Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: TR/Crypt.ZPACK.GEN8 in C:\Windows\System32\wmidxu.dll durch Avira gefunden und isoliert

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 15.01.2013, 11:17   #1
Dakur
 
TR/Crypt.ZPACK.GEN8 in C:\Windows\System32\wmidxu.dll durch Avira gefunden und isoliert - Standard

TR/Crypt.ZPACK.GEN8 in C:\Windows\System32\wmidxu.dll durch Avira gefunden und isoliert



Hallo zusammen,

ich habe gestern von einer vermeintlich vertrauenswürdigen Seite eine Datei heruntergeladen, die sich allerdings nicht installieren ließ, da Avira den Trojaner erkannt und in Quarantäne gestellt hat. Es hat sich trotzdem anscheinend etwas installieren können, denn seitdem lässt sich das Windows Sicherheitscenter und das Avira Control Center nicht mehr aktivieren. Des Weiteren wurde ich bei Googlesuchen immer wieder auf falsche Internetadressen gelotst (u.a. ihavenet.com).
Dies hat sich nun gegeben, nachdem ich meine gesamten Dateien mit Avira gescannt habe und nun hoffentlich alle Teile des Trojaners eingefangen habe. Weitere Scans mit Eset online scan und Malwarebytes Anti-Malware führten nach der Isolierung zu keinem weiteren Fund einer infizierten Datei. Leider bekomme ich von Avira keine Datei erstellt, in denen der Trojaner näher bezeichnet ist.
Nun würde ich aber gerne diesen Trojaner möglichst schnell wieder loswerden und benötige dabei eure Hilfe. Leider kann ich mein Netbook nicht formatieren, da mir erstens ein CD-Laufwerk fehlt und zweitens die dazu passende CD.

Vielen Dank im Vorfeld für eure Mühen
Dakur

OTL.txt
Code:
ATTFilter
OTL logfile created on: 1/15/2013 1:36:04 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Danny\Desktop
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1014.12 Mb Total Physical Memory | 491.21 Mb Available Physical Memory | 48.44% Memory free
1.99 Gb Paging File | 1.13 Gb Available in Paging File | 56.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.00 Gb Total Space | 55.73 Gb Free Space | 55.73% Space Free | Partition Type: NTFS
Drive D: | 117.87 Gb Total Space | 30.19 Gb Free Space | 25.61% Space Free | Partition Type: NTFS
 
Computer Name: DANNY-PC | User Name: Danny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/01/15 01:29:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Danny\Desktop\OTL.exe
PRC - [2012/12/11 16:07:46 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/12/11 16:07:33 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012/12/11 16:07:31 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/12/11 16:07:31 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/11/30 03:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/11/23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/10/01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/05/27 15:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe
PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/05/28 06:47:44 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2010/05/17 22:49:26 | 001,242,544 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
PRC - [2010/04/16 16:56:44 | 000,644,384 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2010/04/03 01:45:20 | 000,407,552 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
PRC - [2010/04/02 00:52:34 | 000,445,344 | ---- | M] (ASUS) -- C:\Program Files\EeePC\CapsHook\CapsHook.exe
PRC - [2010/03/23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2010/02/04 13:05:32 | 007,350,912 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
PRC - [2009/09/11 19:41:02 | 000,100,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
PRC - [2009/08/19 01:35:56 | 000,219,136 | ---- | M] () -- C:\Windows\System32\AsusService.exe
PRC - [2009/06/19 09:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
PRC - [2009/06/15 16:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
PRC - [2009/06/05 03:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/01/10 10:59:15 | 001,670,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\b95e7795ea5951d09521cddfc03b5c4e\Microsoft.VisualBasic.ni.dll
MOD - [2013/01/10 10:58:19 | 001,051,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll
MOD - [2013/01/10 10:23:54 | 001,840,640 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\aa0c82eddc6cc12961a92835f777dcc0\System.Web.Services.ni.dll
MOD - [2013/01/10 10:23:16 | 000,628,224 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\01c6cb58745f397c9b7ccf3ab7bfc9cd\System.EnterpriseServices.ni.dll
MOD - [2013/01/10 10:23:14 | 000,627,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\536d704e93ffec9b54e4a0312fb5b996\System.Transactions.ni.dll
MOD - [2013/01/10 10:23:11 | 006,611,456 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll
MOD - [2013/01/10 10:21:12 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll
MOD - [2013/01/10 10:20:34 | 001,592,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/10 10:20:18 | 000,025,600 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d908c91e24616e6b8d38c9da61038b25\Accessibility.ni.dll
MOD - [2013/01/10 10:18:57 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/10 10:18:42 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/01/10 10:18:38 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/10 10:18:07 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2011/03/31 18:31:02 | 000,066,856 | ---- | M] () -- C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
MOD - [2010/11/13 01:02:21 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/11/05 02:58:05 | 002,927,616 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/05/28 07:05:49 | 000,030,032 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\SqliteShared\1.0.3726.20828__0d0f4b69e50e559b\SqliteShared.dll
MOD - [2010/05/28 07:05:48 | 000,839,680 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll
MOD - [2010/03/16 02:48:46 | 000,148,816 | ---- | M] () -- C:\Program Files\ASUS\ASUS WebStorage\EcaremeDLL.dll
MOD - [2009/06/10 22:23:19 | 000,261,632 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/05/28 22:02:28 | 000,054,272 | ---- | M] () -- C:\Program Files\BatteryBar\BarExplorerHook.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013/01/10 20:10:31 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/09 22:10:34 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/11 16:07:46 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/12/11 16:07:31 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/10/01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/05/27 15:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) [Auto | Running] -- C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe -- (ScrybeUpdater)
SRV - [2010/04/16 16:56:44 | 000,644,384 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2010/03/23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2009/08/19 01:35:56 | 000,219,136 | ---- | M] () [Auto | Running] -- C:\Windows\System32\AsusService.exe -- (AsusService)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2009/06/15 16:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2009/06/05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON)
SRV - [2007/05/31 15:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 15:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012/12/11 16:07:50 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/12/11 16:07:50 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012/11/13 17:16:36 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012/08/27 14:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2011/10/01 08:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2011/10/01 08:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2011/10/01 08:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2011/10/01 08:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2011/08/19 11:25:25 | 000,106,880 | ---- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSPADataCardusbser.sys -- (HSPADataCardusbser)
DRV - [2011/08/19 11:25:25 | 000,106,880 | ---- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSPADataCardusbnmea.sys -- (HSPADataCardusbnmea)
DRV - [2011/08/19 11:25:25 | 000,106,880 | ---- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSPADataCardusbmdm.sys -- (HSPADataCardusbmdm)
DRV - [2011/08/19 11:25:25 | 000,010,240 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB)
DRV - [2010/04/22 04:59:09 | 000,065,576 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2010/04/19 06:43:57 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2010/03/31 02:40:20 | 000,011,520 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsUpIO.sys -- (AsUpIO)
DRV - [2010/03/23 12:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2009/12/15 03:46:26 | 000,024,192 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2009/12/15 03:46:18 | 000,013,184 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\BMLoad.sys -- (BMLoad)
DRV - [2009/07/13 23:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/06 14:33:40 | 000,015,616 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hcw95rc.sys -- (hcw95rc)
DRV - [2009/07/06 14:30:58 | 000,573,440 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hcw95bda.sys -- (hcw95bda)
DRV - [2008/11/16 17:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007/01/18 19:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://eeepc.asus.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825
IE - HKCU\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official"
FF - prefs.js..extensions.enabledAddons: personas%40christopher.beard:1.6.2
FF - prefs.js..extensions.enabledAddons: ff-bmboc%40bytemobile.com:4.2.2
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKCU\Software\MozillaPlugins\intel.com/AppUp: C:\Program Files\Intel\IntelAppStore\bin\npAppUp.dll (Intel)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2011/06/09 17:50:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\congstar\Internet-Manager\Bin\addon [2010/04/01 13:29:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/10 20:10:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/10 20:10:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\finder@meingutscheincode.de: C:\Program Files\Mein Gutscheincode Finder\Firefox [2011/08/15 21:48:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2010/08/17 00:09:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Danny\AppData\Roaming\mozilla\Extensions
[2010/08/17 00:09:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Danny\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/11/25 20:00:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Danny\AppData\Roaming\mozilla\Firefox\Profiles\xnh2q9it.default\extensions
[2012/07/19 16:41:16 | 000,000,000 | ---D | M] ("DHL Toolbar") -- C:\Users\Danny\AppData\Roaming\mozilla\Firefox\Profiles\xnh2q9it.default\extensions\{edc0b8a5-c050-4bb2-b785-a623b4515abf}
[2011/03/12 22:38:07 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Danny\AppData\Roaming\mozilla\Firefox\Profiles\xnh2q9it.default\extensions\personas@christopher.beard
[2012/11/25 20:00:10 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Danny\AppData\Roaming\mozilla\firefox\profiles\xnh2q9it.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011/08/15 21:48:38 | 000,001,123 | ---- | M] () -- C:\Users\Danny\AppData\Roaming\mozilla\firefox\profiles\xnh2q9it.default\searchplugins\conduit.xml
[2013/01/10 20:10:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2013/01/10 20:10:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2010/04/01 13:29:34 | 000,000,000 | ---D | M] (Bytemobile Optimization Client) -- C:\PROGRAM FILES\CONGSTAR\INTERNET-MANAGER\BIN\ADDON
[2013/01/10 20:10:31 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/07/17 19:00:14 | 000,170,624 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2012/10/24 23:03:12 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/10/24 23:03:11 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/24 23:03:12 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/10/24 23:03:12 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/10/24 23:03:12 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/10/24 23:03:11 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Program Files\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll (Conversion One GmbH)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS)
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CapsHook] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [OOBESetup] C:\Program Files\asus\OOBERegBackup\OOBERegBackup.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKCU..\Run: [ShowBatteryBar] C:\Program Files\BatteryBar\ShowBatteryBar.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.30.3.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{983A5790-0C7D-48E8-BE1E-1DD96D3025A2}: DhcpNameServer = 172.30.3.254
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/01/15 01:29:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Danny\Desktop\OTL.exe
[2013/01/14 20:09:34 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/01/10 20:10:19 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/01/08 20:50:22 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
 
========== Files - Modified Within 30 Days ==========
 
[2013/01/15 01:33:24 | 000,000,000 | ---- | M] () -- C:\Users\Danny\defogger_reenable
[2013/01/15 01:30:36 | 000,365,568 | ---- | M] () -- C:\Users\Danny\Desktop\gmer-2.0.18444.exe
[2013/01/15 01:29:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Danny\Desktop\OTL.exe
[2013/01/15 01:28:36 | 000,050,477 | ---- | M] () -- C:\Users\Danny\Desktop\Defogger.exe
[2013/01/15 01:10:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/01/14 17:10:12 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/14 17:10:12 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/14 17:02:16 | 000,000,302 | ---- | M] () -- C:\windows\tasks\Zzfyf.job
[2013/01/14 17:02:08 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/01/14 17:01:56 | 797,532,160 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/10 10:15:43 | 000,288,296 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2013/01/10 10:04:23 | 000,659,448 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2013/01/10 10:04:23 | 000,620,594 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2013/01/10 10:04:23 | 000,132,728 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2013/01/10 10:04:23 | 000,108,518 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2013/01/09 22:23:30 | 000,118,879 | ---- | M] () -- C:\Users\Danny\Desktop\Nr 22 - 22102010 Bachelorprüfungsordnung Phil Fak 4 Satzung zur Änderung.pdf
[2013/01/09 22:22:31 | 001,647,871 | ---- | M] () -- C:\Users\Danny\Desktop\Nr 46 - 30092009 Bachelorstudiengänge 3 Satzung zur Änderung der Neufassung der.pdf
[2013/01/09 22:21:54 | 000,053,596 | ---- | M] () -- C:\Users\Danny\Desktop\Nr 25 - 15052009 Bachelorprüfungsordnung Phil Fak 2 Satzung zur Änderung der N.pdf
[2013/01/09 22:16:10 | 002,050,882 | ---- | M] () -- C:\Users\Danny\Desktop\Nr 35 - 08102007 Bachelorprüfungsordnung Phil Fak Neufassung.pdf
[2013/01/04 10:40:51 | 000,040,752 | ---- | M] () -- C:\Users\Danny\Desktop\Nr 06 - 14032006 Satzung der Ethikkommission Med Fak.pdf
[2013/01/04 10:40:26 | 000,720,571 | ---- | M] () -- C:\Users\Danny\Desktop\Nr 25 - 05102006 Bachelorstudiengänge der Phil Fak Prüfungsordnung.pdf
[2012/12/30 19:38:48 | 000,001,187 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2012/12/30 15:51:14 | 000,069,206 | ---- | M] () -- C:\Users\Danny\Desktop\Merkblatt_Einzureichende_Belege_ab_VZ2011_Ansichts-PDF.pdf
 
========== Files Created - No Company Name ==========
 
[2013/01/15 01:33:24 | 000,000,000 | ---- | C] () -- C:\Users\Danny\defogger_reenable
[2013/01/15 01:30:36 | 000,365,568 | ---- | C] () -- C:\Users\Danny\Desktop\gmer-2.0.18444.exe
[2013/01/15 01:28:34 | 000,050,477 | ---- | C] () -- C:\Users\Danny\Desktop\Defogger.exe
[2013/01/14 12:45:22 | 000,000,302 | ---- | C] () -- C:\windows\tasks\Zzfyf.job
[2013/01/09 22:23:30 | 000,118,879 | ---- | C] () -- C:\Users\Danny\Desktop\Nr 22 - 22102010 Bachelorprüfungsordnung Phil Fak 4 Satzung zur Änderung.pdf
[2013/01/09 22:22:29 | 001,647,871 | ---- | C] () -- C:\Users\Danny\Desktop\Nr 46 - 30092009 Bachelorstudiengänge 3 Satzung zur Änderung der Neufassung der.pdf
[2013/01/09 22:21:54 | 000,053,596 | ---- | C] () -- C:\Users\Danny\Desktop\Nr 25 - 15052009 Bachelorprüfungsordnung Phil Fak 2 Satzung zur Änderung der N.pdf
[2013/01/09 22:16:07 | 002,050,882 | ---- | C] () -- C:\Users\Danny\Desktop\Nr 35 - 08102007 Bachelorprüfungsordnung Phil Fak Neufassung.pdf
[2013/01/04 10:40:50 | 000,040,752 | ---- | C] () -- C:\Users\Danny\Desktop\Nr 06 - 14032006 Satzung der Ethikkommission Med Fak.pdf
[2013/01/04 10:40:26 | 000,720,571 | ---- | C] () -- C:\Users\Danny\Desktop\Nr 25 - 05102006 Bachelorstudiengänge der Phil Fak Prüfungsordnung.pdf
[2012/12/30 19:38:48 | 000,001,187 | ---- | C] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2012/12/30 15:50:58 | 000,069,206 | ---- | C] () -- C:\Users\Danny\Desktop\Merkblatt_Einzureichende_Belege_ab_VZ2011_Ansichts-PDF.pdf
[2012/10/19 00:37:36 | 000,116,224 | ---- | C] () -- C:\windows\System32\redmonnt.dll
[2012/10/19 00:37:36 | 000,045,056 | ---- | C] () -- C:\windows\System32\unredmon.exe
[2011/07/04 15:32:45 | 000,007,621 | ---- | C] () -- C:\Users\Danny\AppData\Local\Resmon.ResmonCfg
[2011/04/21 08:46:39 | 000,393,256 | ---- | C] () -- C:\windows\System32\CNQ4809N.DAT
[2011/03/23 15:13:41 | 000,009,704 | ---- | C] () -- C:\windows\HCWPNP.INI
[2010/05/28 06:50:35 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2010/08/17 19:42:09 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\Asus
[2010/05/28 07:06:05 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\ASUS WebStorage
[2012/09/04 22:07:35 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\BatteryBar
[2012/05/09 23:29:07 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\Broken Sword 2.5
[2011/11/24 20:47:25 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\Canon
[2010/08/17 00:49:36 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1
[2010/08/18 16:17:58 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\DeltaVision
[2012/11/26 13:22:49 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\Dropbox
[2010/08/17 01:38:06 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\EeeStorageUploader
[2012/01/02 14:02:14 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\elsterformular
[2012/10/19 13:16:05 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\FreePDF
[2010/12/27 12:06:37 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\GetRightToGo
[2010/08/17 01:17:09 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\GoBoingo
[2010/11/13 19:26:02 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\ICAClient
[2012/07/24 07:31:03 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\Internet-Manager
[2010/12/27 12:09:06 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\MS-Buchhalter
[2011/08/15 21:48:25 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\OCS
[2010/08/18 07:48:41 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\OpenOffice.org
[2011/08/15 21:48:39 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\Opera
[2011/09/28 15:17:01 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\Rovio
[2011/05/17 21:55:28 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\SoftGrid Client
[2011/08/01 22:49:24 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\Swiss Academic Software
[2011/06/26 21:51:22 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\Synaptics
[2010/08/17 01:38:28 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\temp
[2010/08/17 00:09:00 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\Thunderbird
[2011/05/13 12:15:30 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\TP
[2010/08/18 21:24:40 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\Windows Live Writer
[2012/08/14 14:25:41 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\yWorks
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:AB689DEA

