.
SDUpdSvc.exe [2012-12-22 14:27:27] [+] Downloaded archive "MalwareC.sbi-20121218.cab" from hxxp://www.spybotupdates.biz/updates/spybot2/.
SDUpdSvc.exe [2012-12-22 14:27:27] [+] Extracted "MalwareC.sbi-20121218.cab"!
SDUpdSvc.exe [2012-12-22 14:27:27] [+] Installed "MalwareC.sbi".
SDUpdSvc.exe [2012-12-22 14:27:27] [+] File "PUPSC.sbi" needs to be downloaded.
SDUpdSvc.exe [2012-12-22 14:27:28] [+] Downloaded archive "PUPSC.sbi-20121219.cab" from hxxp://nervion.us.es/updates/spybot2files/.
SDUpdSvc.exe [2012-12-22 14:27:28] [+] Extracted "PUPSC.sbi-20121219.cab"!
SDUpdSvc.exe [2012-12-22 14:27:28] [+] Installed "PUPSC.sbi".
SDUpdSvc.exe [2012-12-22 14:27:28] [+] File "Tracks.uti" needs to be downloaded.
SDUpdSvc.exe [2012-12-22 14:27:28] [+] Downloaded archive "Tracks.uti-20121119.cab" from hxxp://spybot.gehirnbrand.de/updates/spybot2files/.
SDUpdSvc.exe [2012-12-22 14:27:28] [+] Extracted "Tracks.uti-20121119.cab"!
SDUpdSvc.exe [2012-12-22 14:27:28] [+] Installed "Tracks.uti".
SDUpdSvc.exe [2012-12-22 14:27:28] [+] File "Trojans.sbi" needs to be downloaded.
SDUpdSvc.exe [2012-12-22 14:27:32] [+] Downloaded archive "Trojans.sbi-20121211.cab" from hxxp://spybot.gehirnbrand.de/updates/spybot2files/.
SDUpdSvc.exe [2012-12-22 14:27:32] [+] Extracted "Trojans.sbi-20121211.cab"!
SDUpdSvc.exe [2012-12-22 14:27:32] [+] Installed "Trojans.sbi".
SDUpdSvc.exe [2012-12-22 14:27:32] [+] File "TrojansC.sbi" needs to be downloaded.
SDUpdSvc.exe [2012-12-22 14:27:33] [+] Downloaded archive "TrojansC.sbi-20121203.cab" from hxxp://ns364576.ovh.net/spybot2/updates/spybot2/.
SDUpdSvc.exe [2012-12-22 14:27:33] [+] Extracted "TrojansC.sbi-20121203.cab"!
SDUpdSvc.exe [2012-12-22 14:27:33] [+] Installed "TrojansC.sbi".
SDUpdSvc.exe [2012-12-22 14:27:33] [+] File "TrojansC-03.sbi" needs to be downloaded.
SDUpdSvc.exe [2012-12-22 14:27:34] [+] Downloaded archive "TrojansC-03.sbi-20121218.cab" from hxxp://spybot.securitywonks.org/updates/spybot2files/.
SDUpdSvc.exe [2012-12-22 14:27:34] [+] Extracted "TrojansC-03.sbi-20121218.cab"!
SDUpdSvc.exe [2012-12-22 14:27:34] [+] Installed "TrojansC-03.sbi".
SDUpdSvc.exe [2012-12-22 14:27:34] [+] File "TrojansC-04.sbi" needs to be downloaded.
SDUpdSvc.exe [2012-12-22 14:27:34] [+] Downloaded archive "TrojansC-04.sbi-20121129.cab" from hxxp://ns364576.ovh.net/spybot2/updates/spybot2/.
SDUpdSvc.exe [2012-12-22 14:27:34] [+] Extracted "TrojansC-04.sbi-20121129.cab"!
SDUpdSvc.exe [2012-12-22 14:27:34] [+] Installed "TrojansC-04.sbi".
SDUpdSvc.exe [2012-12-22 14:27:34] [+] All files have been processed.
SDUpdSvc.exe [2012-12-22 14:27:34] +++
SDUpdSvc.exe [2012-12-22 14:27:34] Processed 12 updates
SDUpdSvc.exe [2012-12-22 16:35:29] [+] Background Updating Service got started...
SDUpdSvc.exe [2012-12-22 16:35:29] 0.0.0.0  Successfully started listening on port 21321.
SDUpdSvc.exe [2012-12-22 18:01:06] [+] Background Updating Service got started...
SDUpdSvc.exe [2012-12-22 18:01:06] 0.0.0.0  Successfully started listening on port 21321.
SDUpdSvc.exe [2012-12-22 21:04:26] [+] Background Updating Service got started...
SDUpdSvc.exe [2012-12-22 21:04:26] 0.0.0.0  Successfully started listening on port 21321.
         
So das war es. Mehr dazu habe ich nicht. Hoffe, dass es weiterhilft. Ansonsten warte ich auf weitere Anweisungen. ;-)
__________________

Alt 22.12.2012, 21:38   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Sicherheitscenter deaktiviert sich von selbst und URL-Redirect bei Google Suchen - Standard

Windows Sicherheitscenter deaktiviert sich von selbst und URL-Redirect bei Google Suchen



Spybot kannst du ruhigen Gewissens deinstallieren, denn es ist weitgehend wirkungslos.

Hast du keine weiteren Logs? Wie siehts aus mit AntiVir oder Malwarebytes (falls installiert) - gab es da nie Funde?

Alt 22.12.2012, 21:59   #5
Dirk3127
 
Windows Sicherheitscenter deaktiviert sich von selbst und URL-Redirect bei Google Suchen - Standard

Windows Sicherheitscenter deaktiviert sich von selbst und URL-Redirect bei Google Suchen



Nein, keine weiteren Logs. Malwarebytes habe ich nicht installiert. Avira AntiVir hat nichts gefunden, daher auch keine Logs. :-/


Alt 22.12.2012, 22:11   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Sicherheitscenter deaktiviert sich von selbst und URL-Redirect bei Google Suchen - Standard

Windows Sicherheitscenter deaktiviert sich von selbst und URL-Redirect bei Google Suchen



Ok, dann mal weiter

Zitat:
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Warum bitte eine Professional Edition für Windows? Wer braucht das als Heimanwender?
Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner?
__________________
--> Windows Sicherheitscenter deaktiviert sich von selbst und URL-Redirect bei Google Suchen

Alt 22.12.2012, 22:22   #7
Dirk3127
 
Windows Sicherheitscenter deaktiviert sich von selbst und URL-Redirect bei Google Suchen - Standard

Windows Sicherheitscenter deaktiviert sich von selbst und URL-Redirect bei Google Suchen



Weder noch. Es ist ein privater Laptop. Das Windows habe ich aufgespielt. Die Lizenz kommt aus meinem MSDNAA Account. Da ich Mac-User bin und die Lizenz daher eh frei war, habe ich die genommen.

Alt 22.12.2012, 22:55   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Sicherheitscenter deaktiviert sich von selbst und URL-Redirect bei Google Suchen - Standard

Windows Sicherheitscenter deaktiviert sich von selbst und URL-Redirect bei Google Suchen



Ok, danke für die Erläuerung

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.


2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!


Alt 22.12.2012, 23:33   #9
Dirk3127
 
Windows Sicherheitscenter deaktiviert sich von selbst und URL-Redirect bei Google Suchen - Standard

Windows Sicherheitscenter deaktiviert sich von selbst und URL-Redirect bei Google Suchen



Hallo,

habe alles nach deiner Anleitung ausgeführt. Hat alles ohne Probleme funktioniert! Hier die Logs:

aswMBR.txt
Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-22 23:07:20
-----------------------------
23:07:20.100    OS Version: Windows 6.1.7601 Service Pack 1
23:07:20.100    Number of processors: 2 586 0xF0D
23:07:20.100    ComputerName: MARIES-NOTEBOOK  UserName: Marie
23:07:49.852    Initialize success
23:12:58.451    AVAST engine defs: 12122200
23:13:32.991    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
23:13:33.006    Disk 0 Vendor: TOSHIBA_MK3252GSX LV011C Size: 305245MB BusType: 11
23:13:33.022    Disk 0 MBR read successfully
23:13:33.022    Disk 0 MBR scan
23:13:33.038    Disk 0 Windows 7 default MBR code
23:13:33.038    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       296042 MB offset 63
23:13:33.069    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS         9199 MB offset 606296064
23:13:33.084    Disk 0 scanning sectors +625135616
23:13:33.131    Disk 0 scanning C:\Windows\system32\drivers
23:13:44.316    Service scanning
23:14:14.924    Modules scanning
23:14:22.256    Disk 0 trace - called modules:
23:14:22.287    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys 
23:14:22.303    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x861b3720]
23:14:22.318    3 CLASSPNP.SYS[8b1c759e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x860e5908]
23:14:23.239    AVAST engine scan C:\Windows
23:14:25.048    AVAST engine scan C:\Windows\system32
23:17:27.771    AVAST engine scan C:\Windows\system32\drivers
23:17:41.390    AVAST engine scan C:\Users\Marie
23:21:25.503    AVAST engine scan C:\ProgramData
23:22:11.710    Scan finished successfully
23:23:09.961    Disk 0 MBR has been saved successfully to "C:\Users\Marie\Desktop\MBR.dat"
23:23:09.961    The log file has been saved successfully to "C:\Users\Marie\Desktop\aswMBR.txt"
         