< End of report >
         
EXTRAS.txt
Code:
ATTFilter
OTL Extras logfile created on: 1/15/2013 1:36:04 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Danny\Desktop
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1014.12 Mb Total Physical Memory | 491.21 Mb Available Physical Memory | 48.44% Memory free
1.99 Gb Paging File | 1.13 Gb Available in Paging File | 56.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.00 Gb Total Space | 55.73 Gb Free Space | 55.73% Space Free | Partition Type: NTFS
Drive D: | 117.87 Gb Total Space | 30.19 Gb Free Space | 25.61% Space Free | Partition Type: NTFS
 
Computer Name: DANNY-PC | User Name: Danny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.scr [@ = scrfile] -- "%1" /S "%3"
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S "%3"
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"AutoUpdateDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12D9827D-E68C-4A4D-B547-27C5276AAF5B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{1F02B523-A70A-4521-8F7A-E01404740443}" = rport=445 | protocol=6 | dir=out | app=system | 
"{2EF29DF8-05B4-4F18-8F18-D4DA7CE99308}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary | 
"{3F15569D-A990-4D60-8326-AB55DF0F6269}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{44F30C2C-CE31-4718-91EA-90BF79F345A9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{606A869D-535C-4168-8D3C-24BB9C53E868}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{6E6299B2-885E-4471-9DA3-7E29B97DF87E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7AC75C99-C85A-4477-83F8-D997E30B0B1A}" = lport=445 | protocol=6 | dir=in | app=system | 
"{7CC8D969-6294-4FD2-BA04-C9CA60D3FD24}" = rport=139 | protocol=6 | dir=out | app=system | 
"{7EB19E55-7D19-4D2F-91E4-616F3B75C560}" = lport=138 | protocol=17 | dir=in | app=system | 
"{8C85562E-1268-438A-987D-4653E7DE1998}" = lport=139 | protocol=6 | dir=in | app=system | 
"{9189FDB7-0F60-4908-B508-6130B7218258}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{98A04DAA-33EA-4072-83AE-0A28D2597E45}" = lport=137 | protocol=17 | dir=in | app=system | 
"{9A4E19BF-A3F7-4545-8DE2-3F8370CB8ADB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A0D91D61-B780-4B5E-B7A6-F4A7F3F94AC3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A201FC9F-0B87-4AAE-88C6-80B7722C7E49}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 | 
"{A90BCA1A-751B-4A2E-B2AB-4EE026B8DA17}" = rport=137 | protocol=17 | dir=out | app=system | 
"{AE6079B6-C825-4B5C-99FC-A64C2E4C90CB}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 | 
"{B083AE7B-D4C5-4E88-A094-9980757C5F96}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{B404BAD4-7943-4FFD-B96E-DE0E99482E28}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{BA1E8C6A-C8EC-41EB-8EBF-3EA5B5BB1B12}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{BF1DD50F-9977-4324-B735-5C7C671C1483}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{CA7192D2-FC1C-4C78-8B67-EB3A8012B8F5}" = rport=138 | protocol=17 | dir=out | app=system | 
"{E156E7AD-C325-4FE8-8535-35F5D5DC0231}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E87D5E42-F192-4B89-8043-4EDFDE0B5163}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F4C27420-1C5E-4414-80EF-4ED97A3F1A6A}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{F5A4E98C-03D8-41DF-8300-C9DF24636CE7}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary | 
"{FD20F2E3-A591-4139-9004-566DA8B82ED6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0517116C-D0E8-446C-9C72-98123591A900}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{0ACD9B26-9673-4C28-8AF3-D10D8AA61A35}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{241089C1-E410-4CF4-B48B-83884243BCFD}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{26BBAD95-E06E-449D-A416-E3CA0E08433B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{28FC1FEB-090C-49D2-BDDF-CDE888044866}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{2D6EFA0F-7B28-41B7-995D-AFC2345914A1}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{32CA4C7C-C449-4B03-BE7F-C99E1B79B825}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{3EBA39D7-7BB4-4ADD-A61B-DA6307CD1063}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{48585F49-2409-46D6-B375-A4A5D2AC14DF}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{52A610A9-10A2-42EB-8B0A-169818C1C967}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{78922A2F-9BE4-4294-AF0E-67F3281DF894}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{A143D63E-5D1C-42A0-9E82-3893F22F195F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{A247D571-E068-4F61-95D0-EBA8528955DB}" = protocol=17 | dir=in | app=c:\users\danny\appdata\roaming\dropbox\bin\dropbox.exe | 
"{A852C37D-A086-4679-98BC-B03E751601AD}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{AEB71E96-77D9-4C0F-AD7D-5FBAA896E132}" = protocol=6 | dir=in | app=c:\users\danny\appdata\roaming\dropbox\bin\dropbox.exe | 
"{AEC030CA-707B-4096-93CF-15CB1864B35E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{BA5A977C-EE74-4850-BFDF-B786688E8B0E}" = protocol=6 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{C1AC876F-D3C3-4E4E-97F9-F5D0734E35C7}" = protocol=17 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{CF73E322-2C16-483A-B54C-FD0920A8F599}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{EEDD54AB-9237-4512-A167-B8393C321B12}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{F309993C-29DE-49E3-BA03-16288AD5C542}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"TCP Query User{3BFCAEA8-2FF6-4F74-B368-54600AA6D82B}C:\program files\yworks\yed\yed.exe" = protocol=6 | dir=in | app=c:\program files\yworks\yed\yed.exe | 
"TCP Query User{A02200B6-46B5-4E85-B1B5-6F54F4F319EE}C:\users\danny\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\danny\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{C384783C-A4D5-44CC-9C50-7C6316CD530A}C:\program files\yworks\yed\yed.exe" = protocol=6 | dir=in | app=c:\program files\yworks\yed\yed.exe | 
"UDP Query User{9B2D190F-942D-42EB-994E-E396F5A6868D}C:\program files\yworks\yed\yed.exe" = protocol=17 | dir=in | app=c:\program files\yworks\yed\yed.exe | 
"UDP Query User{A10B38BD-61BD-4F2B-8376-3E786C845DF3}C:\users\danny\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\danny\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{FA5C925D-06D0-4047-AB1C-3550B015D68C}C:\program files\yworks\yed\yed.exe" = protocol=17 | dir=in | app=c:\program files\yworks\yed\yed.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4809" = CanoScan LiDE 210 Scanner Driver
"{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}" = Synaptics Gesture Suite featuring SYNAPTICS | Scrybe
"{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"{1E11EE30-C0D4-46BC-9142-27EB4C37BE35}" = Angry Birds
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{27D28586-BEF1-4E06-8787-3B1FC3A41489}" = congstar Internet-Manager
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate
"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B5092B6-F231-4D18-83BC-2618B729CA45}" = CapsHook
"{4FCBCF89-1823-4D97-A6F2-0E8DD66E273A}" = Broadcom Wireless Network Adapter
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6333FC29-BFE5-4024-AC78-958A1A7555D1}" = EeeSplendid
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.9.0
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{84C2B80B-64A2-4B22-93EC-F30C3D6BF7D8}" = Boingo Wi-Fi
"{859D40CF-8491-44AD-8FA8-7389CB418C64}" = 32 Bit HP CIO Components Installer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AC7CCB3C-8E86-4165-9363-30B7CCCD9742}" = Angry Birds Rio
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{D44AA979-47C2-4BC0-A860-09A54224EA44}_is1" = Game Park Console
"{D802DD00-16A8-4A58-AFC9-020C2380ECDA}" = EeeSplendid
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3D2DEDC-4732-4188-8A3A-1A3FFBD4D6C8}" = ebi.BookReader3J
"{F58C1D44-4AC9-48E8-9049-7A6CDFCB415C}" = LocaleMe
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"3309-7404-0599-8908" = yEd Graph Editor 3.10
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASUS VIBE" = ASUS VIBE
"ASUS WebStorage" = ASUS WebStorage
"Avira AntiVir Desktop" = Avira Free Antivirus
"BatteryBar" = BatteryBar (remove only)
"Broken Sword 2.5_is1" = Broken Sword 2.5
"CanonSolutionMenuEX" = Canon Solution Menu EX
"CCleaner" = CCleaner
"Citrix ICA Web Client" = Citrix ICA Web Client
"Dirty Split" = Dirty Split (remove only)
"Eee Docking_is1" = Eee Docking 3.7.0
"ElsterFormular" = ElsterFormular
"ESET Online Scanner" = ESET Online Scanner v3
"Eye of the Kraken_is1" = Eye of the Kraken
"FormatFactory" = FormatFactory 2.96
"GPL Ghostscript 9.04" = GPL Ghostscript
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Im Dschungel der kleinsten Teilchen" = Im Dschungel der kleinsten Teilchen
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"Intel AppUp(SM) center 28264" = Intel AppUp(SM) center
"lgx4.lgx.server" = G DATA Logox4 Speechengine
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 18.0 (x86 de)" = Mozilla Firefox 18.0 (x86 de)
"Mozilla Thunderbird 17.0.2 (x86 de)" = Mozilla Thunderbird 17.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"MS-Buchhalter Start" = MS-Buchhalter Start 3.0
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"OOBERegBackup_is1" = OOBERegBackup
"Opera 12.01.1532" = Opera 12.01
"Patrimonium_is1" = Patrimonium 1.04
"Pushy & the magic blocks_is1" = Pushy 1.0
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"ScreenSaverPatch_is1" = ScreenSaverPatch
"Sudoku Generator" = Sudoku Generator 2.63
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 2/6/2012 3:50:47 AM | Computer Name = Danny-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: 
 
Error - 2/17/2012 4:36:46 AM | Computer Name = Danny-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: 
 
Error - 2/17/2012 6:46:27 AM | Computer Name = Danny-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: 
 
Error - 2/17/2012 8:10:29 AM | Computer Name = Danny-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: 
 
Error - 2/18/2012 2:14:44 PM | Computer Name = Danny-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: 
 
Error - 3/10/2012 6:24:34 PM | Computer Name = Danny-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: 
 
Error - 3/15/2012 4:26:36 AM | Computer Name = Danny-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: 
 
Error - 3/19/2012 2:21:33 AM | Computer Name = Danny-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: 
 
Error - 4/3/2012 8:18:40 AM | Computer Name = Danny-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: 
 
Error - 4/3/2012 10:25:16 AM | Computer Name = Danny-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: 
 
[ System Events ]
Error - 1/10/2013 6:22:47 AM | Computer Name = Danny-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 1/10/2013 6:26:40 AM | Computer Name = Danny-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 1/10/2013 2:21:19 PM | Computer Name = Danny-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 1/13/2013 3:21:06 PM | Computer Name = Danny-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 1/13/2013 5:41:34 PM | Computer Name = Danny-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 1/14/2013 7:14:38 AM | Computer Name = Danny-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 1/14/2013 11:23:56 AM | Computer Name = Danny-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 1/14/2013 12:03:03 PM | Computer Name = Danny-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 1/14/2013 12:03:21 PM | Computer Name = Danny-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-1073473535.
 
Error - 1/14/2013 12:03:21 PM | Computer Name = Danny-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
 
< End of report >
         
Gmer.log (ich bekomme leider keine .txt Datei)
Code:
ATTFilter
GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-01-15 02:33:47
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST925031 rev.0003 232,89GB
Running: gmer-2.0.18444.exe; Driver: C:\Users\Danny\AppData\Local\Temp\fgloapog.sys


---- Kernel code sections - GMER 2.0 ----

.text  ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                                                                                                                                                           81C54A49 1 Byte  [06]
.text  ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                                                                                                                             81C8E4D2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- Registry - GMER 2.0 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\1c4bd61e3759                                                                                                                                                        
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06da05c07                                                                                                                                                        
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\1c4bd61e3759 (not active ControlSet)                                                                                                                                    
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06da05c07 (not active ControlSet)                                                                                                                                    
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intel\xae Matrix Storage Manager\Intel\xae Matrix Storage Console.lnk  1
Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\xae Matrix Storage Manager\Intel\xae Matrix Storage Console.lnk                          1

---- EOF - GMER 2.0 ----
         
Malwarebytes
Code:
ATTFilter
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.15.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Danny :: DANNY-PC [Administrator]

15.01.2013 09:52:23
mbam-log-2013-01-15 (09-52-23).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|Q:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 315302
Laufzeit: 1 Stunde(n), 55 Minute(n), 10 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Alt 18.01.2013, 14:25   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.ZPACK.GEN8 in C:\Windows\System32\wmidxu.dll durch Avira gefunden und isoliert - Standard

TR/Crypt.ZPACK.GEN8 in C:\Windows\System32\wmidxu.dll durch Avira gefunden und isoliert





Zitat:
da Avira den Trojaner erkannt und in Quarantäne gestellt hat.
Schön und wo sind die Logs dazu?

Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner siehe http://www.trojaner-board.de/125889-...tml#post941520


Bitte alles nach Möglichkeit hier in CODE-Tags posten.
Zitat:
Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 18.01.2013, 20:59   #3
Dakur
 
TR/Crypt.ZPACK.GEN8 in C:\Windows\System32\wmidxu.dll durch Avira gefunden und isoliert - Standard

TR/Crypt.ZPACK.GEN8 in C:\Windows\System32\wmidxu.dll durch Avira gefunden und isoliert



Hallo Cosinus,

Danke schon einmal im Voraus für Deine Hilfe. Ich würde Dir liebend gerne Logdateien zur Verfügung stellen. Leider weiß ich nicht, wie ich an eine Logdatei von dem Trojaner kommen soll. Bei Avira ist unter der Angabe des Trojaners im Bericht keine Logdatei gespeichert worden. Des Weiteren kann ich jetzt seit der Isolierung keinen neuen Scan mit Avira durchführen, da wie oben beschrieben das Avira Control Center nicht mehr funtioniert und die anderen Scanprogramme den Trojaner in der Quarantäne nicht mehr erkennen. Muss ich nun, damit ich an eine Logdatei herankomme, den Trojaner wiederherstellen, um ihn mit z.B. Malwarebytes erkennen zu können. Ich dachte, die anderen Programmen und deren erstellte Logdateien reichen aus, den Trojaner nachzuweisen.
Nun bin ich leider etwas ratlos, wie ich an eine Logdatei des Trojaners herankommen soll.

Viele Grüße
Dakur
__________________

Alt 20.01.2013, 18:15   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.ZPACK.GEN8 in C:\Windows\System32\wmidxu.dll durch Avira gefunden und isoliert - Standard

TR/Crypt.ZPACK.GEN8 in C:\Windows\System32\wmidxu.dll durch Avira gefunden und isoliert



Ok, dann keine Logs von Avira
Hast du noch weitere von Malwarebytes, welche mit Funden? Wenn ja bitte alle posten!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.01.2013, 11:46   #5
Dakur
 
TR/Crypt.ZPACK.GEN8 in C:\Windows\System32\wmidxu.dll durch Avira gefunden und isoliert - Standard

TR/Crypt.ZPACK.GEN8 in C:\Windows\System32\wmidxu.dll durch Avira gefunden und isoliert



Anbei nun doch unverhofft eine Logdatei von Avira. Falls diese Daten nicht reichen sollten, kann ich noch eine vollständige Systemprüfung laufen lassen, dann wird die Logdatei allerdings so groß, dass ich sie hier nicht mehr einfügen kann. Des Weiteren habe ich Dir den Ereignistext der Isolierung und eine Art Quarantänebericht gepostet. Vielleicht helfen Dir diese auch noch weiter.