TDSSKiller.2.8.15.0_22.12.2012_23.24.09_log.txt
Code:
ATTFilter
23:24:09.0326 3252  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
23:24:09.0357 3252  ============================================================
23:24:09.0357 3252  Current date / time: 2012/12/22 23:24:09.0357
23:24:09.0357 3252  SystemInfo:
23:24:09.0357 3252  
23:24:09.0357 3252  OS Version: 6.1.7601 ServicePack: 1.0
23:24:09.0357 3252  Product type: Workstation
23:24:09.0357 3252  ComputerName: MARIES-NOTEBOOK
23:24:09.0357 3252  UserName: Marie
23:24:09.0357 3252  Windows directory: C:\Windows
23:24:09.0357 3252  System windows directory: C:\Windows
23:24:09.0357 3252  Processor architecture: Intel x86
23:24:09.0357 3252  Number of processors: 2
23:24:09.0357 3252  Page size: 0x1000
23:24:09.0357 3252  Boot type: Normal boot
23:24:09.0357 3252  ============================================================
23:24:10.0527 3252  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:24:10.0543 3252  ============================================================
23:24:10.0543 3252  \Device\Harddisk0\DR0:
23:24:10.0543 3252  MBR partitions:
23:24:10.0543 3252  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x242357C1
23:24:10.0543 3252  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x24235800, BlocksNum 0x11F7800
23:24:10.0543 3252  ============================================================
23:24:10.0558 3252  C: <-> \Device\Harddisk0\DR0\Partition1
23:24:10.0605 3252  D: <-> \Device\Harddisk0\DR0\Partition2
23:24:10.0605 3252  ============================================================
23:24:10.0605 3252  Initialize success
23:24:10.0605 3252  ============================================================
23:25:05.0502 2788  ============================================================
23:25:05.0502 2788  Scan started
23:25:05.0502 2788  Mode: Manual; SigCheck; TDLFS; 
23:25:05.0502 2788  ============================================================
23:25:06.0609 2788  ================ Scan system memory ========================
23:25:06.0609 2788  System memory - ok
23:25:06.0609 2788  ================ Scan services =============================
23:25:06.0765 2788  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
23:25:06.0890 2788  1394ohci - ok
23:25:06.0921 2788  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
23:25:06.0937 2788  ACPI - ok
23:25:06.0968 2788  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
23:25:06.0999 2788  AcpiPmi - ok
23:25:07.0077 2788  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
23:25:07.0108 2788  AdobeARMservice - ok
23:25:07.0202 2788  [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:25:07.0233 2788  AdobeFlashPlayerUpdateSvc - ok
23:25:07.0280 2788  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
23:25:07.0327 2788  adp94xx - ok
23:25:07.0342 2788  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
23:25:07.0358 2788  adpahci - ok
23:25:07.0374 2788  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
23:25:07.0389 2788  adpu320 - ok
23:25:07.0420 2788  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
23:25:07.0452 2788  AeLookupSvc - ok
23:25:07.0483 2788  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
23:25:07.0530 2788  AFD - ok
23:25:07.0561 2788  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
23:25:07.0576 2788  agp440 - ok
23:25:07.0623 2788  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
23:25:07.0639 2788  aic78xx - ok
23:25:07.0686 2788  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
23:25:07.0717 2788  ALG - ok
23:25:07.0748 2788  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
23:25:07.0764 2788  aliide - ok
23:25:07.0779 2788  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
23:25:07.0795 2788  amdagp - ok
23:25:07.0810 2788  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
23:25:07.0826 2788  amdide - ok
23:25:07.0873 2788  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
23:25:07.0904 2788  AmdK8 - ok
23:25:07.0935 2788  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
23:25:07.0966 2788  AmdPPM - ok
23:25:07.0998 2788  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
23:25:08.0013 2788  amdsata - ok
23:25:08.0044 2788  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
23:25:08.0060 2788  amdsbs - ok
23:25:08.0076 2788  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
23:25:08.0091 2788  amdxata - ok
23:25:08.0154 2788  [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
23:25:08.0169 2788  AntiVirSchedulerService - ok
23:25:08.0232 2788  [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
23:25:08.0247 2788  AntiVirService - ok
23:25:08.0278 2788  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
23:25:08.0310 2788  AppID - ok
23:25:08.0341 2788  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
23:25:08.0403 2788  AppIDSvc - ok
23:25:08.0434 2788  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\Windows\System32\appinfo.dll
23:25:08.0481 2788  Appinfo - ok
23:25:08.0559 2788  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:25:08.0575 2788  Apple Mobile Device - ok
23:25:08.0622 2788  [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt         C:\Windows\System32\appmgmts.dll
23:25:08.0668 2788  AppMgmt - ok
23:25:08.0715 2788  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
23:25:08.0731 2788  arc - ok
23:25:08.0746 2788  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
23:25:08.0746 2788  arcsas - ok
23:25:08.0778 2788  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
23:25:08.0824 2788  AsyncMac - ok
23:25:08.0840 2788  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
23:25:08.0856 2788  atapi - ok
23:25:08.0934 2788  [ 614A60AEE03A6151FDCBAC295854A9CB ] athr            C:\Windows\system32\DRIVERS\athr.sys
23:25:08.0965 2788  athr - ok
23:25:09.0012 2788  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:25:09.0058 2788  AudioEndpointBuilder - ok
23:25:09.0058 2788  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
23:25:09.0090 2788  Audiosrv - ok
23:25:09.0152 2788  [ A5C175039B1D6D85D0E79F5855828E4D ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
23:25:09.0183 2788  avgntflt - ok
23:25:09.0246 2788  [ 37B854C7D1F477E66C5B49C7700C47CC ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
23:25:09.0277 2788  avipbb - ok
23:25:09.0292 2788  [ CC4EBA25D80DE42BBC2BF3E553219388 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
23:25:09.0308 2788  avkmgr - ok
23:25:09.0339 2788  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
23:25:09.0370 2788  AxInstSV - ok
23:25:09.0417 2788  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
23:25:09.0464 2788  b06bdrv - ok
23:25:09.0480 2788  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
23:25:09.0511 2788  b57nd60x - ok
23:25:09.0558 2788  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
23:25:09.0589 2788  BDESVC - ok
23:25:09.0620 2788  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
23:25:09.0651 2788  Beep - ok
23:25:09.0698 2788  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
23:25:09.0745 2788  BFE - ok
23:25:09.0792 2788  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
23:25:09.0838 2788  BITS - ok
23:25:09.0854 2788  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
23:25:09.0870 2788  blbdrive - ok
23:25:09.0963 2788  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:25:09.0979 2788  Bonjour Service - ok
23:25:10.0010 2788  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
23:25:10.0026 2788  bowser - ok
23:25:10.0057 2788  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:25:10.0104 2788  BrFiltLo - ok
23:25:10.0104 2788  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:25:10.0182 2788  BrFiltUp - ok
23:25:10.0213 2788  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
23:25:10.0244 2788  Browser - ok
23:25:10.0275 2788  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
23:25:10.0338 2788  Brserid - ok
23:25:10.0384 2788  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
23:25:10.0416 2788  BrSerWdm - ok
23:25:10.0431 2788  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
23:25:10.0462 2788  BrUsbMdm - ok
23:25:10.0478 2788  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
23:25:10.0509 2788  BrUsbSer - ok
23:25:10.0540 2788  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
23:25:10.0556 2788  BTHMODEM - ok
23:25:10.0603 2788  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
23:25:10.0618 2788  bthserv - ok
23:25:10.0650 2788  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
23:25:10.0696 2788  cdfs - ok
23:25:10.0743 2788  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
23:25:10.0790 2788  cdrom - ok
23:25:10.0837 2788  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
23:25:10.0899 2788  CertPropSvc - ok
23:25:10.0946 2788  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
23:25:10.0962 2788  circlass - ok
23:25:10.0993 2788  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
23:25:11.0008 2788  CLFS - ok
23:25:11.0086 2788  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:25:11.0118 2788  clr_optimization_v2.0.50727_32 - ok
23:25:11.0180 2788  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:25:11.0180 2788  clr_optimization_v4.0.30319_32 - ok
23:25:11.0211 2788  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
23:25:11.0227 2788  CmBatt - ok
23:25:11.0242 2788  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
23:25:11.0258 2788  cmdide - ok
23:25:11.0289 2788  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG             C:\Windows\system32\Drivers\cng.sys
23:25:11.0320 2788  CNG - ok
23:25:11.0383 2788  [ DDA0CB141150FEF87419926790CD26C8 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT32.sys
23:25:11.0476 2788  CnxtHdAudService - ok
23:25:11.0601 2788  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
23:25:11.0695 2788  Compbatt - ok
23:25:11.0773 2788  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
23:25:11.0804 2788  CompositeBus - ok
23:25:11.0820 2788  COMSysApp - ok
23:25:11.0851 2788  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
23:25:11.0866 2788  crcdisk - ok
23:25:11.0913 2788  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\Windows\system32\cryptsvc.dll
23:25:11.0960 2788  CryptSvc - ok
23:25:11.0991 2788  [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC             C:\Windows\system32\drivers\csc.sys
23:25:12.0022 2788  CSC - ok
23:25:12.0054 2788  [ 15F93B37F6801943360D9EB42485D5D3 ] CscService      C:\Windows\System32\cscsvc.dll
23:25:12.0085 2788  CscService - ok
23:25:12.0116 2788  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
23:25:12.0163 2788  DcomLaunch - ok
23:25:12.0194 2788  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
23:25:12.0241 2788  defragsvc - ok
23:25:12.0272 2788  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
23:25:12.0319 2788  DfsC - ok
23:25:12.0366 2788  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
23:25:12.0412 2788  Dhcp - ok
23:25:12.0444 2788  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
23:25:12.0475 2788  discache - ok
23:25:12.0506 2788  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
23:25:12.0522 2788  Disk - ok
23:25:12.0553 2788  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
23:25:12.0584 2788  Dnscache - ok
23:25:12.0615 2788  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
23:25:12.0678 2788  dot3svc - ok
23:25:12.0709 2788  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
23:25:12.0756 2788  DPS - ok
23:25:12.0802 2788  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
23:25:12.0849 2788  drmkaud - ok
23:25:12.0896 2788  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
23:25:12.0943 2788  DXGKrnl - ok
23:25:12.0990 2788  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
23:25:13.0036 2788  EapHost - ok
23:25:13.0161 2788  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
23:25:13.0239 2788  ebdrv - ok
23:25:13.0270 2788  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
23:25:13.0302 2788  EFS - ok
23:25:13.0364 2788  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
23:25:13.0395 2788  ehRecvr - ok
23:25:13.0426 2788  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
23:25:13.0442 2788  ehSched - ok
23:25:13.0489 2788  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
23:25:13.0504 2788  elxstor - ok
23:25:13.0520 2788  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
23:25:13.0551 2788  ErrDev - ok
23:25:13.0614 2788  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
23:25:13.0645 2788  EventSystem - ok
23:25:13.0660 2788  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
23:25:13.0707 2788  exfat - ok
23:25:13.0723 2788  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
23:25:13.0754 2788  fastfat - ok
23:25:13.0801 2788  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
23:25:13.0832 2788  Fax - ok
23:25:13.0879 2788  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
23:25:13.0910 2788  fdc - ok
23:25:13.0926 2788  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
23:25:13.0972 2788  fdPHost - ok
23:25:13.0988 2788  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
23:25:14.0035 2788  FDResPub - ok
23:25:14.0066 2788  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
23:25:14.0082 2788  FileInfo - ok
23:25:14.0097 2788  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
23:25:14.0128 2788  Filetrace - ok
23:25:14.0144 2788  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
23:25:14.0175 2788  flpydisk - ok
23:25:14.0206 2788  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
23:25:14.0222 2788  FltMgr - ok
23:25:14.0269 2788  [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache       C:\Windows\system32\FntCache.dll
23:25:14.0300 2788  FontCache - ok
23:25:14.0362 2788  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:25:14.0378 2788  FontCache3.0.0.0 - ok
23:25:14.0394 2788  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
23:25:14.0409 2788  FsDepends - ok
23:25:14.0440 2788  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
23:25:14.0440 2788  Fs_Rec - ok
23:25:14.0487 2788  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
23:25:14.0503 2788  fvevol - ok
23:25:14.0534 2788  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
23:25:14.0550 2788  gagp30kx - ok
23:25:14.0612 2788  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:25:14.0628 2788  GEARAspiWDM - ok
23:25:14.0643 2788  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
23:25:14.0706 2788  gpsvc - ok
23:25:14.0768 2788  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
23:25:14.0784 2788  gupdate - ok
23:25:14.0815 2788  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
23:25:14.0830 2788  gupdatem - ok
23:25:14.0862 2788  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
23:25:14.0893 2788  hcw85cir - ok
23:25:14.0940 2788  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:25:15.0002 2788  HdAudAddService - ok
23:25:15.0033 2788  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
23:25:15.0080 2788  HDAudBus - ok
23:25:15.0111 2788  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
23:25:15.0158 2788  HidBatt - ok
23:25:15.0189 2788  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
23:25:15.0220 2788  HidBth - ok
23:25:15.0252 2788  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
23:25:15.0267 2788  HidIr - ok
23:25:15.0298 2788  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll
23:25:15.0345 2788  hidserv - ok
23:25:15.0408 2788  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
23:25:15.0423 2788  HidUsb - ok
23:25:15.0454 2788  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
23:25:15.0486 2788  hkmsvc - ok
23:25:15.0532 2788  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:25:15.0579 2788  HomeGroupListener - ok
23:25:15.0626 2788  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:25:15.0688 2788  HomeGroupProvider - ok
23:25:15.0720 2788  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
23:25:15.0751 2788  HpSAMD - ok
23:25:15.0844 2788  [ 210388FD8225B02BD83D77628AAE64A9 ] HsfXAudioService C:\Windows\system32\XAudio32.dll
23:25:15.0922 2788  HsfXAudioService - ok
23:25:15.0969 2788  [ 227C3BA25012752BB7450235392C719F ] HSF_DPV         C:\Windows\system32\DRIVERS\HSX_DPV.sys
23:25:16.0016 2788  HSF_DPV - ok
23:25:16.0063 2788  [ 4DF5C76302DC2F8F3465966C8426A292 ] HSXHWAZL        C:\Windows\system32\DRIVERS\HSXHWAZL.sys
23:25:16.0078 2788  HSXHWAZL - ok
23:25:16.0125 2788  [ 950CC1E6AE3A6CD23E0945CDE089B02C ] HTCAND32        C:\Windows\system32\Drivers\ANDROIDUSB.sys
23:25:16.0156 2788  HTCAND32 - ok
23:25:16.0203 2788  [ 339ADEFAD60353F960E3CA67CE468C24 ] htcnprot        C:\Windows\system32\DRIVERS\htcnprot.sys
23:25:16.0250 2788  htcnprot - ok
23:25:16.0297 2788  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
23:25:16.0344 2788  HTTP - ok
23:25:16.0390 2788  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
23:25:16.0390 2788  hwpolicy - ok
23:25:16.0437 2788  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
23:25:16.0453 2788  i8042prt - ok
23:25:16.0484 2788  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
23:25:16.0515 2788  iaStorV - ok
23:25:16.0593 2788  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:25:16.0624 2788  idsvc - ok
23:25:16.0656 2788  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
23:25:16.0671 2788  iirsp - ok
23:25:16.0968 2788  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
23:25:17.0077 2788  IKEEXT - ok
23:25:17.0108 2788  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
23:25:17.0124 2788  intelide - ok
23:25:17.0155 2788  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
23:25:17.0170 2788  intelppm - ok
23:25:17.0202 2788  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
23:25:17.0248 2788  IPBusEnum - ok
23:25:17.0264 2788  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:25:17.0295 2788  IpFilterDriver - ok
23:25:17.0358 2788  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
23:25:17.0404 2788  iphlpsvc - ok
23:25:17.0436 2788  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
23:25:17.0467 2788  IPMIDRV - ok
23:25:17.0498 2788  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
23:25:17.0545 2788  IPNAT - ok
23:25:17.0607 2788  [ EF1C51222117B37AFBFF8F4642EA8C62 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
23:25:17.0638 2788  iPod Service - ok
23:25:17.0670 2788  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
23:25:17.0685 2788  IRENUM - ok
23:25:17.0701 2788  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
23:25:17.0716 2788  isapnp - ok
23:25:17.0748 2788  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
23:25:17.0763 2788  iScsiPrt - ok
23:25:17.0810 2788  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
23:25:17.0810 2788  kbdclass - ok
23:25:17.0841 2788  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
23:25:17.0872 2788  kbdhid - ok
23:25:17.0888 2788  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
23:25:17.0904 2788  KeyIso - ok
23:25:17.0935 2788  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
23:25:17.0950 2788  KSecDD - ok
23:25:17.0982 2788  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
23:25:17.0997 2788  KSecPkg - ok
23:25:18.0028 2788  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
23:25:18.0075 2788  KtmRm - ok
23:25:18.0106 2788  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll
23:25:18.0169 2788  LanmanServer - ok
23:25:18.0200 2788  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:25:18.0247 2788  LanmanWorkstation - ok
23:25:18.0278 2788  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
23:25:18.0356 2788  lltdio - ok
23:25:18.0387 2788  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
23:25:18.0418 2788  lltdsvc - ok
23:25:18.0434 2788  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
23:25:18.0465 2788  lmhosts - ok
23:25:18.0512 2788  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
23:25:18.0528 2788  LSI_FC - ok
23:25:18.0543 2788  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
23:25:18.0559 2788  LSI_SAS - ok
23:25:18.0590 2788  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:25:18.0590 2788  LSI_SAS2 - ok
23:25:18.0606 2788  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:25:18.0621 2788  LSI_SCSI - ok
23:25:18.0652 2788  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
23:25:18.0684 2788  luafv - ok
23:25:18.0715 2788  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
23:25:18.0730 2788  Mcx2Svc - ok
23:25:18.0824 2788  [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM             C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
23:25:18.0855 2788  MDM ( UnsignedFile.Multi.Generic ) - warning