Avira Logdatei
Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Montag, 21. Januar 2013  06:37


Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Avira Free Antivirus
Seriennummer   : 0000149996-ADJIE-0000001
Plattform      : Windows 7 Starter
Windowsversion : (Service Pack 1)  [6.1.7601]
Boot Modus     : Normal gebootet
Benutzername   : SYSTEM
Computername   : DANNY-PC

Versionsinformationen:
BUILD.DAT      : 13.0.0.2890    48567 Bytes  05.12.2012 17:11:00
AVSCAN.EXE     : 13.6.0.402    639264 Bytes  11.12.2012 15:07:33
AVSCANRC.DLL   : 13.4.0.360     64800 Bytes  11.12.2012 15:07:33
LUKE.DLL       : 13.6.0.400     67360 Bytes  11.12.2012 15:07:46
AVSCPLR.DLL    : 13.6.0.402     93984 Bytes  11.12.2012 09:03:34
AVREG.DLL      : 13.6.0.406    248096 Bytes  11.12.2012 09:03:34
avlode.dll     : 13.6.1.402    428832 Bytes  11.12.2012 09:03:34
avlode.rdf     : 13.0.0.26       7958 Bytes  11.12.2012 09:03:34
VBASE000.VDF   : 7.10.0.0    19875328 Bytes  06.11.2009 13:50:29
VBASE001.VDF   : 7.11.0.0    13342208 Bytes  14.12.2010 13:50:31
VBASE002.VDF   : 7.11.19.170 14374912 Bytes  20.12.2011 13:50:34
VBASE003.VDF   : 7.11.21.238  4472832 Bytes  01.02.2012 13:50:36
VBASE004.VDF   : 7.11.26.44   4329472 Bytes  28.03.2012 13:50:37
VBASE005.VDF   : 7.11.34.116  4034048 Bytes  29.06.2012 13:42:40
VBASE006.VDF   : 7.11.41.250  4902400 Bytes  06.09.2012 13:42:40
VBASE007.VDF   : 7.11.50.230  3904512 Bytes  22.11.2012 18:57:42
VBASE008.VDF   : 7.11.55.142  2214912 Bytes  03.01.2013 11:31:58
VBASE009.VDF   : 7.11.55.143     2048 Bytes  03.01.2013 11:31:58
VBASE010.VDF   : 7.11.55.144     2048 Bytes  03.01.2013 11:31:58
VBASE011.VDF   : 7.11.55.145     2048 Bytes  03.01.2013 11:31:58
VBASE012.VDF   : 7.11.55.146     2048 Bytes  03.01.2013 11:31:58
VBASE013.VDF   : 7.11.55.196   260096 Bytes  04.01.2013 09:18:46
VBASE014.VDF   : 7.11.56.23    206848 Bytes  07.01.2013 19:21:53
VBASE015.VDF   : 7.11.56.83    186880 Bytes  08.01.2013 19:21:53
VBASE016.VDF   : 7.11.56.145   135168 Bytes  09.01.2013 20:58:27
VBASE017.VDF   : 7.11.56.211   139776 Bytes  11.01.2013 19:25:33
VBASE018.VDF   : 7.11.57.11    153088 Bytes  13.01.2013 19:25:34
VBASE019.VDF   : 7.11.57.75    165888 Bytes  15.01.2013 20:36:45
VBASE020.VDF   : 7.11.57.163   190976 Bytes  17.01.2013 20:07:08
VBASE021.VDF   : 7.11.57.219   119808 Bytes  18.01.2013 20:24:28
VBASE022.VDF   : 7.11.57.220     2048 Bytes  18.01.2013 20:24:28
VBASE023.VDF   : 7.11.57.221     2048 Bytes  18.01.2013 20:24:28
VBASE024.VDF   : 7.11.57.222     2048 Bytes  18.01.2013 20:24:28
VBASE025.VDF   : 7.11.57.223     2048 Bytes  18.01.2013 20:24:28
VBASE026.VDF   : 7.11.57.224     2048 Bytes  18.01.2013 20:24:28
VBASE027.VDF   : 7.11.57.225     2048 Bytes  18.01.2013 20:24:28
VBASE028.VDF   : 7.11.57.226     2048 Bytes  18.01.2013 20:24:28
VBASE029.VDF   : 7.11.57.227     2048 Bytes  18.01.2013 20:24:28
VBASE030.VDF   : 7.11.57.228     2048 Bytes  18.01.2013 20:24:29
VBASE031.VDF   : 7.11.57.250   115200 Bytes  20.01.2013 19:46:40
Engineversion  : 8.2.10.232
AEVDF.DLL      : 8.1.2.10      102772 Bytes  19.09.2012 13:42:55
AESCRIPT.DLL   : 8.1.4.82      467323 Bytes  17.01.2013 20:07:09
AESCN.DLL      : 8.1.10.0      131445 Bytes  13.12.2012 16:24:51
AESBX.DLL      : 8.2.5.12      606578 Bytes  28.08.2012 15:58:06
AERDL.DLL      : 8.2.0.88      643444 Bytes  10.01.2013 18:26:21
AEPACK.DLL     : 8.3.1.2       819574 Bytes  20.12.2012 22:34:16
AEOFFICE.DLL   : 8.1.2.50      201084 Bytes  05.11.2012 15:21:29
AEHEUR.DLL     : 8.1.4.174    5615991 Bytes  10.01.2013 18:26:20
AEHELP.DLL     : 8.1.25.2      258423 Bytes  17.10.2012 09:22:33
AEGEN.DLL      : 8.1.6.14      434548 Bytes  10.01.2013 18:26:16
AEEXP.DLL      : 8.3.0.10      188789 Bytes  17.01.2013 20:07:09
AEEMU.DLL      : 8.1.3.2       393587 Bytes  19.09.2012 13:42:55
AECORE.DLL     : 8.1.30.0      201079 Bytes  13.12.2012 16:24:49
AEBB.DLL       : 8.1.1.4        53619 Bytes  05.11.2012 15:21:12
AVWINLL.DLL    : 13.4.0.163     25888 Bytes  19.09.2012 17:09:30
AVPREF.DLL     : 13.4.0.360     50464 Bytes  11.12.2012 15:07:32
AVREP.DLL      : 13.4.0.360    177952 Bytes  11.12.2012 09:03:34
AVARKT.DLL     : 13.6.0.402    260384 Bytes  11.12.2012 15:07:25
AVEVTLOG.DLL   : 13.6.0.400    167200 Bytes  11.12.2012 15:07:28
SQLITE3.DLL    : 3.7.0.1       397088 Bytes  19.09.2012 17:17:40
AVSMTP.DLL     : 13.4.0.163     62240 Bytes  19.09.2012 17:08:54
NETNT.DLL      : 13.4.0.360     15648 Bytes  11.12.2012 15:07:46
RCIMAGE.DLL    : 13.4.0.360   4780832 Bytes  11.12.2012 15:07:23
RCTEXT.DLL     : 13.4.0.360     68384 Bytes  11.12.2012 15:07:23

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Schnelle Systemprüfung
Konfigurationsdatei...................: C:\Program Files\Avira\AntiVir Desktop\quicksysscan.avp
Protokollierung.......................: erweitert
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Intelligente Dateiauswahl
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Abweichende Gefahrenkategorien........: +JOKE,+PCK,

Beginn des Suchlaufs: Montag, 21. Januar 2013  06:37

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '104' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '98' Modul(e) wurden durchsucht
Durchsuche Prozess 'TrustedInstaller.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPHelper.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxsrvc.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'CapsHook.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'SuperHybridEngine.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'HotkeyService.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'HotKeyMon.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '84' Modul(e) wurden durchsucht
Durchsuche Prozess 'AsScrPro.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAAnotif.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'ATKOSD2.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'HControlUser.exe' - '13' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxpers.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'hkcmd.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxtray.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '235' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAANTMon.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'ScrybeUpdater.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'cvpnd.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'btwdins.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'AsusService.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '84' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLANExt.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'ASLDRSrv.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '88' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '86' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '159' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '100' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
C:\windows\system32\
C:\Program Files\asus\OOBERegBackup\
C:\Program Files\ASUS\ATK Hotkey\
C:\Program Files\ASUS\ATKOSD2\
C:\windows\system32\
C:\Program Files\EeePC\HotkeyService\
C:\Program Files\EeePC\CapsHook\
C:\Program Files\EeePC\SHE\
C:\Program Files\Intel\Intel Matrix Storage Manager\
C:\Program Files\ASUS\APRP\
C:\Program Files\Synaptics\SynTP\
C:\windows\
C:\Program Files\Avira\AntiVir Desktop\
C:\Program Files\Windows Sidebar\
C:\Program Files\BatteryBar\
C:\windows\
C:\windows\system32\
C:\Program Files\Windows Mail\
C:\windows\system32\
C:\windows\
C:\windows\system32\
C:\Program Files\Tracker Software\Shell Extensions\
C:\windows\system32\
C:\Program Files\Avira\AntiVir Desktop\
C:\Program Files\Malwarebytes' Anti-Malware\
C:\Program Files\WIDCOMM\Bluetooth Software\
C:\windows\system32\
C:\Program Files\ASUS\ASUS WebStorage\SERVICE\
C:\windows\WindowsMobile\
C:\Program Files\FreeTime\FormatFactory\FFModules\Filters\
C:\Program Files\FreeTime\FormatFactory\FFModules\Filters\ffdshow\
C:\Program Files\FreeTime\FormatFactory\FFModules\Filters\
C:\Program Files\FreeTime\FormatFactory\FFModules\Filters\Haali\
C:\Program Files\FreeTime\FormatFactory\FFModules\AviSynthPlugins\
C:\Program Files\FreeTime\FormatFactory\FFModules\Filters\
C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\
C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\
C:\Program Files\Java\jre7\bin\
C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\
C:\windows\system32\
C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\
C:\windows\system32\
C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\
C:\windows\system32\
C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\
C:\windows\system32\
C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\
C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\
C:\windows\system32\
C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\
C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\
C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner\
C:\Program Files\CCleaner\
C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner\
C:\Program Files\CCleaner\
C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\
C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\
C:\Users\Danny\AppData\Roaming\Dropbox\bin\
C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\
C:\Users\Danny\AppData\Roaming\Dropbox\bin\
C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory\
C:\Program Files\FreeTime\FormatFactory\
C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory\
C:\windows\system32\
C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory\
C:\Program Files\FreeTime\FormatFactory\
C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\
C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\yEd Graph Editor\
C:\Program Files\yWorks\yEd\
C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\yEd Graph Editor\
C:\Program Files\yWorks\yEd\
C:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\
C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\
C:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\
C:\windows\Speech\Common\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\
C:\windows\system32\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\
C:\windows\system32\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\
C:\windows\system32\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\
C:\windows\system32\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\
C:\windows\system32\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\
C:\windows\System32\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\
C:\windows\system32\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\
C:\windows\system32\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\
C:\windows\system32\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\
C:\windows\system32\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\
C:\windows\system32\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\
C:\windows\system32\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\
C:\windows\system32\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\
C:\windows\system32\migwiz\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\
C:\windows\system32\migwiz\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\
C:\windows\system32\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\
C:\windows\system32\WindowsPowerShell\v1.0\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\
C:\windows\system32\WindowsPowerShell\v1.0\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\
C:\Program Files\Windows NT\Accessories\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\
C:\windows\system32\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\
C:\windows\system32\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\
C:\windows\system32\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\
C:\windows\system32\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\
C:\windows\system32\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\
C:\windows\system32\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\
C:\windows\system32\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\
C:\windows\system32\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\
C:\windows\system32\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\
C:\windows\system32\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\ASUS VIBE\
C:\Program Files\ASUS\ASUS VIBE\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\ASUS VIBE\
C:\Program Files\ASUS\ASUS VIBE\1.0.188\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\ASUS WebStorage\
C:\Program Files\ASUS\ASUS WebStorage\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\ASUSUpdate for Eee PC\
C:\Program Files\ASUS\ASUSUpdate for Eee PC\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\ASUSUpdate for Eee PC\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\Eee Docking\
C:\Program Files\ASUS\Eee Docking\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\Eee Docking\
C:\Program Files\ASUS\Eee Docking\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\Eee Splendid\
C:\Program Files\ASUS\EeeSplendid\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\Eee Splendid\
C:\Program Files\InstallShield Installation Information\{6333FC29-BFE5-4024-AC78-958A1A7555D1}\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\EeePC\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\EeePC\Super Hybrid Engine\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\FontResizer\
C:\Program Files\ASUS\FontResizer\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\FontResizer\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AsusTek Computer\Hotkey Service\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Avira Desktop\
C:\Program Files\Avira\AntiVir Desktop\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Avira Desktop\
C:\Program Files\Avira\AntiVir Desktop\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Avira Desktop\
C:\Program Files\Avira\AntiVir Desktop\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Avira Desktop\
C:\Program Files\Avira\AntiVir Desktop\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon CanoScan LiDE 210 Manual\
C:\Program Files\Canon\IJ Manual\Easy Guide Viewer\
C:\PROGRAM FILES\Canon\IJ Manual\CANON CANOSCAN LIDE 210\German\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon CanoScan LiDE 210 Manual\
C:\Program Files\Canon\IJ Manual\CANON CANOSCAN LIDE 210\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\MP Navigator EX 4.0\
C:\Program Files\Canon\MP Navigator EX 4.0\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\MP Navigator EX 4.0\
C:\Program Files\Canon\MP Navigator EX 4.0\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\MP Navigator EX 4.0\
C:\Program Files\Canon\MP Navigator EX 4.0\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\Solution Menu EX\
C:\Program Files\Canon\Solution Menu EX\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\Solution Menu EX\
C:\Program Files\Canon\Solution Menu EX\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\Solution Menu EX\
C:\Program Files\Canon\Solution Menu EX\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CanoScan LiDE 210\
C:\Program Files\CanonBJ\IJScan\CNQ4809\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CanoScan LiDE 210\
C:\Windows\System32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4809\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Systems VPN Client\
C:\Windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Systems VPN Client\
C:\Windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citavi 3\
C:\Program Files\Citavi 3\bin\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\congstar Internet-Manager\
C:\Program Files\congstar\Internet-Manager\Bin\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\congstar Internet-Manager\
C:\Windows\System32\SupportAppZXH\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular\2007-2008 NE\
C:\Program Files\ElsterFormular\2007-2008 NE\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular\2007-2008 NE\
C:\Program Files\ElsterFormular\2007-2008 NE\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular\2007-2008 NE\
C:\Program Files\ElsterFormular\2007-2008 NE\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular\2007-2008 NE\
C:\Program Files\ElsterFormular\2007-2008 NE\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular\2008-2009\
C:\Program Files\ElsterFormular\2008-2009\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular\2008-2009\
C:\Program Files\ElsterFormular\2008-2009\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular\2008-2009\
C:\Program Files\ElsterFormular\2008-2009\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular\2008-2009\
C:\Program Files\ElsterFormular\2008-2009\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular\
C:\ProgramData\elsterformular\setup\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular\
C:\Program Files\ElsterFormular\bin\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular\
C:\Program Files\ElsterFormular\bin\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular\
C:\Program Files\ElsterFormular\bin\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular\
C:\Program Files\ElsterFormular\bin\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular\
C:\Program Files\ElsterFormular\bin\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular\
C:\Program Files\ElsterFormular\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel AppUp(SM) center\
C:\Program Files\Intel\IntelAppStore\bin\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel AppUp(SM) center\
C:\Program Files\Intel\IntelAppStore\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® Matrix Storage Manager\
C:\Program Files\Intel\Intel Matrix Storage Manager\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\
C:\windows\system32\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\
C:\windows\system32\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\
C:\Program Files\Malwarebytes' Anti-Malware\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\
C:\Program Files\Malwarebytes' Anti-Malware\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\
C:\Program Files\Malwarebytes' Anti-Malware\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Tools\
C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\
C:\Program Files\Mozilla Firefox\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\
C:\Program Files\Mozilla Thunderbird\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1\
C:\Program Files\OpenOffice.org 3\program\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1\
C:\Program Files\OpenOffice.org 3\program\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1\
C:\Program Files\OpenOffice.org 3\program\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1\
C:\Program Files\OpenOffice.org 3\program\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1\
C:\Program Files\OpenOffice.org 3\program\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1\
C:\Program Files\OpenOffice.org 3\program\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1\
C:\Program Files\OpenOffice.org 3\program\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer\
C:\Program Files\Tracker Software\Live Update\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer\
C:\Program Files\Tracker Software\PDF Viewer\Help\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer\
C:\Program Files\Tracker Software\PDF Viewer\Help\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer\
C:\Program Files\Tracker Software\PDF Viewer\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer\
C:\Program Files\Tracker Software\PDF Viewer\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24\
C:\Program Files\PDF24\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24\
C:\Program Files\PDF24\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rovio\Angry Birds\
C:\Program Files\Rovio\Angry Birds\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rovio\Angry Birds Rio\
C:\Windows\Installer\{AC7CCB3C-8E86-4165-9363-30B7CCCD9742}\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Scrybe\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sudoku Generator 2.63\
C:\Program Files\Sudoku Generator\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sudoku Generator 2.63\
C:\windows\
C:\Program Files\Sudoku Generator\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sudoku Generator 2.63\
C:\Program Files\Sudoku Generator\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\
C:\windows\system32\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\
C:\windows\system32\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\
C:\Program Files\Windows Media Player\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\
C:\windows\system32\
C:\ProgramData\Microsoft\Windows\Start Menu\
C:\windows\system32\
C:\Program Files\Synaptics\SynTP\
C:\Program Files\Mozilla Thunderbird\uninstall\
C:\Users\Danny\Downloads\
C:\windows\system32\wbem\
C:\windows\system32\drivers\
C:\Program Files\Common Files\Adobe\ARM\1.0\
C:\windows\system32\Macromed\Flash\
C:\windows\system32\DRIVERS\
C:\windows\system32\
C:\windows\system32\drivers\
C:\windows\System32\
C:\windows\system32\drivers\
C:\Program Files\Avira\AntiVir Desktop\
C:\windows\system32\drivers\
C:\Program Files\ASUS\ATK Hotkey\
C:\windows\system32\drivers\
C:\Windows\System32\
C:\windows\system32\DRIVERS\
C:\Program Files\WIDCOMM\Bluetooth Software\
C:\windows\system32\DRIVERS\
C:\windows\system32\
C:\windows\Microsoft.NET\Framework\v2.0.50727\
C:\windows\Microsoft.NET\Framework\v4.0.30319\
C:\windows\system32\DRIVERS\
C:\windows\system32\
C:\windows\system32\DRIVERS\
C:\Program Files\Cisco Systems\VPN Client\
C:\windows\system32\Drivers\
C:\windows\system32\
C:\windows\system32\Drivers\
C:\windows\System32\
C:\windows\system32\DRIVERS\
C:\windows\system32\
C:\windows\system32\DRIVERS\
C:\windows\Microsoft.Net\Framework\v3.0\WPF\
C:\windows\system32\drivers\
C:\Program Files\Intel\Intel Matrix Storage Manager\
C:\windows\system32\DRIVERS\
C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\
C:\windows\system32\DRIVERS\
C:\Program Files\Mozilla Maintenance Service\
C:\windows\system32\drivers\
C:\windows\System32\
C:\windows\System32\drivers\
C:\windows\system32\
C:\windows\system32\drivers\
C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\
C:\windows\system32\DRIVERS\
C:\windows\system32\
C:\windows\system32\DRIVERS\
C:\windows\system32\
C:\windows\system32\DRIVERS\
C:\Program Files\Synaptics\Scrybe\Service\
C:\windows\system32\
C:\windows\system32\DRIVERS\
C:\windows\System32\
C:\windows\system32\DRIVERS\
C:\windows\system32\
C:\windows\system32\DRIVERS\
C:\windows\servicing\
C:\windows\system32\DRIVERS\
C:\windows\system32\
C:\windows\system32\drivers\
C:\windows\System32\
C:\windows\system32\DRIVERS\
C:\windows\system32\
C:\windows\system32\DRIVERS\
C:\windows\system32\
C:\windows\system32\DRIVERS\
C:\windows\system32\wbem\
C:\Program Files\Windows Media Player\
C:\windows\system32\drivers\
C:\windows\system32\
C:\windows\system32\drivers\
C:\windows\System32\
C:\windows\WindowsMobile\
C:\windows\System32\
C:\windows\WindowsMobile\
C:\windows\System32\
C:\Program Files\Windows Defender\
C:\windows\system32\
C:\windows\system32\wbem\
C:\windows\system32\
Die Registry wurde durchsucht ( '4488' Dateien ).