23:25:18.0855 2788  MDM - detected UnsignedFile.Multi.Generic (1)
23:25:18.0886 2788  [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk         C:\Windows\system32\DRIVERS\mdmxsdk.sys
23:25:18.0902 2788  mdmxsdk - ok
23:25:18.0949 2788  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
23:25:18.0980 2788  megasas - ok
23:25:19.0011 2788  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
23:25:19.0027 2788  MegaSR - ok
23:25:19.0058 2788  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
23:25:19.0089 2788  MMCSS - ok
23:25:19.0120 2788  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
23:25:19.0152 2788  Modem - ok
23:25:19.0198 2788  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
23:25:19.0245 2788  monitor - ok
23:25:19.0276 2788  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
23:25:19.0292 2788  mouclass - ok
23:25:19.0308 2788  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
23:25:19.0339 2788  mouhid - ok
23:25:19.0370 2788  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
23:25:19.0386 2788  mountmgr - ok
23:25:19.0432 2788  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
23:25:19.0464 2788  mpio - ok
23:25:19.0495 2788  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
23:25:19.0526 2788  mpsdrv - ok
23:25:19.0557 2788  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
23:25:19.0620 2788  MpsSvc - ok
23:25:19.0651 2788  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
23:25:19.0682 2788  MRxDAV - ok
23:25:19.0729 2788  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
23:25:19.0760 2788  mrxsmb - ok
23:25:19.0776 2788  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:25:19.0807 2788  mrxsmb10 - ok
23:25:19.0838 2788  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:25:19.0838 2788  mrxsmb20 - ok
23:25:19.0869 2788  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
23:25:19.0885 2788  msahci - ok
23:25:19.0916 2788  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
23:25:19.0932 2788  msdsm - ok
23:25:19.0947 2788  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
23:25:19.0978 2788  MSDTC - ok
23:25:20.0025 2788  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
23:25:20.0056 2788  Msfs - ok
23:25:20.0072 2788  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
23:25:20.0103 2788  mshidkmdf - ok
23:25:20.0134 2788  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
23:25:20.0150 2788  msisadrv - ok
23:25:20.0181 2788  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
23:25:20.0228 2788  MSiSCSI - ok
23:25:20.0228 2788  msiserver - ok
23:25:20.0275 2788  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
23:25:20.0322 2788  MSKSSRV - ok
23:25:20.0322 2788  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
23:25:20.0368 2788  MSPCLOCK - ok
23:25:20.0384 2788  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
23:25:20.0431 2788  MSPQM - ok
23:25:20.0446 2788  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
23:25:20.0462 2788  MsRPC - ok
23:25:20.0493 2788  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
23:25:20.0493 2788  mssmbios - ok
23:25:20.0524 2788  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
23:25:20.0556 2788  MSTEE - ok
23:25:20.0571 2788  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
23:25:20.0602 2788  MTConfig - ok
23:25:20.0618 2788  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
23:25:20.0634 2788  Mup - ok
23:25:20.0665 2788  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
23:25:20.0712 2788  napagent - ok
23:25:20.0774 2788  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
23:25:20.0790 2788  NativeWifiP - ok
23:25:20.0852 2788  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
23:25:20.0868 2788  NDIS - ok
23:25:20.0883 2788  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
23:25:20.0930 2788  NdisCap - ok
23:25:20.0977 2788  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
23:25:21.0024 2788  NdisTapi - ok
23:25:21.0055 2788  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
23:25:21.0086 2788  Ndisuio - ok
23:25:21.0117 2788  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
23:25:21.0148 2788  NdisWan - ok
23:25:21.0164 2788  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
23:25:21.0211 2788  NDProxy - ok
23:25:21.0242 2788  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
23:25:21.0273 2788  NetBIOS - ok
23:25:21.0304 2788  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
23:25:21.0336 2788  NetBT - ok
23:25:21.0351 2788  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
23:25:21.0367 2788  Netlogon - ok
23:25:21.0414 2788  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
23:25:21.0445 2788  Netman - ok
23:25:21.0476 2788  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
23:25:21.0507 2788  netprofm - ok
23:25:21.0538 2788  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:25:21.0554 2788  NetTcpPortSharing - ok
23:25:21.0585 2788  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
23:25:21.0601 2788  nfrd960 - ok
23:25:21.0632 2788  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\Windows\System32\nlasvc.dll
23:25:21.0663 2788  NlaSvc - ok
23:25:21.0679 2788  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
23:25:21.0694 2788  Npfs - ok
23:25:21.0726 2788  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
23:25:21.0757 2788  nsi - ok
23:25:21.0772 2788  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
23:25:21.0804 2788  nsiproxy - ok
23:25:21.0866 2788  [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
23:25:21.0913 2788  Ntfs - ok
23:25:21.0944 2788  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
23:25:21.0991 2788  Null - ok
23:25:22.0162 2788  [ 3D7FB57354703809B5F0C23287FAC1D6 ] NVHDA           C:\Windows\system32\drivers\nvhda32v.sys
23:25:22.0225 2788  NVHDA - ok
23:25:22.0537 2788  [ E891B3979F0CF2740C1B073F834221FE ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:25:22.0942 2788  nvlddmkm - ok
23:25:22.0989 2788  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
23:25:23.0005 2788  nvraid - ok
23:25:23.0036 2788  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
23:25:23.0052 2788  nvstor - ok
23:25:23.0114 2788  [ AE2DE8E165DCB93A66B21748E6F913DF ] nvsvc           C:\Windows\system32\nvvsvc.exe
23:25:23.0130 2788  nvsvc - ok
23:25:23.0254 2788  [ C78581C14699C46FE0F0817416383134 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
23:25:23.0317 2788  nvUpdatusService - ok
23:25:23.0332 2788  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
23:25:23.0348 2788  nv_agp - ok
23:25:23.0426 2788  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:25:23.0473 2788  odserv - ok
23:25:23.0520 2788  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
23:25:23.0566 2788  ohci1394 - ok
23:25:23.0598 2788  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:25:23.0613 2788  ose - ok
23:25:23.0644 2788  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
23:25:23.0691 2788  p2pimsvc - ok
23:25:23.0722 2788  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
23:25:23.0754 2788  p2psvc - ok
23:25:23.0769 2788  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
23:25:23.0785 2788  Parport - ok
23:25:23.0816 2788  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
23:25:23.0832 2788  partmgr - ok
23:25:23.0863 2788  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
23:25:23.0894 2788  Parvdm - ok
23:25:23.0972 2788  [ 39B9DCD7040654C2E57D7396736C718E ] PassThru Service C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
23:25:24.0003 2788  PassThru Service ( UnsignedFile.Multi.Generic ) - warning
23:25:24.0003 2788  PassThru Service - detected UnsignedFile.Multi.Generic (1)
23:25:24.0050 2788  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
23:25:24.0097 2788  PcaSvc - ok
23:25:24.0112 2788  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
23:25:24.0128 2788  pci - ok
23:25:24.0159 2788  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
23:25:24.0159 2788  pciide - ok
23:25:24.0206 2788  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
23:25:24.0222 2788  pcmcia - ok
23:25:24.0237 2788  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
23:25:24.0253 2788  pcw - ok
23:25:24.0284 2788  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
23:25:24.0331 2788  PEAUTH - ok
23:25:24.0393 2788  [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
23:25:24.0409 2788  PeerDistSvc - ok
23:25:24.0502 2788  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
23:25:24.0565 2788  pla - ok
23:25:24.0596 2788  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
23:25:24.0643 2788  PlugPlay - ok
23:25:24.0674 2788  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
23:25:24.0721 2788  PNRPAutoReg - ok
23:25:24.0752 2788  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
23:25:24.0768 2788  PNRPsvc - ok
23:25:24.0799 2788  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
23:25:24.0846 2788  PolicyAgent - ok
23:25:24.0877 2788  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
23:25:24.0908 2788  Power - ok
23:25:24.0939 2788  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
23:25:24.0986 2788  PptpMiniport - ok
23:25:25.0002 2788  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
23:25:25.0017 2788  Processor - ok
23:25:25.0064 2788  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
23:25:25.0095 2788  ProfSvc - ok
23:25:25.0111 2788  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:25:25.0126 2788  ProtectedStorage - ok
23:25:25.0142 2788  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
23:25:25.0173 2788  Psched - ok
23:25:25.0220 2788  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
23:25:25.0267 2788  ql2300 - ok
23:25:25.0298 2788  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
23:25:25.0314 2788  ql40xx - ok
23:25:25.0360 2788  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
23:25:25.0392 2788  QWAVE - ok
23:25:25.0423 2788  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
23:25:25.0438 2788  QWAVEdrv - ok
23:25:25.0470 2788  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
23:25:25.0501 2788  RasAcd - ok
23:25:25.0548 2788  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
23:25:25.0594 2788  RasAgileVpn - ok
23:25:25.0626 2788  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
23:25:25.0657 2788  RasAuto - ok
23:25:25.0688 2788  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
23:25:25.0704 2788  Rasl2tp - ok
23:25:25.0750 2788  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
23:25:25.0782 2788  RasMan - ok
23:25:25.0813 2788  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
23:25:25.0844 2788  RasPppoe - ok
23:25:25.0860 2788  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
23:25:25.0906 2788  RasSstp - ok
23:25:25.0938 2788  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
23:25:25.0984 2788  rdbss - ok
23:25:26.0016 2788  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
23:25:26.0031 2788  rdpbus - ok
23:25:26.0062 2788  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
23:25:26.0125 2788  RDPCDD - ok
23:25:26.0172 2788  [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
23:25:26.0187 2788  RDPDR - ok
23:25:26.0218 2788  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
23:25:26.0250 2788  RDPENCDD - ok
23:25:26.0281 2788  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
23:25:26.0296 2788  RDPREFMP - ok
23:25:26.0343 2788  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
23:25:26.0390 2788  RDPWD - ok
23:25:26.0437 2788  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
23:25:26.0452 2788  rdyboost - ok
23:25:26.0484 2788  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
23:25:26.0530 2788  RemoteAccess - ok
23:25:26.0577 2788  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
23:25:26.0640 2788  RemoteRegistry - ok
23:25:26.0655 2788  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
23:25:26.0718 2788  RpcEptMapper - ok
23:25:26.0733 2788  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
23:25:26.0780 2788  RpcLocator - ok
23:25:26.0796 2788  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
23:25:26.0827 2788  RpcSs - ok
23:25:26.0874 2788  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
23:25:26.0936 2788  rspndr - ok
23:25:26.0967 2788  [ 3983CEA05BB855351D75F5482B6C42CE ] RTL8167         C:\Windows\system32\DRIVERS\Rt86win7.sys
23:25:26.0998 2788  RTL8167 - ok
23:25:27.0030 2788  [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
23:25:27.0061 2788  s3cap - ok
23:25:27.0076 2788  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
23:25:27.0092 2788  SamSs - ok
23:25:27.0108 2788  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
23:25:27.0123 2788  sbp2port - ok
23:25:27.0170 2788  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
23:25:27.0217 2788  SCardSvr - ok
23:25:27.0248 2788  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
23:25:27.0279 2788  scfilter - ok
23:25:27.0513 2788  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
23:25:27.0591 2788  Schedule - ok
23:25:27.0622 2788  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
23:25:27.0654 2788  SCPolicySvc - ok
23:25:27.0685 2788  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
23:25:27.0716 2788  SDRSVC - ok
23:25:27.0747 2788  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
23:25:27.0778 2788  secdrv - ok
23:25:27.0825 2788  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
23:25:27.0872 2788  seclogon - ok
23:25:27.0888 2788  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
23:25:27.0934 2788  SENS - ok
23:25:27.0966 2788  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
23:25:27.0997 2788  SensrSvc - ok
23:25:28.0028 2788  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
23:25:28.0059 2788  Serenum - ok
23:25:28.0090 2788  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
23:25:28.0122 2788  Serial - ok
23:25:28.0168 2788  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
23:25:28.0200 2788  sermouse - ok
23:25:28.0231 2788  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
23:25:28.0278 2788  SessionEnv - ok
23:25:28.0309 2788  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
23:25:28.0324 2788  sffdisk - ok
23:25:28.0340 2788  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
23:25:28.0356 2788  sffp_mmc - ok
23:25:28.0371 2788  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
23:25:28.0402 2788  sffp_sd - ok
23:25:28.0418 2788  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
23:25:28.0449 2788  sfloppy - ok
23:25:28.0496 2788  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
23:25:28.0527 2788  SharedAccess - ok
23:25:28.0558 2788  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:25:28.0590 2788  ShellHWDetection - ok
23:25:28.0636 2788  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
23:25:28.0636 2788  sisagp - ok
23:25:28.0683 2788  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:25:28.0699 2788  SiSRaid2 - ok
23:25:28.0714 2788  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
23:25:28.0730 2788  SiSRaid4 - ok
23:25:28.0777 2788  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
23:25:28.0792 2788  SkypeUpdate - ok
23:25:28.0824 2788  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
23:25:28.0855 2788  Smb - ok
23:25:28.0902 2788  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
23:25:28.0917 2788  SNMPTRAP - ok
23:25:28.0933 2788  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
23:25:28.0948 2788  spldr - ok
23:25:28.0995 2788  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
23:25:29.0026 2788  Spooler - ok
23:25:29.0151 2788  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
23:25:29.0229 2788  sppsvc - ok
23:25:29.0260 2788  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
23:25:29.0307 2788  sppuinotify - ok
23:25:29.0354 2788  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
23:25:29.0385 2788  srv - ok
23:25:29.0416 2788  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
23:25:29.0448 2788  srv2 - ok
23:25:29.0479 2788  [ E00FDFAFF025E94F9821153750C35A6D ] SrvHsfHDA       C:\Windows\system32\DRIVERS\VSTAZL3.SYS
23:25:29.0510 2788  SrvHsfHDA - ok
23:25:29.0557 2788  [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] SrvHsfV92       C:\Windows\system32\DRIVERS\VSTDPV3.SYS
23:25:29.0588 2788  SrvHsfV92 - ok
23:25:29.0635 2788  [ BC0C7EA89194C299F051C24119000E17 ] SrvHsfWinac     C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
23:25:29.0666 2788  SrvHsfWinac - ok
23:25:29.0682 2788  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
23:25:29.0697 2788  srvnet - ok
23:25:29.0744 2788  [ 64E44ACD8C238FCBBB78F0BA4BDC4B05 ] ssadbus         C:\Windows\system32\DRIVERS\ssadbus.sys
23:25:29.0775 2788  ssadbus - ok
23:25:29.0791 2788  [ BB2C84A15C765DA89FD832B0E73F26CE ] ssadmdfl        C:\Windows\system32\DRIVERS\ssadmdfl.sys
23:25:29.0806 2788  ssadmdfl - ok
23:25:29.0838 2788  [ 6D0D132DDC6F43EDA00DCED6D8B1CA31 ] ssadmdm         C:\Windows\system32\DRIVERS\ssadmdm.sys
23:25:29.0853 2788  ssadmdm - ok
23:25:29.0900 2788  [ 069351A1D7D291013177A90AE6EDCCBC ] sscdbus         C:\Windows\system32\DRIVERS\sscdbus.sys
23:25:29.0916 2788  sscdbus - ok
23:25:29.0947 2788  [ 1C925BE223A5C0F9F469252292A48DF6 ] sscdmdfl        C:\Windows\system32\DRIVERS\sscdmdfl.sys
23:25:29.0962 2788  sscdmdfl - ok
23:25:29.0978 2788  [ AE3E77AE0FBDB07EB1AC3FED74A0695E ] sscdmdm         C:\Windows\system32\DRIVERS\sscdmdm.sys
23:25:29.0994 2788  sscdmdm - ok
23:25:30.0025 2788  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
23:25:30.0072 2788  SSDPSRV - ok
23:25:30.0118 2788  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
23:25:30.0134 2788  ssmdrv - ok
23:25:30.0150 2788  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
23:25:30.0212 2788  SstpSvc - ok
23:25:30.0259 2788  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
23:25:30.0274 2788  stexstor - ok
23:25:30.0306 2788  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
23:25:30.0337 2788  StiSvc - ok
23:25:30.0368 2788  [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
23:25:30.0384 2788  storflt - ok
23:25:30.0415 2788  [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc         C:\Windows\system32\storsvc.dll
23:25:30.0430 2788  StorSvc - ok
23:25:30.0462 2788  [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
23:25:30.0477 2788  storvsc - ok
23:25:30.0493 2788  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
23:25:30.0508 2788  swenum - ok
23:25:30.0540 2788  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
23:25:30.0571 2788  swprv - ok
23:25:30.0618 2788  [ F5D926807BD9BC0AF68F9376144DE425 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
23:25:30.0633 2788  SynTP - ok
23:25:30.0680 2788  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
23:25:30.0711 2788  SysMain - ok
23:25:30.0758 2788  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:25:30.0774 2788  TabletInputService - ok
23:25:30.0805 2788  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
23:25:30.0836 2788  TapiSrv - ok
23:25:30.0867 2788  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
23:25:30.0914 2788  TBS - ok
23:25:30.0976 2788  [ E23A56F843E2AEBBB209D0ACCA73C640 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
23:25:31.0008 2788  Tcpip - ok
23:25:31.0054 2788  [ E23A56F843E2AEBBB209D0ACCA73C640 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
23:25:31.0086 2788  TCPIP6 - ok
23:25:31.0101 2788  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
23:25:31.0148 2788  tcpipreg - ok
23:25:31.0179 2788  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
23:25:31.0195 2788  TDPIPE - ok
23:25:31.0210 2788  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
23:25:31.0242 2788  TDTCP - ok
23:25:31.0288 2788  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
23:25:31.0320 2788  tdx - ok
23:25:31.0351 2788  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
23:25:31.0366 2788  TermDD - ok
23:25:31.0398 2788  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
23:25:31.0429 2788  TermService - ok
23:25:31.0460 2788  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
23:25:31.0507 2788  Themes - ok
23:25:31.0538 2788  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
23:25:31.0569 2788  THREADORDER - ok
23:25:31.0585 2788  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
23:25:31.0632 2788  TrkWks - ok
23:25:31.0678 2788  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:25:31.0710 2788  TrustedInstaller - ok
23:25:31.0741 2788  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
23:25:31.0772 2788  tssecsrv - ok
23:25:31.0819 2788  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