Ende des Suchlaufs: Montag, 21. Januar 2013  06:39
Benötigte Zeit: 01:24 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

      0 Verzeichnisse wurden überprüft
   5121 Dateien wurden geprüft
      0 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      0 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
   5121 Dateien ohne Befall
     28 Archive wurden durchsucht
      0 Warnungen
      0 Hinweise
         
Quarantänebericht
Code:
ATTFilter

Typ:	Datei
Quelle:	C:\Windows\System32\wmidxu.dll
Status:	Infiziert
Quarantäne-Objekt:	59f2d647.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.02.10.232
Virendefinitionsdatei:	7.11.57.230
Meldung:	TR/Crypt.ZPACK.Gen8
Datum/Uhrzeit:	18.01.2013, 21:37


Typ:	Datei
Quelle:	C:\Windows\System32\wmidxu.dll
Status:	Infiziert
Quarantäne-Objekt:	45e64408.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.02.10.230
Virendefinitionsdatei:	7.11.57.44
Meldung:	TR/Crypt.ZPACK.Gen8
Datum/Uhrzeit:	14.01.2013, 12:47


Typ:	Datei
Quelle:	C:\Windows\System32\wmidxu.dll
Status:	Infiziert
Quarantäne-Objekt:	5d716040.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.02.10.230
Virendefinitionsdatei:	7.11.57.44
Meldung:	TR/Crypt.ZPACK.Gen8
Datum/Uhrzeit:	14.01.2013, 12:47
         
Ereignistext
Code:
ATTFilter
Exportierte Ereignisse:

Exportierte Ereignisse:

14.01.2013 22:21 [System-Scanner] Malware gefunden
      Die Datei 'C:\Windows\System32\wmidxu.dll'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.Gen8' [trojan].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '59f2d647.qua' 
      verschoben!

14.01.2013 12:47 [System-Scanner] Malware gefunden
      Die Datei 'C:\Windows\System32\wmidxu.dll'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.Gen8' [trojan].
      Durchgeführte Aktion(en):
      Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler 
      aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26003.
      Die Datei konnte nicht gelöscht werden!
      Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen.
      Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden!
      Die Datei konnte nicht gelöscht werden!

14.01.2013 12:45 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Windows\System32\wmidxu.dll'
      wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.Gen8' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern
         


Geändert von Dakur (21.01.2013 um 11:52 Uhr) Grund: Ergänzung des Ereignistextes

Alt 21.01.2013, 12:01   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.ZPACK.GEN8 in C:\Windows\System32\wmidxu.dll durch Avira gefunden und isoliert - Standard

TR/Crypt.ZPACK.GEN8 in C:\Windows\System32\wmidxu.dll durch Avira gefunden und isoliert



Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
--> TR/Crypt.ZPACK.GEN8 in C:\Windows\System32\wmidxu.dll durch Avira gefunden und isoliert

Alt 21.01.2013, 12:51   #7
Dakur
 
TR/Crypt.ZPACK.GEN8 in C:\Windows\System32\wmidxu.dll durch Avira gefunden und isoliert - Standard

TR/Crypt.ZPACK.GEN8 in C:\Windows\System32\wmidxu.dll durch Avira gefunden und isoliert



Hier nun die combofix logdatei. Den Antivir konnte ich irgendwie nicht ganz abschalten. Ich habe aber den Echtzeitscanner und alle Funktionen des Antispy ausgeschaltet. Es gab keine Warnmeldungen. Ich hoffe, das Programm konnte ungehindert arbeiten.

Code:
ATTFilter
ComboFix 13-01-21.01 - Danny 21.01.2013  13:20:30.1.2 - x86
Microsoft Windows 7 Starter   6.1.7601.1.1252.49.1031.18.1014.418 [GMT 1:00]
ausgeführt von:: c:\users\Danny\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\FullRemove.exe
c:\users\Danny\4.0
c:\users\Danny\AppData\Local\assembly\tmp
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-12-21 bis 2013-01-21  ))))))))))))))))))))))))))))))
.
.
2013-01-21 12:34 . 2013-01-21 12:34	--------	d-----w-	c:\users\Danny\AppData\Local\temp
2013-01-21 12:34 . 2013-01-21 12:34	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-01-15 22:37 . 2013-01-15 22:37	--------	d-----w-	c:\users\Danny\AppData\Local\Tracker Software
2013-01-15 22:31 . 2013-01-12 02:30	94112	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-01-15 01:55 . 2013-01-15 01:55	--------	d-----w-	c:\users\Danny\AppData\Roaming\Malwarebytes
2013-01-15 01:54 . 2013-01-15 01:54	--------	d-----w-	c:\programdata\Malwarebytes
2013-01-15 01:54 . 2013-01-15 01:55	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2013-01-15 01:54 . 2012-12-14 15:49	21104	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-01-15 01:54 . 2013-01-15 01:54	--------	d-----w-	c:\users\Danny\AppData\Local\Programs
2013-01-14 19:09 . 2013-01-14 19:09	--------	d-----w-	c:\program files\ESET
2013-01-10 07:48 . 2012-12-07 12:20	2576384	----a-w-	c:\windows\system32\gameux.dll
2013-01-10 07:47 . 2012-11-20 04:51	220160	----a-w-	c:\windows\system32\ncrypt.dll
2013-01-10 07:47 . 2012-11-23 02:48	49152	----a-w-	c:\windows\system32\taskhost.exe
2013-01-08 19:50 . 2013-01-09 20:55	--------	d-----w-	c:\program files\Mozilla Thunderbird
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 21:10 . 2012-06-12 18:58	74248	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-09 21:10 . 2012-06-12 18:58	697864	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-12-16 14:13 . 2012-12-21 00:47	295424	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 00:47	34304	----a-w-	c:\windows\system32\atmlib.dll
2012-12-11 15:07 . 2012-10-17 09:18	83944	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-12-11 15:07 . 2012-10-17 09:18	134336	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-11-14 02:09 . 2012-12-12 11:42	1800704	----a-w-	c:\windows\system32\jscript9.dll
2012-11-14 01:58 . 2012-12-12 11:42	1427968	----a-w-	c:\windows\system32\inetcpl.cpl
2012-11-14 01:57 . 2012-12-12 11:42	1129472	----a-w-	c:\windows\system32\wininet.dll
2012-11-14 01:49 . 2012-12-12 11:42	142848	----a-w-	c:\windows\system32\ieUnatt.exe
2012-11-14 01:48 . 2012-12-12 11:42	420864	----a-w-	c:\windows\system32\vbscript.dll
2012-11-14 01:44 . 2012-12-12 11:42	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-11-13 16:16 . 2012-10-17 09:18	36552	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-11-09 04:42 . 2012-12-12 11:22	2048	----a-w-	c:\windows\system32\tzres.dll
2012-11-08 10:29 . 2012-11-08 10:29	1402312	----a-w-	c:\windows\system32\msxml4.dll
2012-11-02 05:11 . 2012-12-12 11:22	376832	----a-w-	c:\windows\system32\dpnet.dll
2013-01-18 20:42 . 2013-01-18 20:41	262552	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}"
[HKEY_CLASSES_ROOT\CLSID\{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{618A47A2-528B-4D9A-AFC8-97D3233511E2}"
[HKEY_CLASSES_ROOT\CLSID\{618A47A2-528B-4D9A-AFC8-97D3233511E2}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	94208	----a-w-	c:\users\Danny\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	94208	----a-w-	c:\users\Danny\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	94208	----a-w-	c:\users\Danny\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShowBatteryBar"="c:\program files\BatteryBar\ShowBatteryBar.exe" [2009-05-28 90624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-10 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-10 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-10 150552]
"OOBESetup"="c:\program files\asus\OOBERegBackup\OOBERegBackup.exe" [2009-12-11 334848]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKOSD2"="c:\program files\ASUS\ATKOSD2\ATKOSD2.exe" [2010-02-04 7350912]
"HotkeyMon"="AsusSender.exe" [2010-03-03 29184]
"HotkeyService"="AsusSender.exe" [2010-03-03 29184]
"CapsHook"="AsusSender.exe" [2010-03-03 29184]
"SuperHybridEngine"="AsusSender.exe" [2010-03-03 29184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"ASUSPRP"="c:\program files\ASUS\APRP\APRP.EXE" [2010-05-28 2018032]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-03-31 2221352]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2010-05-28 3058304]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-12-11 384800]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MCtlSvc.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\MCtlSvc.lnk
backup=c:\windows\pss\MCtlSvc.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Scrybe.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Scrybe.lnk
backup=c:\windows\pss\Scrybe.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Danny^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Danny^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk]
path=c:\users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.4.1.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Danny^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.lnk]
path=c:\users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.lnk
backup=c:\windows\pss\OpenOffice.org 3.4.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51	919008	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS WebStorage]
2010-03-16 01:48	1754448	----a-w-	c:\program files\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2012-12-11 15:07	384800	----a-w-	c:\program files\Avira\AntiVir Desktop\avgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenuEx]
2010-12-02 13:12	1316248	----a-w-	c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eee Docking]
2010-03-29 23:29	415920	----a-w-	c:\program files\ASUS\Eee Docking\Eee Docking.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intel AppUp(SM) center]
2011-11-01 16:52	1328	----a-w-	c:\program files\Intel\IntelAppStore\bin\ismagent.lnk
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intel AppUp(SM) center_Nagware]
2011-11-01 16:52	2205	----a-w-	c:\program files\Intel\IntelAppStore\bin\AppUp.lnk
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LiveUpdate]
2010-03-03 05:21	29184	----a-w-	c:\windows\System32\AsusSender.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ocs_SM]
2011-08-15 20:48	106496	----a-w-	c:\users\Danny\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
2012-09-06 11:12	162408	----a-w-	c:\program files\PDF24\pdf24.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2010-04-22 03:57	8546848	------w-	c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2010-11-20 12:17	1174016	----a-w-	c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 07:04	252848	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
2007-05-31 07:21	648072	----a-w-	c:\windows\WindowsMobile\wmdc.exe
.
R2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 hcw95bda;Hauppauge MOD7700 Tuner Driver;c:\windows\system32\Drivers\hcw95bda.sys [x]
R3 hcw95rc;Hauppauge MOD7700 IR Driver;c:\windows\system32\DRIVERS\hcw95rc.sys [x]
R3 HSPADataCardusbmdm;HSPADataCard Proprietary USB Driver;c:\windows\system32\DRIVERS\HSPADataCardusbmdm.sys [x]
R3 HSPADataCardusbnmea;HSPADataCard NMEA Port;c:\windows\system32\DRIVERS\HSPADataCardusbnmea.sys [x]
R3 HSPADataCardusbser;HSPADataCard Diagnostic Port;c:\windows\system32\DRIVERS\HSPADataCardusbser.sys [x]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S0 BMLoad;Bytemobile Boot Time Load Driver;c:\windows\system32\drivers\BMLoad.sys [x]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 ScrybeUpdater;Scrybe-Updateprogramm;c:\program files\Synaptics\Scrybe\Service\ScrybeUpdater.exe [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-25 21:10]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\xnh2q9it.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - (no file)
Toolbar-Locked - (no file)
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-Boingo Wi-Fi - c:\program files\Boingo\Boingo Wi-Fi\Boingo.lnk
MSConfigStartUp-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil10n_Plugin.exe
MSConfigStartUp-FreePDF Assistant - c:\program files\FreePDF_XP\fpassist.exe
MSConfigStartUp-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
MSConfigStartUp-UCam_Menu - c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-21  13:38:24
ComboFix-quarantined-files.txt  2013-01-21 12:38
.
Vor Suchlauf: 7 Verzeichnis(se), 65.548.406.784 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 65.533.534.208 Bytes frei
.
- - End Of File - - 7CA61A5D03D796AB76F4E2B2C9F89CC3
         

Alt 21.01.2013, 13:06   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.ZPACK.GEN8 in C:\Windows\System32\wmidxu.dll durch Avira gefunden und isoliert - Standard

TR/Crypt.ZPACK.GEN8 in C:\Windows\System32\wmidxu.dll durch Avira gefunden und isoliert



Malwarebytes Anti-Rootkit

Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Entpacke das Archiv auf deinem Desktop.
  • Im neu erstellten Ordner starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 22.01.2013, 09:37   #9
Dakur
 
TR/Crypt.ZPACK.GEN8 in C:\Windows\System32\wmidxu.dll durch Avira gefunden und isoliert - Standard

TR/Crypt.ZPACK.GEN8 in C:\Windows\System32\wmidxu.dll durch Avira gefunden und isoliert



Hier nun der Meldetext von Malwarebytes:
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1016
www.malwarebytes.org

Database version: v2013.01.22.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Danny :: DANNY-PC [administrator]

22.01.2013 10:33:44
mbar-log-2013-01-22 (10-33-44).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 27627
Time elapsed: 19 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         

Alt 22.01.2013, 09:43   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.ZPACK.GEN8 in C:\Windows\System32\wmidxu.dll durch Avira gefunden und isoliert - Standard

TR/Crypt.ZPACK.GEN8 in C:\Windows\System32\wmidxu.dll durch Avira gefunden und isoliert



1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.


2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 22.01.2013, 10:38   #11
Dakur
 
TR/Crypt.ZPACK.GEN8 in C:\Windows\System32\wmidxu.dll durch Avira gefunden und isoliert - Standard

TR/Crypt.ZPACK.GEN8 in C:\Windows\System32\wmidxu.dll durch Avira gefunden und isoliert



Anbei nun die Ergebnisse

aswMBR
Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-22 11:10:19
-----------------------------
11:10:19.236    OS Version: Windows 6.1.7601 Service Pack 1
11:10:19.236    Number of processors: 2 586 0x1C0A
11:10:19.236    ComputerName: DANNY-PC  UserName: Danny
11:10:21.342    Initialize success
11:12:48.858    AVAST engine defs: 13012101
11:13:03.459    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
11:13:03.459    Disk 0 Vendor: ST925031 0003 Size: 238475MB BusType: 3
11:13:03.522    Disk 0 MBR read successfully
11:13:03.522    Disk 0 MBR scan
11:13:03.615    Disk 0 Windows 7 default MBR code
11:13:03.631    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       102400 MB offset 2048
11:13:03.693    Disk 0 Partition 2 00     1B   Hidd FAT32 MSDOS5.0    15360 MB offset 209717248
11:13:03.724    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       120694 MB offset 241174528
11:13:03.787    Disk 0 Partition 4 00     EF      EFI FAT                20 MB offset 488355840
11:13:03.849    Disk 0 scanning sectors +488397168
11:13:03.943    Disk 0 scanning C:\windows\system32\drivers
11:13:25.674    Service scanning
11:14:07.700    Modules scanning
11:14:36.966    Disk 0 trace - called modules:
11:14:37.013    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys 
11:14:37.028    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84c4f030]
11:14:37.059    3 CLASSPNP.SYS[8699559e] -> nt!IofCallDriver -> [0x84234ec8]
11:14:37.075    5 ACPI.sys[862bc3d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84221028]
11:14:37.839    AVAST engine scan C:\windows
11:14:44.267    AVAST engine scan C:\windows\system32
11:20:17.920    AVAST engine scan C:\windows\system32\drivers
11:20:45.501    AVAST engine scan C:\Users\Danny
11:26:09.732    AVAST engine scan C:\ProgramData
11:26:45.596    Scan finished successfully
11:27:43.753    Disk 0 MBR has been saved successfully to "C:\Users\Danny\Desktop\MBR.dat"
11:27:43.769    The log file has been saved successfully to "C:\Users\Danny\Desktop\aswMBR.txt"
         