23:25:31.0834 2788  TsUsbFlt - ok
23:25:31.0881 2788  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
23:25:31.0944 2788  tunnel - ok
23:25:31.0975 2788  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
23:25:31.0990 2788  uagp35 - ok
23:25:32.0006 2788  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
23:25:32.0053 2788  udfs - ok
23:25:32.0100 2788  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
23:25:32.0146 2788  UI0Detect - ok
23:25:32.0178 2788  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
23:25:32.0193 2788  uliagpkx - ok
23:25:32.0240 2788  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\drivers\umbus.sys
23:25:32.0271 2788  umbus - ok
23:25:32.0287 2788  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
23:25:32.0334 2788  UmPass - ok
23:25:32.0365 2788  [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService    C:\Windows\System32\umrdp.dll
23:25:32.0412 2788  UmRdpService - ok
23:25:32.0443 2788  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
23:25:32.0505 2788  upnphost - ok
23:25:32.0552 2788  [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
23:25:32.0568 2788  USBAAPL ( UnsignedFile.Multi.Generic ) - warning
23:25:32.0568 2788  USBAAPL - detected UnsignedFile.Multi.Generic (1)
23:25:32.0599 2788  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
23:25:32.0630 2788  usbccgp - ok
23:25:32.0661 2788  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
23:25:32.0708 2788  usbcir - ok
23:25:32.0739 2788  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
23:25:32.0755 2788  usbehci - ok
23:25:32.0786 2788  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
23:25:32.0817 2788  usbhub - ok
23:25:32.0833 2788  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
23:25:32.0864 2788  usbohci - ok
23:25:32.0880 2788  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
23:25:32.0895 2788  usbprint - ok
23:25:32.0911 2788  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:25:32.0942 2788  USBSTOR - ok
23:25:32.0973 2788  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
23:25:32.0989 2788  usbuhci - ok
23:25:33.0020 2788  [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
23:25:33.0036 2788  usbvideo - ok
23:25:33.0067 2788  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
23:25:33.0114 2788  UxSms - ok
23:25:33.0114 2788  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
23:25:33.0129 2788  VaultSvc - ok
23:25:33.0176 2788  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
23:25:33.0207 2788  vdrvroot - ok
23:25:33.0238 2788  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
23:25:33.0285 2788  vds - ok
23:25:33.0316 2788  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
23:25:33.0348 2788  vga - ok
23:25:33.0379 2788  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
23:25:33.0394 2788  VgaSave - ok
23:25:33.0441 2788  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
23:25:33.0457 2788  vhdmp - ok
23:25:33.0488 2788  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
23:25:33.0504 2788  viaagp - ok
23:25:33.0519 2788  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
23:25:33.0550 2788  ViaC7 - ok
23:25:33.0566 2788  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
23:25:33.0582 2788  viaide - ok
23:25:33.0613 2788  [ C2F2911156FDC7817C52829C86DA494E ] vmbus           C:\Windows\system32\drivers\vmbus.sys
23:25:33.0628 2788  vmbus - ok
23:25:33.0644 2788  [ D4D77455211E204F370D08F4963063CE ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
23:25:33.0660 2788  VMBusHID - ok
23:25:33.0675 2788  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
23:25:33.0691 2788  volmgr - ok
23:25:33.0722 2788  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
23:25:33.0738 2788  volmgrx - ok
23:25:33.0753 2788  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
23:25:33.0769 2788  volsnap - ok
23:25:33.0784 2788  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
23:25:33.0800 2788  vsmraid - ok
23:25:33.0862 2788  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
23:25:33.0925 2788  VSS - ok
23:25:33.0940 2788  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
23:25:33.0972 2788  vwifibus - ok
23:25:34.0003 2788  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
23:25:34.0034 2788  vwififlt - ok
23:25:34.0081 2788  [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
23:25:34.0096 2788  vwifimp - ok
23:25:34.0128 2788  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
23:25:34.0190 2788  W32Time - ok
23:25:34.0206 2788  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
23:25:34.0237 2788  WacomPen - ok
23:25:34.0268 2788  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
23:25:34.0299 2788  WANARP - ok
23:25:34.0299 2788  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
23:25:34.0330 2788  Wanarpv6 - ok
23:25:34.0377 2788  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
23:25:34.0424 2788  wbengine - ok
23:25:34.0471 2788  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
23:25:34.0502 2788  WbioSrvc - ok
23:25:34.0533 2788  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
23:25:34.0564 2788  wcncsvc - ok
23:25:34.0580 2788  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:25:34.0596 2788  WcsPlugInService - ok
23:25:34.0627 2788  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
23:25:34.0642 2788  Wd - ok
23:25:34.0674 2788  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
23:25:34.0705 2788  Wdf01000 - ok
23:25:34.0720 2788  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
23:25:34.0752 2788  WdiServiceHost - ok
23:25:34.0767 2788  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
23:25:34.0783 2788  WdiSystemHost - ok
23:25:34.0814 2788  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
23:25:34.0876 2788  WebClient - ok
23:25:34.0908 2788  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
23:25:34.0939 2788  Wecsvc - ok
23:25:34.0954 2788  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
23:25:34.0986 2788  wercplsupport - ok
23:25:35.0017 2788  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
23:25:35.0064 2788  WerSvc - ok
23:25:35.0095 2788  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
23:25:35.0126 2788  WfpLwf - ok
23:25:35.0142 2788  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
23:25:35.0157 2788  WIMMount - ok
23:25:35.0188 2788  [ 8B976D4CA270110111DF4F313DA0E6E8 ] winachsf        C:\Windows\system32\DRIVERS\HSX_CNXT.sys
23:25:35.0220 2788  winachsf - ok
23:25:35.0282 2788  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
23:25:35.0329 2788  WinDefend - ok
23:25:35.0344 2788  WinHttpAutoProxySvc - ok
23:25:35.0391 2788  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
23:25:35.0438 2788  Winmgmt - ok
23:25:35.0500 2788  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
23:25:35.0547 2788  WinRM - ok
23:25:35.0610 2788  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
23:25:35.0672 2788  WinUsb - ok
23:25:35.0703 2788  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
23:25:35.0750 2788  Wlansvc - ok
23:25:35.0797 2788  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
23:25:35.0812 2788  WmiAcpi - ok
23:25:35.0844 2788  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
23:25:35.0875 2788  wmiApSrv - ok
23:25:35.0953 2788  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
23:25:36.0015 2788  WMPNetworkSvc - ok
23:25:36.0062 2788  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
23:25:36.0093 2788  WPCSvc - ok
23:25:36.0140 2788  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
23:25:36.0156 2788  WPDBusEnum - ok
23:25:36.0187 2788  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
23:25:36.0218 2788  ws2ifsl - ok
23:25:36.0249 2788  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll
23:25:36.0280 2788  wscsvc - ok
23:25:36.0280 2788  WSearch - ok
23:25:36.0358 2788  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
23:25:36.0421 2788  wuauserv - ok
23:25:36.0452 2788  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
23:25:36.0468 2788  WudfPf - ok
23:25:36.0499 2788  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
23:25:36.0530 2788  WUDFRd - ok
23:25:36.0561 2788  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
23:25:36.0577 2788  wudfsvc - ok
23:25:36.0608 2788  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
23:25:36.0655 2788  WwanSvc - ok
23:25:36.0670 2788  [ 894F963BE999BA9DB5AAC3AED55B115D ] XAudio          C:\Windows\system32\DRIVERS\XAudio32.sys
23:25:36.0686 2788  XAudio - ok
23:25:36.0717 2788  ================ Scan global ===============================
23:25:36.0733 2788  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
23:25:36.0764 2788  [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll
23:25:36.0780 2788  [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll
23:25:36.0811 2788  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
23:25:36.0842 2788  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
23:25:36.0842 2788  [Global] - ok
23:25:36.0842 2788  ================ Scan MBR ==================================
23:25:36.0858 2788  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:25:37.0903 2788  \Device\Harddisk0\DR0 - ok
23:25:37.0903 2788  ================ Scan VBR ==================================
23:25:37.0918 2788  [ 9914542F9AF12EE87106AA99FF817A7D ] \Device\Harddisk0\DR0\Partition1
23:25:37.0918 2788  \Device\Harddisk0\DR0\Partition1 - ok
23:25:37.0934 2788  [ 672039BC4A98A06A32426EFC671141E5 ] \Device\Harddisk0\DR0\Partition2
23:25:37.0934 2788  \Device\Harddisk0\DR0\Partition2 - ok
23:25:37.0934 2788  ============================================================
23:25:37.0934 2788  Scan finished
23:25:37.0934 2788  ============================================================
23:25:37.0965 1416  Detected object count: 3
23:25:37.0965 1416  Actual detected object count: 3
23:26:07.0496 1416  MDM ( UnsignedFile.Multi.Generic ) - skipped by user
23:26:07.0496 1416  MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:26:07.0496 1416  PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user
23:26:07.0496 1416  PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:26:07.0496 1416  USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
23:26:07.0496 1416  USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:26:59.0860 2028  Deinitialize success
         