TDSS-Killer
Code:
ATTFilter
11:29:53.0726 2024  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
11:29:54.0412 2024  ============================================================
11:29:54.0412 2024  Current date / time: 2013/01/22 11:29:54.0412
11:29:54.0412 2024  SystemInfo:
11:29:54.0412 2024  
11:29:54.0412 2024  OS Version: 6.1.7601 ServicePack: 1.0
11:29:54.0412 2024  Product type: Workstation
11:29:54.0412 2024  ComputerName: DANNY-PC
11:29:54.0412 2024  UserName: Danny
11:29:54.0412 2024  Windows directory: C:\windows
11:29:54.0412 2024  System windows directory: C:\windows
11:29:54.0412 2024  Processor architecture: Intel x86
11:29:54.0428 2024  Number of processors: 2
11:29:54.0428 2024  Page size: 0x1000
11:29:54.0428 2024  Boot type: Normal boot
11:29:54.0428 2024  ============================================================
11:29:56.0253 2024  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:29:56.0253 2024  ============================================================
11:29:56.0253 2024  \Device\Harddisk0\DR0:
11:29:56.0253 2024  MBR partitions:
11:29:56.0253 2024  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xC800000
11:29:56.0253 2024  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xE600800, BlocksNum 0xEBBB000
11:29:56.0253 2024  ============================================================
11:29:56.0268 2024  C: <-> \Device\Harddisk0\DR0\Partition1
11:29:56.0315 2024  D: <-> \Device\Harddisk0\DR0\Partition2
11:29:56.0346 2024  ============================================================
11:29:56.0346 2024  Initialize success
11:29:56.0346 2024  ============================================================
11:31:08.0496 3272  ============================================================
11:31:08.0496 3272  Scan started
11:31:08.0496 3272  Mode: Manual; SigCheck; TDLFS; 
11:31:08.0496 3272  ============================================================
11:31:08.0777 3272  ================ Scan system memory ========================
11:31:08.0777 3272  System memory - ok
11:31:08.0777 3272  ================ Scan services =============================
11:31:08.0980 3272  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
11:31:09.0230 3272  1394ohci - ok
11:31:09.0261 3272  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\windows\system32\drivers\ACPI.sys
11:31:09.0323 3272  ACPI - ok
11:31:09.0354 3272  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
11:31:09.0448 3272  AcpiPmi - ok
11:31:09.0604 3272  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
11:31:09.0635 3272  AdobeARMservice - ok
11:31:09.0729 3272  [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:31:09.0776 3272  AdobeFlashPlayerUpdateSvc - ok
11:31:09.0838 3272  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\windows\system32\DRIVERS\adp94xx.sys
11:31:09.0900 3272  adp94xx - ok
11:31:09.0947 3272  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\windows\system32\DRIVERS\adpahci.sys
11:31:09.0994 3272  adpahci - ok
11:31:10.0025 3272  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\windows\system32\DRIVERS\adpu320.sys
11:31:10.0072 3272  adpu320 - ok
11:31:10.0119 3272  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
11:31:10.0197 3272  AeLookupSvc - ok
11:31:10.0244 3272  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\windows\system32\drivers\afd.sys
11:31:10.0322 3272  AFD - ok
11:31:10.0368 3272  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\windows\system32\drivers\agp440.sys
11:31:10.0400 3272  agp440 - ok
11:31:10.0446 3272  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\windows\system32\DRIVERS\djsvs.sys
11:31:10.0493 3272  aic78xx - ok
11:31:10.0540 3272  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\windows\System32\alg.exe
11:31:10.0618 3272  ALG - ok
11:31:10.0649 3272  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\windows\system32\drivers\aliide.sys
11:31:10.0696 3272  aliide - ok
11:31:10.0743 3272  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\windows\system32\drivers\amdagp.sys
11:31:10.0774 3272  amdagp - ok
11:31:10.0805 3272  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\windows\system32\drivers\amdide.sys
11:31:10.0836 3272  amdide - ok
11:31:10.0883 3272  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\windows\system32\DRIVERS\amdk8.sys
11:31:10.0961 3272  AmdK8 - ok
11:31:10.0992 3272  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\windows\system32\DRIVERS\amdppm.sys
11:31:11.0055 3272  AmdPPM - ok
11:31:11.0102 3272  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\windows\system32\drivers\amdsata.sys
11:31:11.0164 3272  amdsata - ok
11:31:11.0211 3272  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\windows\system32\DRIVERS\amdsbs.sys
11:31:11.0258 3272  amdsbs - ok
11:31:11.0289 3272  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\windows\system32\drivers\amdxata.sys
11:31:11.0320 3272  amdxata - ok
11:31:11.0429 3272  [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
11:31:11.0460 3272  AntiVirSchedulerService - ok
11:31:11.0507 3272  [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
11:31:11.0538 3272  AntiVirService - ok
11:31:11.0585 3272  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\windows\system32\drivers\appid.sys
11:31:11.0757 3272  AppID - ok
11:31:11.0804 3272  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\windows\System32\appidsvc.dll
11:31:11.0897 3272  AppIDSvc - ok
11:31:11.0944 3272  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\windows\System32\appinfo.dll
11:31:12.0053 3272  Appinfo - ok
11:31:12.0131 3272  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\windows\system32\DRIVERS\arc.sys
11:31:12.0178 3272  arc - ok
11:31:12.0209 3272  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\windows\system32\DRIVERS\arcsas.sys
11:31:12.0256 3272  arcsas - ok
11:31:12.0334 3272  [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService    C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
11:31:12.0599 3272  ASLDRService - ok
11:31:12.0630 3272  [ 561D6B76C045311691B870F6B3F19EAB ] AsUpIO          C:\windows\system32\drivers\AsUpIO.sys
11:31:12.0864 3272  AsUpIO - ok
11:31:12.0927 3272  [ C4FB2613D3C75364BB159B9C23A00E7A ] AsusService     C:\Windows\System32\AsusService.exe
11:31:12.0958 3272  AsusService ( UnsignedFile.Multi.Generic ) - warning
11:31:12.0958 3272  AsusService - detected UnsignedFile.Multi.Generic (1)
11:31:13.0005 3272  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
11:31:13.0145 3272  AsyncMac - ok
11:31:13.0192 3272  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\windows\system32\drivers\atapi.sys
11:31:13.0239 3272  atapi - ok
11:31:13.0301 3272  [ 76BAB0C824E2D05B940C4DD40A9B08BF ] athr            C:\windows\system32\DRIVERS\athr.sys
11:31:13.0426 3272  athr - ok
11:31:13.0504 3272  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
11:31:13.0644 3272  AudioEndpointBuilder - ok
11:31:13.0691 3272  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\windows\System32\Audiosrv.dll
11:31:13.0785 3272  Audiosrv - ok
11:31:13.0863 3272  [ A5C175039B1D6D85D0E79F5855828E4D ] avgntflt        C:\windows\system32\DRIVERS\avgntflt.sys
11:31:14.0097 3272  avgntflt - ok
11:31:14.0128 3272  [ 37B854C7D1F477E66C5B49C7700C47CC ] avipbb          C:\windows\system32\DRIVERS\avipbb.sys
11:31:14.0378 3272  avipbb - ok
11:31:14.0409 3272  [ FFB78D74E1EA5F811341A6E7AC547A46 ] avkmgr          C:\windows\system32\DRIVERS\avkmgr.sys
11:31:14.0658 3272  avkmgr - ok
11:31:14.0705 3272  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\windows\System32\AxInstSV.dll
11:31:14.0814 3272  AxInstSV - ok
11:31:14.0861 3272  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\windows\system32\DRIVERS\bxvbdx.sys
11:31:14.0970 3272  b06bdrv - ok
11:31:15.0017 3272  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\windows\system32\DRIVERS\b57nd60x.sys
11:31:15.0080 3272  b57nd60x - ok
11:31:15.0236 3272  [ 80D944F8240A5A80CCA5DD575AD4E6E4 ] BCM43XX         C:\windows\system32\DRIVERS\bcmwl6.sys
11:31:15.0688 3272  BCM43XX - ok
11:31:15.0828 3272  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\windows\System32\bdesvc.dll
11:31:15.0922 3272  BDESVC - ok
11:31:15.0969 3272  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\windows\system32\drivers\Beep.sys
11:31:16.0062 3272  Beep - ok
11:31:16.0125 3272  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\windows\System32\bfe.dll
11:31:16.0265 3272  BFE - ok
11:31:16.0312 3272  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\windows\System32\qmgr.dll
11:31:16.0452 3272  BITS - ok
11:31:16.0484 3272  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
11:31:16.0530 3272  blbdrive - ok
11:31:16.0593 3272  [ 70CD6D71FC48BBBD1385D7B35AEADECC ] BMLoad          C:\windows\system32\drivers\BMLoad.sys
11:31:16.0842 3272  BMLoad ( UnsignedFile.Multi.Generic ) - warning
11:31:16.0842 3272  BMLoad - detected UnsignedFile.Multi.Generic (1)
11:31:16.0874 3272  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
11:31:16.0952 3272  bowser - ok
11:31:16.0983 3272  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\windows\system32\DRIVERS\BrFiltLo.sys
11:31:17.0045 3272  BrFiltLo - ok
11:31:17.0061 3272  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\windows\system32\DRIVERS\BrFiltUp.sys
11:31:17.0123 3272  BrFiltUp - ok
11:31:17.0170 3272  [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP        C:\windows\system32\DRIVERS\bridge.sys
11:31:17.0279 3272  BridgeMP - ok
11:31:17.0326 3272  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\windows\System32\browser.dll
11:31:17.0420 3272  Browser - ok
11:31:17.0435 3272  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\windows\System32\Drivers\Brserid.sys
11:31:17.0513 3272  Brserid - ok
11:31:17.0544 3272  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
11:31:17.0638 3272  BrSerWdm - ok
11:31:17.0669 3272  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
11:31:17.0732 3272  BrUsbMdm - ok
11:31:17.0732 3272  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
11:31:17.0810 3272  BrUsbSer - ok
11:31:17.0872 3272  [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum         C:\windows\system32\drivers\BthEnum.sys
11:31:18.0028 3272  BthEnum - ok
11:31:18.0059 3272  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\windows\system32\DRIVERS\bthmodem.sys
11:31:18.0122 3272  BTHMODEM - ok
11:31:18.0153 3272  [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan          C:\windows\system32\DRIVERS\bthpan.sys
11:31:18.0215 3272  BthPan - ok
11:31:18.0278 3272  [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT         C:\windows\System32\Drivers\BTHport.sys
11:31:18.0371 3272  BTHPORT - ok
11:31:18.0418 3272  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\windows\system32\bthserv.dll
11:31:18.0527 3272  bthserv - ok
11:31:18.0558 3272  [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB          C:\windows\System32\Drivers\BTHUSB.sys
11:31:18.0621 3272  BTHUSB - ok
11:31:18.0668 3272  [ AD1AA3B85F1B9125E31935DF98266B37 ] btwampfl        C:\windows\system32\drivers\btwampfl.sys
11:31:18.0917 3272  btwampfl - ok
11:31:18.0933 3272  [ D146B5897A47500444BFA1F2CB2E3173 ] btwaudio        C:\windows\system32\drivers\btwaudio.sys
11:31:19.0182 3272  btwaudio - ok
11:31:19.0214 3272  [ 1F9CD885F1C548BE93962CCABDB632E4 ] btwavdt         C:\windows\system32\DRIVERS\btwavdt.sys
11:31:19.0448 3272  btwavdt - ok
11:31:19.0510 3272  [ 765C410D031B9D55BFE09FE3F233262A ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
11:31:19.0588 3272  btwdins - ok
11:31:19.0619 3272  [ DE53089F0678CB5F0AFEB867ACB0FB05 ] btwl2cap        C:\windows\system32\DRIVERS\btwl2cap.sys
11:31:19.0853 3272  btwl2cap - ok
11:31:19.0884 3272  [ A2D6C7B7B62A6C42DCB01204A6BD6FC2 ] btwrchid        C:\windows\system32\DRIVERS\btwrchid.sys
11:31:20.0118 3272  btwrchid - ok
11:31:20.0212 3272  catchme - ok
11:31:20.0243 3272  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
11:31:20.0352 3272  cdfs - ok
11:31:20.0384 3272  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\windows\system32\DRIVERS\cdrom.sys
11:31:20.0446 3272  cdrom - ok
11:31:20.0508 3272  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\windows\System32\certprop.dll
11:31:20.0602 3272  CertPropSvc - ok
11:31:20.0633 3272  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\windows\system32\DRIVERS\circlass.sys
11:31:20.0696 3272  circlass - ok
11:31:20.0727 3272  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\windows\system32\CLFS.sys
11:31:20.0789 3272  CLFS - ok
11:31:20.0867 3272  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:31:20.0914 3272  clr_optimization_v2.0.50727_32 - ok
11:31:20.0992 3272  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:31:21.0039 3272  clr_optimization_v4.0.30319_32 - ok
11:31:21.0070 3272  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
11:31:21.0117 3272  CmBatt - ok
11:31:21.0132 3272  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\windows\system32\drivers\cmdide.sys
11:31:21.0179 3272  cmdide - ok
11:31:21.0242 3272  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG             C:\windows\system32\Drivers\cng.sys
11:31:21.0335 3272  CNG - ok
11:31:21.0382 3272  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\windows\system32\DRIVERS\compbatt.sys
11:31:21.0429 3272  Compbatt - ok
11:31:21.0460 3272  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\windows\system32\drivers\CompositeBus.sys
11:31:21.0522 3272  CompositeBus - ok
11:31:21.0554 3272  COMSysApp - ok
11:31:21.0585 3272  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\windows\system32\DRIVERS\crcdisk.sys
11:31:21.0632 3272  crcdisk - ok
11:31:21.0678 3272  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\windows\system32\cryptsvc.dll
11:31:21.0741 3272  CryptSvc - ok
11:31:21.0772 3272  [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA          C:\windows\system32\DRIVERS\CVirtA.sys
11:31:21.0834 3272  CVirtA - ok
11:31:21.0944 3272  [ 66257CB4E4FB69887CDDC71663741435 ] CVPND           C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
11:31:22.0100 3272  CVPND - ok
11:31:22.0162 3272  [ 18994842386FD3039279D7865740ABBD ] CVPNDRVA        C:\windows\system32\Drivers\CVPNDRVA.sys
11:31:22.0193 3272  CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
11:31:22.0193 3272  CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
11:31:22.0256 3272  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\windows\system32\rpcss.dll
11:31:22.0365 3272  DcomLaunch - ok
11:31:22.0412 3272  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\windows\System32\defragsvc.dll
11:31:22.0505 3272  defragsvc - ok
11:31:22.0552 3272  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\windows\system32\Drivers\dfsc.sys
11:31:22.0661 3272  DfsC - ok
11:31:22.0708 3272  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\windows\system32\dhcpcore.dll
11:31:22.0802 3272  Dhcp - ok
11:31:22.0833 3272  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\windows\system32\drivers\discache.sys
11:31:22.0942 3272  discache - ok
11:31:22.0989 3272  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\windows\system32\DRIVERS\disk.sys
11:31:23.0036 3272  Disk - ok
11:31:23.0082 3272  [ B5AA5AA5AC327BD7C1AEC0C58F0C1144 ] DNE             C:\windows\system32\DRIVERS\dne2000.sys
11:31:23.0145 3272  DNE - ok
11:31:23.0192 3272  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\windows\System32\dnsrslvr.dll
11:31:23.0270 3272  Dnscache - ok
11:31:23.0316 3272  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\windows\System32\dot3svc.dll
11:31:23.0426 3272  dot3svc - ok
11:31:23.0472 3272  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\windows\system32\dps.dll
11:31:23.0582 3272  DPS - ok
11:31:23.0613 3272  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
11:31:23.0675 3272  drmkaud - ok
11:31:23.0738 3272  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
11:31:23.0831 3272  DXGKrnl - ok
11:31:23.0878 3272  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\windows\System32\eapsvc.dll
11:31:23.0987 3272  EapHost - ok
11:31:24.0112 3272  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\windows\system32\DRIVERS\evbdx.sys
11:31:24.0299 3272  ebdrv - ok
11:31:24.0330 3272  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\windows\System32\lsass.exe
11:31:24.0408 3272  EFS - ok
11:31:24.0455 3272  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\windows\system32\DRIVERS\elxstor.sys
11:31:24.0533 3272  elxstor - ok
11:31:24.0564 3272  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\windows\system32\drivers\errdev.sys
11:31:24.0611 3272  ErrDev - ok
11:31:24.0689 3272  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\windows\system32\es.dll
11:31:24.0814 3272  EventSystem - ok
11:31:24.0830 3272  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\windows\system32\drivers\exfat.sys
11:31:24.0939 3272  exfat - ok
11:31:24.0954 3272  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\windows\system32\drivers\fastfat.sys
11:31:25.0064 3272  fastfat - ok
11:31:25.0126 3272  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\windows\system32\fxssvc.exe
11:31:25.0251 3272  Fax - ok
11:31:25.0282 3272  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\windows\system32\DRIVERS\fdc.sys
11:31:25.0344 3272  fdc - ok
11:31:25.0376 3272  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\windows\system32\fdPHost.dll
11:31:25.0485 3272  fdPHost - ok
11:31:25.0516 3272  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\windows\system32\fdrespub.dll
11:31:25.0610 3272  FDResPub - ok
11:31:25.0641 3272  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
11:31:25.0688 3272  FileInfo - ok
11:31:25.0719 3272  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
11:31:25.0812 3272  Filetrace - ok
11:31:25.0844 3272  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\windows\system32\DRIVERS\flpydisk.sys
11:31:25.0890 3272  flpydisk - ok
11:31:25.0922 3272  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
11:31:25.0984 3272  FltMgr - ok
11:31:26.0046 3272  [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache       C:\windows\system32\FntCache.dll
11:31:26.0171 3272  FontCache - ok
11:31:26.0234 3272  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
11:31:26.0265 3272  FontCache3.0.0.0 - ok
11:31:26.0296 3272  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
11:31:26.0343 3272  FsDepends - ok
11:31:26.0374 3272  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
11:31:26.0405 3272  Fs_Rec - ok
11:31:26.0468 3272  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
11:31:26.0530 3272  fvevol - ok
11:31:26.0577 3272  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\windows\system32\DRIVERS\gagp30kx.sys
11:31:26.0608 3272  gagp30kx - ok
11:31:26.0670 3272  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\windows\System32\gpsvc.dll
11:31:26.0795 3272  gpsvc - ok
11:31:26.0826 3272  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
11:31:26.0904 3272  hcw85cir - ok
11:31:26.0982 3272  [ A9157AFE4B6F32DCCE9BD18FECD53A0D ] hcw95bda        C:\windows\system32\Drivers\hcw95bda.sys
11:31:27.0076 3272  hcw95bda - ok
11:31:27.0107 3272  [ EB77F3C96C62E65CC25F04220B9A204A ] hcw95rc         C:\windows\system32\DRIVERS\hcw95rc.sys
11:31:27.0154 3272  hcw95rc - ok
11:31:27.0216 3272  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
11:31:27.0279 3272  HdAudAddService - ok
11:31:27.0326 3272  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\windows\system32\drivers\HDAudBus.sys
11:31:27.0404 3272  HDAudBus - ok
11:31:27.0435 3272  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\windows\system32\DRIVERS\HidBatt.sys
11:31:27.0482 3272  HidBatt - ok
11:31:27.0497 3272  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\windows\system32\DRIVERS\hidbth.sys
11:31:27.0560 3272  HidBth - ok
11:31:27.0575 3272  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\windows\system32\DRIVERS\hidir.sys
11:31:27.0653 3272  HidIr - ok
11:31:27.0684 3272  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\windows\System32\hidserv.dll
11:31:27.0778 3272  hidserv - ok
11:31:27.0809 3272  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\windows\system32\DRIVERS\hidusb.sys
11:31:27.0872 3272  HidUsb - ok
11:31:27.0918 3272  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\windows\system32\kmsvc.dll
11:31:28.0012 3272  hkmsvc - ok
11:31:28.0059 3272  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\windows\system32\ListSvc.dll
11:31:28.0137 3272  HomeGroupListener - ok
11:31:28.0184 3272  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\windows\system32\provsvc.dll
11:31:28.0277 3272  HomeGroupProvider - ok
11:31:28.0324 3272  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
11:31:28.0371 3272  HpSAMD - ok
11:31:28.0418 3272  [ 9ABBF69E625B62080E080750EC524181 ] HSPADataCardusbmdm C:\windows\system32\DRIVERS\HSPADataCardusbmdm.sys
11:31:28.0496 3272  HSPADataCardusbmdm - ok
11:31:28.0542 3272  [ 9ABBF69E625B62080E080750EC524181 ] HSPADataCardusbnmea C:\windows\system32\DRIVERS\HSPADataCardusbnmea.sys
11:31:28.0574 3272  HSPADataCardusbnmea - ok
11:31:28.0620 3272  [ 9ABBF69E625B62080E080750EC524181 ] HSPADataCardusbser C:\windows\system32\DRIVERS\HSPADataCardusbser.sys
11:31:28.0652 3272  HSPADataCardusbser - ok
11:31:28.0714 3272  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\windows\system32\drivers\HTTP.sys
11:31:28.0823 3272  HTTP - ok
11:31:28.0870 3272  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
11:31:28.0901 3272  hwpolicy - ok
11:31:28.0964 3272  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\windows\system32\drivers\i8042prt.sys
11:31:29.0010 3272  i8042prt - ok
11:31:29.0104 3272  [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON        C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
11:31:29.0354 3272  IAANTMON - ok
11:31:29.0400 3272  [ D483687EACE0C065EE772481A96E05F5 ] iaStor          C:\windows\system32\DRIVERS\iaStor.sys
11:31:29.0650 3272  iaStor - ok
11:31:29.0681 3272  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
11:31:29.0744 3272  iaStorV - ok
11:31:29.0837 3272  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:31:29.0931 3272  idsvc - ok
11:31:30.0102 3272  [ D0074897C6BC132F3980EA4654BF7FB9 ] igfx            C:\windows\system32\DRIVERS\igdkmd32.sys
11:31:30.0383 3272  igfx - ok
11:31:30.0430 3272  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\windows\system32\DRIVERS\iirsp.sys
11:31:30.0477 3272  iirsp - ok
11:31:30.0555 3272  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\windows\System32\ikeext.dll
11:31:30.0680 3272  IKEEXT - ok
11:31:30.0820 3272  [ C5DF8A7FDC75019BF8D8AA4B56BE85C0 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHDA.sys
11:31:31.0241 3272  IntcAzAudAddService - ok
11:31:31.0397 3272  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\windows\system32\drivers\intelide.sys
11:31:31.0444 3272  intelide - ok
11:31:31.0475 3272  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
11:31:31.0538 3272  intelppm - ok
11:31:31.0569 3272  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\windows\system32\ipbusenum.dll
11:31:31.0678 3272  IPBusEnum - ok
11:31:31.0709 3272  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
11:31:31.0818 3272  IpFilterDriver - ok
11:31:31.0881 3272  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
11:31:31.0974 3272  iphlpsvc - ok
11:31:32.0021 3272  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
11:31:32.0084 3272  IPMIDRV - ok
11:31:32.0115 3272  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\windows\system32\drivers\ipnat.sys
11:31:32.0224 3272  IPNAT - ok
11:31:32.0255 3272  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\windows\system32\drivers\irenum.sys
11:31:32.0349 3272  IRENUM - ok
11:31:32.0396 3272  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\windows\system32\drivers\isapnp.sys
11:31:32.0442 3272  isapnp - ok
11:31:32.0474 3272  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
11:31:32.0520 3272  iScsiPrt - ok
11:31:32.0552 3272  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\windows\system32\DRIVERS\kbdclass.sys
11:31:32.0598 3272  kbdclass - ok
11:31:32.0630 3272  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\windows\system32\DRIVERS\kbdhid.sys
11:31:32.0676 3272  kbdhid - ok
11:31:32.0739 3272  [ 3EB803312987FF44265C87CB960DF6AB ] kbfiltr         C:\windows\system32\DRIVERS\kbfiltr.sys
11:31:32.0973 3272  kbfiltr - ok
11:31:33.0004 3272  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\windows\system32\lsass.exe
11:31:33.0051 3272  KeyIso - ok
11:31:33.0098 3272  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
11:31:33.0129 3272  KSecDD - ok
11:31:33.0176 3272  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
11:31:33.0223 3272  KSecPkg - ok
11:31:33.0269 3272  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\windows\system32\msdtckrm.dll
11:31:33.0379 3272  KtmRm - ok
11:31:33.0441 3272  [ 6EF8146358452995A4A9335E44ABB015 ] L1C             C:\windows\system32\DRIVERS\L1C62x86.sys
11:31:33.0675 3272  L1C - ok
11:31:33.0722 3272  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\windows\System32\srvsvc.dll
11:31:33.0847 3272  LanmanServer - ok
11:31:33.0878 3272  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
11:31:33.0987 3272  LanmanWorkstation - ok
11:31:34.0034 3272  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
11:31:34.0127 3272  lltdio - ok
11:31:34.0174 3272  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\windows\System32\lltdsvc.dll
11:31:34.0283 3272  lltdsvc - ok
11:31:34.0315 3272  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\windows\System32\lmhsvc.dll
11:31:34.0408 3272  lmhosts - ok
11:31:34.0471 3272  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\windows\system32\DRIVERS\lsi_fc.sys
11:31:34.0517 3272  LSI_FC - ok
11:31:34.0533 3272  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\windows\system32\DRIVERS\lsi_sas.sys
11:31:34.0595 3272  LSI_SAS - ok
11:31:34.0611 3272  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\windows\system32\DRIVERS\lsi_sas2.sys
11:31:34.0658 3272  LSI_SAS2 - ok
11:31:34.0673 3272  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\windows\system32\DRIVERS\lsi_scsi.sys
11:31:34.0720 3272  LSI_SCSI - ok
11:31:34.0751 3272  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\windows\system32\drivers\luafv.sys
11:31:34.0845 3272  luafv - ok
11:31:34.0923 3272  [ D5673785903639D186DC345FF86F423F ] massfilter      C:\windows\system32\drivers\massfilter.sys
11:31:34.0985 3272  massfilter - ok
11:31:35.0017 3272  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\windows\system32\DRIVERS\megasas.sys
11:31:35.0063 3272  megasas - ok
11:31:35.0110 3272  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\windows\system32\DRIVERS\MegaSR.sys
11:31:35.0157 3272  MegaSR - ok
11:31:35.0188 3272  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\windows\system32\mmcss.dll
11:31:35.0297 3272  MMCSS - ok
11:31:35.0329 3272  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\windows\system32\drivers\modem.sys
11:31:35.0422 3272  Modem - ok
11:31:35.0453 3272  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\windows\system32\DRIVERS\monitor.sys
11:31:35.0516 3272  monitor - ok
11:31:35.0547 3272  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
11:31:35.0594 3272  mouclass - ok
11:31:35.0609 3272  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
11:31:35.0672 3272  mouhid - ok
11:31:35.0719 3272  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
11:31:35.0750 3272  mountmgr - ok
11:31:35.0828 3272  [ 9C3758018DED02F4AE53CCA1C5F084A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
11:31:35.0875 3272  MozillaMaintenance - ok
11:31:35.0921 3272  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\windows\system32\drivers\mpio.sys
11:31:35.0968 3272  mpio - ok
11:31:36.0015 3272  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
11:31:36.0109 3272  mpsdrv - ok
11:31:36.0155 3272  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\windows\system32\mpssvc.dll
11:31:36.0280 3272  MpsSvc - ok
11:31:36.0327 3272  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
11:31:36.0389 3272  MRxDAV - ok
11:31:36.0436 3272  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
11:31:36.0514 3272  mrxsmb - ok
11:31:36.0561 3272  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
11:31:36.0686 3272  mrxsmb10 - ok
11:31:36.0717 3272  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
11:31:36.0764 3272  mrxsmb20 - ok
11:31:36.0795 3272  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\windows\system32\drivers\msahci.sys
11:31:36.0826 3272  msahci - ok
11:31:36.0857 3272  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\windows\system32\drivers\msdsm.sys
11:31:36.0904 3272  msdsm - ok
11:31:36.0935 3272  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\windows\System32\msdtc.exe
11:31:36.0998 3272  MSDTC - ok
11:31:37.0045 3272  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\windows\system32\drivers\Msfs.sys
11:31:37.0154 3272  Msfs - ok
11:31:37.0185 3272  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
11:31:37.0279 3272  mshidkmdf - ok
11:31:37.0310 3272  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
11:31:37.0357 3272  msisadrv - ok
11:31:37.0403 3272  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
11:31:37.0513 3272  MSiSCSI - ok
11:31:37.0528 3272  msiserver - ok
11:31:37.0559 3272  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
11:31:37.0653 3272  MSKSSRV - ok
11:31:37.0684 3272  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
11:31:37.0778 3272  MSPCLOCK - ok
11:31:37.0809 3272  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
11:31:37.0903 3272  MSPQM - ok
11:31:37.0934 3272  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
11:31:37.0996 3272  MsRPC - ok
11:31:38.0043 3272  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\windows\system32\drivers\mssmbios.sys
11:31:38.0074 3272  mssmbios - ok
11:31:38.0090 3272  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
11:31:38.0183 3272  MSTEE - ok
11:31:38.0199 3272  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\windows\system32\DRIVERS\MTConfig.sys
11:31:38.0261 3272  MTConfig - ok
11:31:38.0293 3272  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\windows\system32\Drivers\mup.sys
11:31:38.0339 3272  Mup - ok
11:31:38.0386 3272  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\windows\system32\qagentRT.dll
11:31:38.0511 3272  napagent - ok
11:31:38.0558 3272  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
11:31:38.0620 3272  NativeWifiP - ok
11:31:38.0667 3272  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\windows\system32\drivers\ndis.sys
11:31:38.0761 3272  NDIS - ok
11:31:38.0792 3272  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
11:31:38.0885 3272  NdisCap - ok
11:31:38.0917 3272  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
11:31:39.0010 3272  NdisTapi - ok
11:31:39.0073 3272  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
11:31:39.0151 3272  Ndisuio - ok
11:31:39.0182 3272  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
11:31:39.0275 3272  NdisWan - ok
11:31:39.0322 3272  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
11:31:39.0431 3272  NDProxy - ok
11:31:39.0494 3272  [ 69C503C004F49AEE8B8E3067CC047BA7 ] Net Driver HPZ12 C:\windows\system32\HPZinw12.dll
11:31:39.0509 3272  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
11:31:39.0509 3272  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
11:31:39.0541 3272  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
11:31:39.0650 3272  NetBIOS - ok
11:31:39.0697 3272  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
11:31:39.0790 3272  NetBT - ok
11:31:39.0821 3272  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\windows\system32\lsass.exe
11:31:39.0868 3272  Netlogon - ok
11:31:39.0915 3272  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\windows\System32\netman.dll
11:31:40.0055 3272  Netman - ok
11:31:40.0087 3272  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\windows\System32\netprofm.dll
11:31:40.0227 3272  netprofm - ok
11:31:40.0258 3272  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:31:40.0289 3272  NetTcpPortSharing - ok
11:31:40.0352 3272  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\windows\system32\DRIVERS\nfrd960.sys
11:31:40.0383 3272  nfrd960 - ok
11:31:40.0430 3272  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\windows\System32\nlasvc.dll
11:31:40.0492 3272  NlaSvc - ok
11:31:40.0523 3272  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\windows\system32\drivers\Npfs.sys
11:31:40.0617 3272  Npfs - ok
11:31:40.0648 3272  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\windows\system32\nsisvc.dll
11:31:40.0742 3272  nsi - ok
11:31:40.0757 3272  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
11:31:40.0851 3272  nsiproxy - ok
11:31:40.0913 3272  [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
11:31:41.0038 3272  Ntfs - ok
11:31:41.0069 3272  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\windows\system32\drivers\Null.sys
11:31:41.0179 3272  Null - ok
11:31:41.0225 3272  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\windows\system32\drivers\nvraid.sys
11:31:41.0272 3272  nvraid - ok
11:31:41.0319 3272  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\windows\system32\drivers\nvstor.sys
11:31:41.0366 3272  nvstor - ok
11:31:41.0397 3272  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
11:31:41.0444 3272  nv_agp - ok
11:31:41.0475 3272  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
11:31:41.0522 3272  ohci1394 - ok
11:31:41.0569 3272  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
11:31:41.0647 3272  p2pimsvc - ok
11:31:41.0678 3272  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\windows\system32\p2psvc.dll
11:31:41.0756 3272  p2psvc - ok
11:31:41.0787 3272  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\windows\system32\DRIVERS\parport.sys
11:31:41.0834 3272  Parport - ok
11:31:41.0865 3272  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\windows\system32\drivers\partmgr.sys
11:31:41.0912 3272  partmgr - ok
11:31:41.0927 3272  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\windows\system32\DRIVERS\parvdm.sys
11:31:41.0990 3272  Parvdm - ok
11:31:42.0037 3272  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\windows\System32\pcasvc.dll
11:31:42.0099 3272  PcaSvc - ok
11:31:42.0130 3272  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\windows\system32\drivers\pci.sys
11:31:42.0177 3272  pci - ok
11:31:42.0208 3272  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\windows\system32\drivers\pciide.sys
11:31:42.0239 3272  pciide - ok
11:31:42.0286 3272  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\windows\system32\DRIVERS\pcmcia.sys
11:31:42.0333 3272  pcmcia - ok
11:31:42.0349 3272  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\windows\system32\drivers\pcw.sys
11:31:42.0395 3272  pcw - ok
11:31:42.0427 3272  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\windows\system32\drivers\peauth.sys
11:31:42.0583 3272  PEAUTH - ok
11:31:42.0707 3272  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\windows\system32\pla.dll
11:31:42.0879 3272  pla - ok
11:31:42.0926 3272  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\windows\system32\umpnpmgr.dll
11:31:43.0019 3272  PlugPlay - ok
11:31:43.0066 3272  [ 12B4549D515CB26BB8D375038017CA65 ] Pml Driver HPZ12 C:\windows\system32\HPZipm12.dll
11:31:43.0097 3272  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
11:31:43.0097 3272  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
11:31:43.0144 3272  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
11:31:43.0207 3272  PNRPAutoReg - ok
11:31:43.0238 3272  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
11:31:43.0300 3272  PNRPsvc - ok
11:31:43.0347 3272  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
11:31:43.0441 3272  PolicyAgent - ok
11:31:43.0503 3272  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\windows\system32\umpo.dll
11:31:43.0612 3272  Power - ok
11:31:43.0643 3272  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
11:31:43.0737 3272  PptpMiniport - ok
11:31:43.0768 3272  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\windows\system32\DRIVERS\processr.sys
11:31:43.0831 3272  Processor - ok
11:31:43.0877 3272  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\windows\system32\profsvc.dll
11:31:43.0955 3272  ProfSvc - ok
11:31:43.0987 3272  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\windows\system32\lsass.exe
11:31:44.0033 3272  ProtectedStorage - ok
11:31:44.0065 3272  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\windows\system32\DRIVERS\pacer.sys
11:31:44.0189 3272  Psched - ok
11:31:44.0252 3272  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\windows\system32\DRIVERS\ql2300.sys
11:31:44.0377 3272  ql2300 - ok
11:31:44.0408 3272  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\windows\system32\DRIVERS\ql40xx.sys
11:31:44.0455 3272  ql40xx - ok
11:31:44.0501 3272  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\windows\system32\qwave.dll
11:31:44.0579 3272  QWAVE - ok
11:31:44.0626 3272  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
11:31:44.0673 3272  QWAVEdrv - ok
11:31:44.0735 3272  [ 8F97D374AD1857E1EED85A79F29A1D3D ] RapiMgr         C:\windows\WindowsMobile\rapimgr.dll
11:31:44.0782 3272  RapiMgr - ok
11:31:44.0798 3272  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
11:31:44.0891 3272  RasAcd - ok
11:31:44.0923 3272  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
11:31:45.0001 3272  RasAgileVpn - ok
11:31:45.0032 3272  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\windows\System32\rasauto.dll
11:31:45.0141 3272  RasAuto - ok
11:31:45.0157 3272  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
11:31:45.0266 3272  Rasl2tp - ok
11:31:45.0344 3272  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\windows\System32\rasmans.dll
11:31:45.0453 3272  RasMan - ok
11:31:45.0484 3272  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
11:31:45.0593 3272  RasPppoe - ok
11:31:45.0640 3272  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
11:31:45.0749 3272  RasSstp - ok
11:31:45.0796 3272  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
11:31:45.0890 3272  rdbss - ok
11:31:45.0921 3272  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\windows\system32\DRIVERS\rdpbus.sys
11:31:45.0983 3272  rdpbus - ok
11:31:46.0030 3272  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
11:31:46.0108 3272  RDPCDD - ok
11:31:46.0155 3272  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
11:31:46.0233 3272  RDPENCDD - ok
11:31:46.0264 3272  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
11:31:46.0358 3272  RDPREFMP - ok
11:31:46.0405 3272  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
11:31:46.0498 3272  RDPWD - ok
11:31:46.0561 3272  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
11:31:46.0607 3272  rdyboost - ok
11:31:46.0639 3272  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\windows\System32\mprdim.dll
11:31:46.0732 3272  RemoteAccess - ok
11:31:46.0779 3272  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\windows\system32\regsvc.dll
11:31:46.0873 3272  RemoteRegistry - ok
11:31:46.0904 3272  [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM          C:\windows\system32\DRIVERS\rfcomm.sys
11:31:46.0951 3272  RFCOMM - ok
11:31:46.0982 3272  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
11:31:47.0091 3272  RpcEptMapper - ok
11:31:47.0122 3272  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\windows\system32\locator.exe
11:31:47.0185 3272  RpcLocator - ok