Hoffe du kannst etwas erkennen. Ich bin dir auf jeden Fall sehr dankbar für deine Hilfe.

Alt 23.12.2012, 00:05   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Sicherheitscenter deaktiviert sich von selbst und URL-Redirect bei Google Suchen - Standard

Windows Sicherheitscenter deaktiviert sich von selbst und URL-Redirect bei Google Suchen



Ist recht unuaffällig, aber ich denke da ist noch was. Bitte ein Log mit CF machen

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Alt 23.12.2012, 00:23   #11
Dirk3127
 
Windows Sicherheitscenter deaktiviert sich von selbst und URL-Redirect bei Google Suchen - Standard

Windows Sicherheitscenter deaktiviert sich von selbst und URL-Redirect bei Google Suchen



Jetzt muss ich nachfragen:

CF meldet:
Zitat:
ComboFix hat festgestellt das folgende Real-Time-Scanner aktiv sind:

antivirus: Avira Desktop
antispyware: Avira Desktop

Antivirus und Eindringling Schutzprogramme sind dafuer bekannt, dass sie die Arbeit von ComboFix behindern. Dies kann zu unvorhersehbaren Ergebnissen oder eventuellen. PC Schaden fuehren. Bitte deaktiviere diese Scanner, bevor Du auf 'OK' klickst.
Ich bin davon ausgegangen, dass wenn ich den Echtzeit-Scanner von Avira auf deaktiviert stelle, Avira praktische ausgeschalten ist. Wie soll ich nun vorgehen? Die Dienste von Avira im Dienste-Management von Windows beenden?

Alt 23.12.2012, 00:25   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Sicherheitscenter deaktiviert sich von selbst und URL-Redirect bei Google Suchen - Standard

Windows Sicherheitscenter deaktiviert sich von selbst und URL-Redirect bei Google Suchen



Wenn der Echtzeitschutz deaktiviert ist (Regenschirm geschlossen) dann ist das ok und du kannst die Warnung ignorieren.
Das ist mW ein Bug von AntVir, denn es meldet anscheinend nicht immer sauber seinen Status weiter ans Sicherheitscenter von Windows, und daran orientieren sich viele Tools, nicht nur CF

Alt 23.12.2012, 00:47   #13
Dirk3127
 
Windows Sicherheitscenter deaktiviert sich von selbst und URL-Redirect bei Google Suchen - Standard

Windows Sicherheitscenter deaktiviert sich von selbst und URL-Redirect bei Google Suchen



Alles klar. Scheint gut gegangen zu sein. Hier das ComboFix Log:

ComboFix.txt
Combofix Logfile:
Code:
ATTFilter
ComboFix 12-12-22.02 - Marie 23.12.2012   0:28.1.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.3069.2180 [GMT 1:00]
ausgef¸hrt von:: c:\users\Marie\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Lˆschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Marie\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll
c:\windows\system32\muzapp.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-11-22 bis 2012-12-22  ))))))))))))))))))))))))))))))
.
.
2012-12-22 23:32 . 2012-12-22 23:34	--------	d-----w-	c:\users\Marie\AppData\Local\temp
2012-12-22 14:07 . 2012-12-16 14:13	295424	----a-w-	c:\windows\system32\atmfd.dll
2012-12-22 14:07 . 2012-12-16 14:13	34304	----a-w-	c:\windows\system32\atmlib.dll
2012-12-22 13:24 . 2012-12-22 22:11	--------	d-----r-	c:\users\Marie\Dropbox
2012-12-22 13:22 . 2012-12-22 23:34	--------	d-----w-	c:\users\Marie\AppData\Roaming\Dropbox
2012-12-17 07:23 . 2012-12-22 13:26	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2012-12-17 07:23 . 2012-12-22 20:57	--------	d-----w-	c:\program files\Spybot - Search & Destroy 2
2012-12-17 07:22 . 2012-12-17 07:22	--------	d-----w-	c:\users\Marie\AppData\Local\Programs
2012-12-17 07:15 . 2012-12-17 07:15	--------	d-----w-	c:\users\Marie\AppData\Roaming\Avira
2012-12-17 07:09 . 2012-11-27 09:01	83944	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-12-17 07:09 . 2012-11-22 14:51	36552	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-12-17 07:09 . 2012-11-22 14:50	134336	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-12-17 07:09 . 2012-12-17 07:09	--------	d-----w-	c:\programdata\Avira
2012-12-17 07:09 . 2012-12-17 07:09	--------	d-----w-	c:\program files\Avira
2012-12-06 16:14 . 2012-12-06 16:14	114688	--sha-r-	c:\windows\system32\3DAudiou.dll
2012-12-04 15:27 . 2012-11-08 18:00	6812136	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{0EEE0EDE-C311-4AC1-8531-67D2C518D59B}\mpengine.dll
2012-12-02 14:18 . 2012-12-02 14:18	--------	d-----w-	c:\program files\iPod
2012-12-02 14:18 . 2012-12-02 14:18	--------	d-----w-	c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-12-02 14:18 . 2012-12-02 14:18	--------	d-----w-	c:\program files\iTunes
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 15:31 . 2012-05-07 13:19	697272	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-12-12 15:31 . 2011-11-24 20:44	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-16 07:39 . 2012-11-28 09:21	561664	----a-w-	c:\windows\apppatch\AcLayers.dll
2012-10-09 17:40 . 2012-11-17 13:03	193536	----a-w-	c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-17 13:03	44032	----a-w-	c:\windows\system32\dhcpcsvc6.dll
2012-10-03 16:58 . 2012-11-17 13:03	1293680	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-10-03 16:42 . 2012-11-17 13:03	242176	----a-w-	c:\windows\system32\nlasvc.dll
2012-10-03 16:42 . 2012-11-17 13:03	52224	----a-w-	c:\windows\system32\nlaapi.dll
2012-10-03 16:42 . 2012-11-17 13:03	175104	----a-w-	c:\windows\system32\netcorehc.dll
2012-10-03 16:42 . 2012-11-17 13:03	18944	----a-w-	c:\windows\system32\netevent.dll
2012-10-03 16:42 . 2012-11-17 13:03	156672	----a-w-	c:\windows\system32\ncsi.dll
2012-10-03 16:40 . 2012-11-17 13:03	499712	----a-w-	c:\windows\system32\iphlpsvc.dll
2012-10-03 15:21 . 2012-11-17 13:03	35328	----a-w-	c:\windows\system32\drivers\tcpipreg.sys
2012-09-25 22:47 . 2012-11-17 13:03	78336	----a-w-	c:\windows\system32\synceng.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Eintr‰ge & legitime Standardeintr‰ge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2012-06-08 958392]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-06-08 21432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-06-08 3521464]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-11-28 151952]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-12-04 384800]
.
c:\users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Marie\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-12-22 28538560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51	919008	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EADM]
2012-03-02 14:18	3402376	----a-w-	c:\program files\Origin\Origin.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService	REG_MULTI_SZ   	HsfXAudioService
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-07 15:31]
.
2012-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-30 13:04]
.
2012-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-30 13:04]
.
2012-12-22 c:\windows\Tasks\Rmdhlbjksp.job
- c:\windows\system32\3DAudiou.dll [2012-12-06 16:14]
.
.
------- Zus‰tzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseintr‰ge - - - -
.
HKCU-Run-KiesAirMessage - c:\program files\Samsung\Kies\KiesAirMessage.exe
MSConfigStartUp-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
MSConfigStartUp-HTC Sync Loader - c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
AddRemove-EADM - c:\program files\Electronic Arts\EADM\Uninstall.exe
AddRemove-OnlineFotoservice - c:\users\Marie\Downloads\OnlineFotoservice\uninstall.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(1992)
c:\users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\taskhost.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\System32\WUDFHost.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\windows\system32\conhost.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-12-23  00:38:39 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-12-22 23:38
.
Vor Suchlauf: 8 Verzeichnis(se), 255.894.163.456 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 256.153.292.800 Bytes frei
.
- - End Of File - - 96A6C629215388DC2AFE29ACE1B34184
         