11:31:47.0231 3272  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\windows\system32\rpcss.dll
11:31:47.0325 3272  RpcSs - ok
11:31:47.0372 3272  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
11:31:47.0465 3272  rspndr - ok
11:31:47.0497 3272  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\windows\system32\lsass.exe
11:31:47.0543 3272  SamSs - ok
11:31:47.0575 3272  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
11:31:47.0621 3272  sbp2port - ok
11:31:47.0668 3272  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\windows\System32\SCardSvr.dll
11:31:47.0777 3272  SCardSvr - ok
11:31:47.0809 3272  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
11:31:47.0902 3272  scfilter - ok
11:31:47.0965 3272  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\windows\system32\schedsvc.dll
11:31:48.0105 3272  Schedule - ok
11:31:48.0136 3272  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\windows\System32\certprop.dll
11:31:48.0214 3272  SCPolicySvc - ok
11:31:48.0308 3272  [ B60E9769655DDEE8368E3ABB6668E076 ] ScrybeUpdater   C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe
11:31:48.0433 3272  ScrybeUpdater - ok
11:31:48.0479 3272  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\windows\System32\SDRSVC.dll
11:31:48.0573 3272  SDRSVC - ok
11:31:48.0620 3272  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\windows\system32\drivers\secdrv.sys
11:31:48.0729 3272  secdrv - ok
11:31:48.0760 3272  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\windows\system32\seclogon.dll
11:31:48.0869 3272  seclogon - ok
11:31:48.0901 3272  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\windows\system32\sens.dll
11:31:48.0994 3272  SENS - ok
11:31:49.0057 3272  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\windows\system32\DRIVERS\serenum.sys
11:31:49.0088 3272  Serenum - ok
11:31:49.0135 3272  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\windows\system32\DRIVERS\serial.sys
11:31:49.0181 3272  Serial - ok
11:31:49.0228 3272  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\windows\system32\DRIVERS\sermouse.sys
11:31:49.0275 3272  sermouse - ok
11:31:49.0353 3272  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\windows\system32\sessenv.dll
11:31:49.0478 3272  SessionEnv - ok
11:31:49.0509 3272  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
11:31:49.0587 3272  sffdisk - ok
11:31:49.0603 3272  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
11:31:49.0649 3272  sffp_mmc - ok
11:31:49.0665 3272  [ A0708BBD07D245C06FF9DE549CA47185 ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
11:31:49.0727 3272  sffp_sd - ok
11:31:49.0743 3272  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\windows\system32\DRIVERS\sfloppy.sys
11:31:49.0805 3272  sfloppy - ok
11:31:49.0852 3272  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\windows\System32\ipnathlp.dll
11:31:49.0977 3272  SharedAccess - ok
11:31:50.0039 3272  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\windows\System32\shsvcs.dll
11:31:50.0133 3272  ShellHWDetection - ok
11:31:50.0195 3272  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\windows\system32\drivers\sisagp.sys
11:31:50.0242 3272  sisagp - ok
11:31:50.0289 3272  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\windows\system32\DRIVERS\SiSRaid2.sys
11:31:50.0320 3272  SiSRaid2 - ok
11:31:50.0351 3272  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\windows\system32\DRIVERS\sisraid4.sys
11:31:50.0398 3272  SiSRaid4 - ok
11:31:50.0445 3272  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\windows\system32\DRIVERS\smb.sys
11:31:50.0554 3272  Smb - ok
11:31:50.0601 3272  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\windows\System32\snmptrap.exe
11:31:50.0663 3272  SNMPTRAP - ok
11:31:50.0695 3272  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\windows\system32\drivers\spldr.sys
11:31:50.0741 3272  spldr - ok
11:31:50.0804 3272  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\windows\System32\spoolsv.exe
11:31:50.0897 3272  Spooler - ok
11:31:51.0022 3272  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\windows\system32\sppsvc.exe
11:31:51.0256 3272  sppsvc - ok
11:31:51.0303 3272  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\windows\system32\sppuinotify.dll
11:31:51.0397 3272  sppuinotify - ok
11:31:51.0428 3272  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\windows\system32\DRIVERS\srv.sys
11:31:51.0506 3272  srv - ok
11:31:51.0537 3272  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\windows\system32\DRIVERS\srv2.sys
11:31:51.0615 3272  srv2 - ok
11:31:51.0646 3272  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
11:31:51.0709 3272  srvnet - ok
11:31:51.0740 3272  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
11:31:51.0849 3272  SSDPSRV - ok
11:31:51.0896 3272  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\windows\system32\DRIVERS\ssmdrv.sys
11:31:51.0927 3272  ssmdrv - ok
11:31:51.0958 3272  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\windows\system32\sstpsvc.dll
11:31:52.0052 3272  SstpSvc - ok
11:31:52.0083 3272  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\windows\system32\DRIVERS\stexstor.sys
11:31:52.0130 3272  stexstor - ok
11:31:52.0177 3272  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\windows\System32\wiaservc.dll
11:31:52.0286 3272  StiSvc - ok
11:31:52.0333 3272  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\windows\system32\drivers\swenum.sys
11:31:52.0379 3272  swenum - ok
11:31:52.0426 3272  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\windows\System32\swprv.dll
11:31:52.0551 3272  swprv - ok
11:31:52.0645 3272  [ 2185CC5BE9922562108CF87F42E4BBAF ] SynTP           C:\windows\system32\DRIVERS\SynTP.sys
11:31:52.0957 3272  SynTP - ok
11:31:53.0035 3272  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\windows\system32\sysmain.dll
11:31:53.0159 3272  SysMain - ok
11:31:53.0206 3272  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\windows\System32\TabSvc.dll
11:31:53.0269 3272  TabletInputService - ok
11:31:53.0315 3272  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\windows\System32\tapisrv.dll
11:31:53.0440 3272  TapiSrv - ok
11:31:53.0487 3272  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\windows\System32\tbssvc.dll
11:31:53.0581 3272  TBS - ok
11:31:53.0659 3272  [ E23A56F843E2AEBBB209D0ACCA73C640 ] Tcpip           C:\windows\system32\drivers\tcpip.sys
11:31:53.0783 3272  Tcpip - ok
11:31:53.0846 3272  [ E23A56F843E2AEBBB209D0ACCA73C640 ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
11:31:53.0955 3272  TCPIP6 - ok
11:31:54.0002 3272  [ 74905EBCBB8CBDB1F3C0B1778BBCB4BC ] tcpipBM         C:\windows\system32\drivers\tcpipBM.sys
11:31:54.0251 3272  tcpipBM ( UnsignedFile.Multi.Generic ) - warning
11:31:54.0251 3272  tcpipBM - detected UnsignedFile.Multi.Generic (1)
11:31:54.0298 3272  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
11:31:54.0345 3272  tcpipreg - ok
11:31:54.0407 3272  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
11:31:54.0470 3272  TDPIPE - ok
11:31:54.0501 3272  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
11:31:54.0563 3272  TDTCP - ok
11:31:54.0595 3272  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
11:31:54.0688 3272  tdx - ok
11:31:54.0719 3272  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\windows\system32\drivers\termdd.sys
11:31:54.0766 3272  TermDD - ok
11:31:54.0829 3272  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\windows\System32\termsrv.dll
11:31:54.0953 3272  TermService - ok
11:31:55.0000 3272  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\windows\system32\themeservice.dll
11:31:55.0078 3272  Themes - ok
11:31:55.0094 3272  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\windows\system32\mmcss.dll
11:31:55.0187 3272  THREADORDER - ok
11:31:55.0219 3272  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\windows\System32\trkwks.dll
11:31:55.0328 3272  TrkWks - ok
11:31:55.0406 3272  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
11:31:55.0515 3272  TrustedInstaller - ok
11:31:55.0546 3272  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
11:31:55.0624 3272  tssecsrv - ok
11:31:55.0671 3272  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
11:31:55.0733 3272  TsUsbFlt - ok
11:31:55.0796 3272  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
11:31:55.0905 3272  tunnel - ok
11:31:55.0936 3272  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\windows\system32\DRIVERS\uagp35.sys
11:31:55.0983 3272  uagp35 - ok
11:31:56.0030 3272  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\windows\system32\DRIVERS\udfs.sys
11:31:56.0139 3272  udfs - ok
11:31:56.0186 3272  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\windows\system32\UI0Detect.exe
11:31:56.0264 3272  UI0Detect - ok
11:31:56.0311 3272  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
11:31:56.0357 3272  uliagpkx - ok
11:31:56.0389 3272  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\windows\system32\DRIVERS\umbus.sys
11:31:56.0451 3272  umbus - ok
11:31:56.0498 3272  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\windows\system32\DRIVERS\umpass.sys
11:31:56.0560 3272  UmPass - ok
11:31:56.0591 3272  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\windows\System32\upnphost.dll
11:31:56.0732 3272  upnphost - ok
11:31:56.0763 3272  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
11:31:56.0825 3272  usbccgp - ok
11:31:56.0872 3272  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\windows\system32\drivers\usbcir.sys
11:31:56.0935 3272  usbcir - ok
11:31:56.0981 3272  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\windows\system32\drivers\usbehci.sys
11:31:57.0013 3272  usbehci - ok
11:31:57.0059 3272  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
11:31:57.0122 3272  usbhub - ok
11:31:57.0169 3272  [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci         C:\windows\system32\drivers\usbohci.sys
11:31:57.0247 3272  usbohci - ok
11:31:57.0278 3272  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys
11:31:57.0325 3272  usbprint - ok
11:31:57.0371 3272  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan         C:\windows\system32\DRIVERS\usbscan.sys
11:31:57.0418 3272  usbscan - ok
11:31:57.0465 3272  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
11:31:57.0543 3272  USBSTOR - ok
11:31:57.0590 3272  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\windows\system32\drivers\usbuhci.sys
11:31:57.0637 3272  usbuhci - ok
11:31:57.0668 3272  [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo        C:\windows\System32\Drivers\usbvideo.sys
11:31:57.0730 3272  usbvideo - ok
11:31:57.0777 3272  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\windows\System32\uxsms.dll
11:31:57.0871 3272  UxSms - ok
11:31:57.0902 3272  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\windows\system32\lsass.exe
11:31:57.0949 3272  VaultSvc - ok
11:31:57.0995 3272  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
11:31:58.0027 3272  vdrvroot - ok
11:31:58.0089 3272  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\windows\System32\vds.exe
11:31:58.0229 3272  vds - ok
11:31:58.0261 3272  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
11:31:58.0323 3272  vga - ok
11:31:58.0354 3272  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\windows\System32\drivers\vga.sys
11:31:58.0448 3272  VgaSave - ok
11:31:58.0495 3272  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\windows\system32\drivers\vhdmp.sys
11:31:58.0541 3272  vhdmp - ok
11:31:58.0573 3272  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\windows\system32\drivers\viaagp.sys
11:31:58.0619 3272  viaagp - ok
11:31:58.0651 3272  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\windows\system32\DRIVERS\viac7.sys
11:31:58.0713 3272  ViaC7 - ok
11:31:58.0744 3272  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\windows\system32\drivers\viaide.sys
11:31:58.0775 3272  viaide - ok
11:31:58.0807 3272  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\windows\system32\drivers\volmgr.sys
11:31:58.0853 3272  volmgr - ok
11:31:58.0885 3272  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
11:31:58.0931 3272  volmgrx - ok
11:31:58.0978 3272  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\windows\system32\drivers\volsnap.sys
11:31:59.0025 3272  volsnap - ok
11:31:59.0072 3272  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\windows\system32\DRIVERS\vsmraid.sys
11:31:59.0119 3272  vsmraid - ok
11:31:59.0181 3272  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\windows\system32\vssvc.exe
11:31:59.0337 3272  VSS - ok
11:31:59.0368 3272  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
11:31:59.0415 3272  vwifibus - ok
11:31:59.0446 3272  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
11:31:59.0509 3272  vwififlt - ok
11:31:59.0555 3272  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\windows\system32\w32time.dll
11:31:59.0680 3272  W32Time - ok
11:31:59.0727 3272  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\windows\system32\DRIVERS\wacompen.sys
11:31:59.0774 3272  WacomPen - ok
11:31:59.0805 3272  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
11:31:59.0899 3272  WANARP - ok
11:31:59.0914 3272  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
11:31:59.0992 3272  Wanarpv6 - ok
11:32:00.0070 3272  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\windows\system32\wbengine.exe
11:32:00.0226 3272  wbengine - ok
11:32:00.0273 3272  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
11:32:00.0351 3272  WbioSrvc - ok
11:32:00.0398 3272  [ 59E19BD13C3BDB857646B9E436BA27F7 ] WcesComm        C:\windows\WindowsMobile\wcescomm.dll
11:32:00.0460 3272  WcesComm - ok
11:32:00.0507 3272  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\windows\System32\wcncsvc.dll
11:32:00.0616 3272  wcncsvc - ok
11:32:00.0647 3272  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
11:32:00.0725 3272  WcsPlugInService - ok
11:32:00.0772 3272  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\windows\system32\DRIVERS\wd.sys
11:32:00.0819 3272  Wd - ok
11:32:00.0866 3272  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
11:32:00.0944 3272  Wdf01000 - ok
11:32:00.0991 3272  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\windows\system32\wdi.dll
11:32:01.0084 3272  WdiServiceHost - ok
11:32:01.0100 3272  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\windows\system32\wdi.dll
11:32:01.0162 3272  WdiSystemHost - ok
11:32:01.0209 3272  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\windows\System32\webclnt.dll
11:32:01.0287 3272  WebClient - ok
11:32:01.0318 3272  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\windows\system32\wecsvc.dll
11:32:01.0443 3272  Wecsvc - ok
11:32:01.0459 3272  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\windows\System32\wercplsupport.dll
11:32:01.0552 3272  wercplsupport - ok
11:32:01.0599 3272  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\windows\System32\WerSvc.dll
11:32:01.0708 3272  WerSvc - ok
11:32:01.0755 3272  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
11:32:01.0833 3272  WfpLwf - ok
11:32:01.0864 3272  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\windows\system32\drivers\wimmount.sys
11:32:01.0895 3272  WIMMount - ok
11:32:01.0973 3272  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
11:32:02.0067 3272  WinDefend - ok
11:32:02.0083 3272  WinHttpAutoProxySvc - ok
11:32:02.0145 3272  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
11:32:02.0254 3272  Winmgmt - ok
11:32:02.0332 3272  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\windows\system32\WsmSvc.dll
11:32:02.0488 3272  WinRM - ok
11:32:02.0551 3272  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WINUSB          C:\windows\system32\DRIVERS\WinUSB.SYS
11:32:02.0613 3272  WINUSB - ok
11:32:02.0675 3272  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\windows\System32\wlansvc.dll
11:32:02.0785 3272  Wlansvc - ok
11:32:02.0816 3272  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\windows\system32\drivers\wmiacpi.sys
11:32:02.0878 3272  WmiAcpi - ok
11:32:02.0941 3272  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
11:32:02.0987 3272  wmiApSrv - ok
11:32:03.0081 3272  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
11:32:03.0237 3272  WMPNetworkSvc - ok
11:32:03.0284 3272  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\windows\System32\wpcsvc.dll
11:32:03.0362 3272  WPCSvc - ok
11:32:03.0409 3272  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
11:32:03.0487 3272  WPDBusEnum - ok
11:32:03.0533 3272  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
11:32:03.0611 3272  ws2ifsl - ok
11:32:03.0643 3272  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\windows\System32\wscsvc.dll
11:32:03.0705 3272  wscsvc - ok
11:32:03.0721 3272  WSearch - ok
11:32:03.0845 3272  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\windows\system32\wuaueng.dll
11:32:04.0001 3272  wuauserv - ok
11:32:04.0048 3272  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
11:32:04.0111 3272  WudfPf - ok
11:32:04.0157 3272  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
11:32:04.0220 3272  WUDFRd - ok
11:32:04.0251 3272  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
11:32:04.0313 3272  wudfsvc - ok
11:32:04.0360 3272  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\windows\System32\wwansvc.dll
11:32:04.0438 3272  WwanSvc - ok
11:32:04.0501 3272  ================ Scan global ===============================
11:32:04.0547 3272  [ DAB748AE0439955ED2FA22357533DDDB ] C:\windows\system32\basesrv.dll
11:32:04.0594 3272  [ D70FE45855CAD4C0C6B1C1426ABDEBA9 ] C:\windows\system32\winsrv.dll
11:32:04.0625 3272  [ D70FE45855CAD4C0C6B1C1426ABDEBA9 ] C:\windows\system32\winsrv.dll
11:32:04.0672 3272  [ 364455805E64882844EE9ACB72522830 ] C:\windows\system32\sxssrv.dll
11:32:04.0703 3272  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\windows\system32\services.exe
11:32:04.0719 3272  [Global] - ok
11:32:04.0719 3272  ================ Scan MBR ==================================
11:32:04.0735 3272  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
11:32:05.0140 3272  \Device\Harddisk0\DR0 - ok
11:32:05.0140 3272  ================ Scan VBR ==================================
11:32:05.0156 3272  [ 88C27101F087FAC1B0898091DEC94390 ] \Device\Harddisk0\DR0\Partition1
11:32:05.0156 3272  \Device\Harddisk0\DR0\Partition1 - ok
11:32:05.0187 3272  [ E561D3855E7409F40C075F86402524CE ] \Device\Harddisk0\DR0\Partition2
11:32:05.0203 3272  \Device\Harddisk0\DR0\Partition2 - ok
11:32:05.0203 3272  ============================================================
11:32:05.0203 3272  Scan finished
11:32:05.0203 3272  ============================================================
11:32:05.0234 1484  Detected object count: 6
11:32:05.0234 1484  Actual detected object count: 6
11:33:20.0036 1484  AsusService ( UnsignedFile.Multi.Generic ) - skipped by user
11:33:20.0036 1484  AsusService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:33:20.0051 1484  BMLoad ( UnsignedFile.Multi.Generic ) - skipped by user
11:33:20.0051 1484  BMLoad ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:33:20.0051 1484  CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
11:33:20.0051 1484  CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:33:20.0051 1484  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
11:33:20.0051 1484  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:33:20.0051 1484  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
11:33:20.0051 1484  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:33:20.0067 1484  tcpipBM ( UnsignedFile.Multi.Generic ) - skipped by user
11:33:20.0067 1484  tcpipBM ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 22.01.2013, 10:49   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.ZPACK.GEN8 in C:\Windows\System32\wmidxu.dll durch Avira gefunden und isoliert - Standard