--- --- ---

Alt 23.12.2012, 00:59   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Sicherheitscenter deaktiviert sich von selbst und URL-Redirect bei Google Suchen - Standard

Windows Sicherheitscenter deaktiviert sich von selbst und URL-Redirect bei Google Suchen



Mittlerweile eine Besserung beim Sicherheitscenter zu verzeichnen?


1. Infos mit FSS

Downloade dir bitte Farbar's Service Scanner
  • Starte das Tool mit Doppelklick auf die FSS.exe
  • Gehe sicher, dass folgende Optionen angehakt sind.
    • Internet Services
    • Windows Firewall
    • System Restore
    • SecurityCenter / ActionCenter
  • Klicke auf Scan.
  • Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.
Poste bitte den Inhalt hier.


2. adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

Alt 23.12.2012, 01:10   #15
Dirk3127
 
Windows Sicherheitscenter deaktiviert sich von selbst und URL-Redirect bei Google Suchen - Standard

Windows Sicherheitscenter deaktiviert sich von selbst und URL-Redirect bei Google Suchen



Also das Sicherheitscenter ist immer noch deaktiviert. Habe aber noch nicht versucht es von Hand wieder anzuschalten. Soll ich das versuchen?

Gerade war noch ein seltsames Verhalten des Rechners. Plötzliche hat sich Aero deaktiviert. Sprich, diese Transparenz Effekte in der Taskleiste und in den Fenstern waren weg. Der Rechner stand nur neben mir. Ich habe nichts daran gemacht. Nachdem ich das offene Explorer Fenster geschlossen habe, waren die Transparenzen wieder da?! Sehr komisch.

Hier das Log von AdwCleaner:

AdwCleaner[R1].txt
Code:
ATTFilter
# AdwCleaner v2.101 - Datei am 23/12/2012 um 01:03:14 erstellt
# Aktualisiert am 16/12/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : Marie - MARIES-NOTEBOOK
# Bootmodus : Normal
# Ausgef¸hrt unter : C:\Users\Marie\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\user.js

***** [Registrierungsdatenbank] *****

Schl¸ssel Gefunden : HKCU\Software\IM
Schl¸ssel Gefunden : HKCU\Software\ImInstaller
Schl¸ssel Gefunden : HKCU\Software\Softonic
Schl¸ssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schl¸ssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schl¸ssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schl¸ssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Schl¸ssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Schl¸ssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\NEW_CORRECT_incredibar_install_RASAPI32
Schl¸ssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\NEW_CORRECT_incredibar_install_RASMANCS
Schl¸ssel Gefunden : HKLM\Software\Web Assistant
Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v23.0.1271.97

Datei : C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [1656 octets] - [23/12/2012 01:03:14]

########## EOF - C:\AdwCleaner[R1].txt - [1716 octets] ##########
         

Antwort

Themen zu Windows Sicherheitscenter deaktiviert sich von selbst und URL-Redirect bei Google Suchen
antivir, autorun, avira, bho, bonjour, browser, error, excel, fehler, firefox, flash player, format, google, hilfe benötigt, homepage, install.exe, ntdll.dll, nvidia update, office 2007, problem, registry, rundll, safer networking, scan, security, sekunden, sicherheitscenter, software, starten, svchost.exe, trojaner-board, url redirect, url umleitung, windows



Ähnliche Themen: Windows Sicherheitscenter deaktiviert sich von selbst und URL-Redirect bei Google Suchen


  1. Google-Redirect und Sicherheitscenter-Dienst deaktiviert
    Log-Analyse und Auswertung - 25.11.2017 (12)
  2. Google Redirect & Windows Sicherheitscenter lässt sich nicht aktivieren
    Log-Analyse und Auswertung - 31.07.2013 (20)
  3. Google Redirect Virus und Windows Sicherheitscenter deaktiviert und lässt sich nicht aktivieren
    Log-Analyse und Auswertung - 10.03.2013 (16)
  4. Google Suchergebnisse Redirect | Win7-Sicherheitscenter deaktiviert
    Log-Analyse und Auswertung - 16.12.2012 (10)
  5. Redirect bei Google-Suchergebnissen und kein Einschalten von Windows-Sicherheitscenter möglich
    Plagegeister aller Art und deren Bekämpfung - 17.10.2012 (1)
  6. Google Redirect, Windows Sicherheitscenter inaktiv
    Log-Analyse und Auswertung - 20.04.2012 (22)
  7. Windows Sicherheitscenter deaktiviert sich ständig, Systemwiederherstellung lässt sich nicht öffnen
    Log-Analyse und Auswertung - 29.03.2012 (13)
  8. Google-Redirect und Sicherheitscenter-Dienst deaktiviert
    Log-Analyse und Auswertung - 01.03.2012 (21)
  9. google redirect , windows-sicherheitscenter lässt sich nicht aktivieren
    Log-Analyse und Auswertung - 05.01.2012 (2)
  10. Windows 7 deaktiviert sich von selbst.
    Plagegeister aller Art und deren Bekämpfung - 20.08.2011 (3)
  11. Windows-Sicherheitscenter deaktiviert sich immer
    Plagegeister aller Art und deren Bekämpfung - 28.07.2011 (1)
  12. Windows Sicherheitscenter gesperrt/ Google redirect Trojaner
    Log-Analyse und Auswertung - 24.06.2011 (19)
  13. goingonearth Redirect & Windows Sicherheitscenter deaktiviert
    Log-Analyse und Auswertung - 21.06.2011 (24)
  14. Google Ergebnisse werden umgeleitet, Windows-Sicherheitscenter bleibt deaktiviert
    Log-Analyse und Auswertung - 20.06.2011 (0)
  15. Google redirect / Sicherheitscenter nicht aktivierbar
    Log-Analyse und Auswertung - 14.04.2011 (20)
  16. Sicherheitscenter deaktiviert sich von selbst (Win7), Wiederherstellung nicht möglich
    Plagegeister aller Art und deren Bekämpfung - 13.04.2011 (4)
  17. Google Redirect - Programme Schließen - Antivir deaktiviert sich - Rechner lahmt
    Log-Analyse und Auswertung - 02.03.2009 (1)

Zum Thema Windows Sicherheitscenter deaktiviert sich von selbst und URL-Redirect bei Google Suchen - Hallo, meine Freundin hat sich auf ihrem Laptop scheinbar etwas eingefangen. Bisher sind mir folgende Symptome aufgefallen: 1. Der Windows Sicherheitscenter Dienst deaktiviert sich scheinbar von selbst. Wenn ich versuche - Windows Sicherheitscenter deaktiviert sich von selbst und URL-Redirect bei Google Suchen...
Archiv
Du betrachtest: Windows Sicherheitscenter deaktiviert sich von selbst und URL-Redirect bei Google Suchen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.