TR/Crypt.ZPACK.GEN8 in C:\Windows\System32\wmidxu.dll durch Avira gefunden und isoliert



adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 22.01.2013, 10:51   #13
Dakur
 
TR/Crypt.ZPACK.GEN8 in C:\Windows\System32\wmidxu.dll durch Avira gefunden und isoliert - Standard

TR/Crypt.ZPACK.GEN8 in C:\Windows\System32\wmidxu.dll durch Avira gefunden und isoliert



Nun diese Ergebnisse

adwcleaner
Code:
ATTFilter
# AdwCleaner v2.107 - Datei am 22/01/2013 um 11:54:40 erstellt
# Aktualisiert am 21/01/2013 von Xplode
# Betriebssystem : Windows 7 Starter Service Pack 1 (32 bits)
# Benutzer : Danny - DANNY-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Danny\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\xnh2q9it.default\searchplugins\Conduit.xml
Ordner Gefunden : C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\xnh2q9it.default\Conduit

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2319825
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Schlüssel Gefunden : HKU\S-1-5-21-844154740-1618517215-3757599251-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825

-\\ Mozilla Firefox v18.0.1 (de)

Datei : C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\xnh2q9it.default\prefs.js

Gefunden : user_pref("CT2319825.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gefunden : user_pref("CT2319825.CTID", "CT2319825");
Gefunden : user_pref("CT2319825.CurrentServerDate", "18-8-2010");
Gefunden : user_pref("CT2319825.DialogsAlignMode", "LTR");
Gefunden : user_pref("CT2319825.EMailNotifierPollDate", "Wed Aug 18 2010 17:22:58 GMT+0200");
Gefunden : user_pref("CT2319825.FeedLastCount129056115025381886", 10);
Gefunden : user_pref("CT2319825.FeedPollDate11908299", "Wed Aug 18 2010 17:11:21 GMT+0200");
Gefunden : user_pref("CT2319825.FeedPollDate129056115025381886", "Wed Aug 18 2010 17:11:18 GMT+0200");
Gefunden : user_pref("CT2319825.FirstServerDate", "18-8-2010");
Gefunden : user_pref("CT2319825.FirstTime", true);
Gefunden : user_pref("CT2319825.FirstTimeFF3", true);
Gefunden : user_pref("CT2319825.FixPageNotFoundErrors", true);
Gefunden : user_pref("CT2319825.GroupingServerCheckInterval", 1440);
Gefunden : user_pref("CT2319825.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gefunden : user_pref("CT2319825.Initialize", true);
Gefunden : user_pref("CT2319825.InitializeCommonPrefs", true);
Gefunden : user_pref("CT2319825.InstalledDate", "Wed Aug 18 2010 17:11:16 GMT+0200");
Gefunden : user_pref("CT2319825.InvalidateCache", false);
Gefunden : user_pref("CT2319825.IsGrouping", false);
Gefunden : user_pref("CT2319825.IsMulticommunity", false);
Gefunden : user_pref("CT2319825.IsOpenThankYouPage", false);
Gefunden : user_pref("CT2319825.IsOpenUninstallPage", true);
Gefunden : user_pref("CT2319825.LanguagePackLastCheckTime", "Wed Aug 18 2010 17:11:19 GMT+0200");
Gefunden : user_pref("CT2319825.LanguagePackReloadIntervalMM", 1440);
Gefunden : user_pref("CT2319825.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gefunden : user_pref("CT2319825.LastLogin_2.5.8.6", "Wed Aug 18 2010 17:11:17 GMT+0200");
Gefunden : user_pref("CT2319825.LatestVersion", "2.7.2.0");
Gefunden : user_pref("CT2319825.Locale", "de");
Gefunden : user_pref("CT2319825.LoginCache", 4);
Gefunden : user_pref("CT2319825.MCDetectTooltipHeight", "83");
Gefunden : user_pref("CT2319825.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gefunden : user_pref("CT2319825.MCDetectTooltipWidth", "295");
Gefunden : user_pref("CT2319825.RadioIsPodcast", false);
Gefunden : user_pref("CT2319825.RadioLastCheckTime", "Wed Aug 18 2010 17:11:20 GMT+0200");
Gefunden : user_pref("CT2319825.RadioLastUpdateIPServer", "3");
Gefunden : user_pref("CT2319825.RadioLastUpdateServer", "129224641269630000");
Gefunden : user_pref("CT2319825.RadioMediaID", "11949532");
Gefunden : user_pref("CT2319825.RadioMediaType", "Media Player");
Gefunden : user_pref("CT2319825.RadioMenuSelectedID", "EBRadioMenu_CT231982511949532");
Gefunden : user_pref("CT2319825.RadioStationName", "1Live");
Gefunden : user_pref("CT2319825.RadioStationURL", "hxxp://gffstream.ic.llnwd.net/stream/gffstream_stream_wdr_ei[...]
Gefunden : user_pref("CT2319825.SHRINK_TOOLBAR", 1);
Gefunden : user_pref("CT2319825.SavedHomepage", "resource:/browserconfig.properties");
Gefunden : user_pref("CT2319825.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Gefunden : user_pref("CT2319825.SearchFromAddressBarIsInit", true);
Gefunden : user_pref("CT2319825.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT231[...]
Gefunden : user_pref("CT2319825.SearchInNewTabEnabled", true);
Gefunden : user_pref("CT2319825.SearchInNewTabIntervalMM", 1440);
Gefunden : user_pref("CT2319825.SearchInNewTabLastCheckTime", "Wed Aug 18 2010 17:11:19 GMT+0200");
Gefunden : user_pref("CT2319825.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gefunden : user_pref("CT2319825.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Gefunden : user_pref("CT2319825.SettingsCheckIntervalMin", 120);
Gefunden : user_pref("CT2319825.SettingsLastCheckTime", "Wed Aug 18 2010 17:11:15 GMT+0200");
Gefunden : user_pref("CT2319825.SettingsLastUpdate", "1282056409");
Gefunden : user_pref("CT2319825.ThirdPartyComponentsInterval", 504);
Gefunden : user_pref("CT2319825.ThirdPartyComponentsLastCheck", "Wed Aug 18 2010 17:11:15 GMT+0200");
Gefunden : user_pref("CT2319825.ThirdPartyComponentsLastUpdate", "1255348257");
Gefunden : user_pref("CT2319825.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Gefunden : user_pref("CT2319825.Uninstall", true);
Gefunden : user_pref("CT2319825.UserID", "UN13354327081739115");
Gefunden : user_pref("CT2319825.WeatherNetwork", "");
Gefunden : user_pref("CT2319825.WeatherPollDate", "Wed Aug 18 2010 17:11:22 GMT+0200");
Gefunden : user_pref("CT2319825.WeatherUnit", "C");
Gefunden : user_pref("CT2319825.alertChannelId", "715912");
Gefunden : user_pref("CT2319825.clientLogIsEnabled", true);
Gefunden : user_pref("CT2319825.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Gefunden : user_pref("CT2319825.myStuffEnabled", true);
Gefunden : user_pref("CT2319825.myStuffPublihserMinWidth", 400);
Gefunden : user_pref("CT2319825.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gefunden : user_pref("CT2319825.myStuffServiceIntervalMM", 1440);
Gefunden : user_pref("CT2319825.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gefunden : user_pref("CT2319825.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Gefunden : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Gefunden : user_pref("CommunityToolbar.ToolbarsList", "CT2319825");
Gefunden : user_pref("CommunityToolbar.ToolbarsList2", "CT2319825");
Gefunden : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Wed Aug 18 2010 17:11:21 GMT+0200");
Gefunden : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2319825");
Gefunden : user_pref("browser.search.defaultthis.engineName", "Winload Customized Web Search");
Gefunden : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&Sea[...]
Gefunden : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q=");

-\\ Opera v [Version kann nicht ermittelt werden]

Datei : C:\Users\Danny\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [8262 octets] - [22/01/2013 11:54:40]

########## EOF - C:\AdwCleaner[R1].txt - [8322 octets] ##########
         

Alt 22.01.2013, 11:25   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.ZPACK.GEN8 in C:\Windows\System32\wmidxu.dll durch Avira gefunden und isoliert - Standard

TR/Crypt.ZPACK.GEN8 in C:\Windows\System32\wmidxu.dll durch Avira gefunden und isoliert



adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 22.01.2013, 12:19   #15
Dakur
 
TR/Crypt.ZPACK.GEN8 in C:\Windows\System32\wmidxu.dll durch Avira gefunden und isoliert - Standard

TR/Crypt.ZPACK.GEN8 in C:\Windows\System32\wmidxu.dll durch Avira gefunden und isoliert



Neue Ergebnisse

adwCleaner
Code:
ATTFilter
# AdwCleaner v2.107 - Datei am 22/01/2013 um 12:29:42 erstellt
# Aktualisiert am 21/01/2013 von Xplode
# Betriebssystem : Windows 7 Starter Service Pack 1 (32 bits)
# Benutzer : Danny - DANNY-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Danny\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\xnh2q9it.default\searchplugins\Conduit.xml
Ordner Gelöscht : C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\xnh2q9it.default\Conduit

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2319825
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825 --> hxxp://www.google.com

-\\ Mozilla Firefox v18.0.1 (de)

Datei : C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\xnh2q9it.default\prefs.js

Gelöscht : user_pref("CT2319825.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gelöscht : user_pref("CT2319825.CTID", "CT2319825");
Gelöscht : user_pref("CT2319825.CurrentServerDate", "18-8-2010");
Gelöscht : user_pref("CT2319825.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT2319825.EMailNotifierPollDate", "Wed Aug 18 2010 17:22:58 GMT+0200");
Gelöscht : user_pref("CT2319825.FeedLastCount129056115025381886", 10);
Gelöscht : user_pref("CT2319825.FeedPollDate11908299", "Wed Aug 18 2010 17:11:21 GMT+0200");
Gelöscht : user_pref("CT2319825.FeedPollDate129056115025381886", "Wed Aug 18 2010 17:11:18 GMT+0200");
Gelöscht : user_pref("CT2319825.FirstServerDate", "18-8-2010");
Gelöscht : user_pref("CT2319825.FirstTime", true);
Gelöscht : user_pref("CT2319825.FirstTimeFF3", true);
Gelöscht : user_pref("CT2319825.FixPageNotFoundErrors", true);
Gelöscht : user_pref("CT2319825.GroupingServerCheckInterval", 1440);
Gelöscht : user_pref("CT2319825.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gelöscht : user_pref("CT2319825.Initialize", true);
Gelöscht : user_pref("CT2319825.InitializeCommonPrefs", true);
Gelöscht : user_pref("CT2319825.InstalledDate", "Wed Aug 18 2010 17:11:16 GMT+0200");
Gelöscht : user_pref("CT2319825.InvalidateCache", false);
Gelöscht : user_pref("CT2319825.IsGrouping", false);
Gelöscht : user_pref("CT2319825.IsMulticommunity", false);
Gelöscht : user_pref("CT2319825.IsOpenThankYouPage", false);
Gelöscht : user_pref("CT2319825.IsOpenUninstallPage", true);
Gelöscht : user_pref("CT2319825.LanguagePackLastCheckTime", "Wed Aug 18 2010 17:11:19 GMT+0200");
Gelöscht : user_pref("CT2319825.LanguagePackReloadIntervalMM", 1440);
Gelöscht : user_pref("CT2319825.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gelöscht : user_pref("CT2319825.LastLogin_2.5.8.6", "Wed Aug 18 2010 17:11:17 GMT+0200");
Gelöscht : user_pref("CT2319825.LatestVersion", "2.7.2.0");
Gelöscht : user_pref("CT2319825.Locale", "de");
Gelöscht : user_pref("CT2319825.LoginCache", 4);
Gelöscht : user_pref("CT2319825.MCDetectTooltipHeight", "83");
Gelöscht : user_pref("CT2319825.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gelöscht : user_pref("CT2319825.MCDetectTooltipWidth", "295");
Gelöscht : user_pref("CT2319825.RadioIsPodcast", false);
Gelöscht : user_pref("CT2319825.RadioLastCheckTime", "Wed Aug 18 2010 17:11:20 GMT+0200");
Gelöscht : user_pref("CT2319825.RadioLastUpdateIPServer", "3");
Gelöscht : user_pref("CT2319825.RadioLastUpdateServer", "129224641269630000");
Gelöscht : user_pref("CT2319825.RadioMediaID", "11949532");
Gelöscht : user_pref("CT2319825.RadioMediaType", "Media Player");
Gelöscht : user_pref("CT2319825.RadioMenuSelectedID", "EBRadioMenu_CT231982511949532");
Gelöscht : user_pref("CT2319825.RadioStationName", "1Live");
Gelöscht : user_pref("CT2319825.RadioStationURL", "hxxp://gffstream.ic.llnwd.net/stream/gffstream_stream_wdr_ei[...]
Gelöscht : user_pref("CT2319825.SHRINK_TOOLBAR", 1);
Gelöscht : user_pref("CT2319825.SavedHomepage", "resource:/browserconfig.properties");
Gelöscht : user_pref("CT2319825.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Gelöscht : user_pref("CT2319825.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("CT2319825.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT231[...]
Gelöscht : user_pref("CT2319825.SearchInNewTabEnabled", true);
Gelöscht : user_pref("CT2319825.SearchInNewTabIntervalMM", 1440);
Gelöscht : user_pref("CT2319825.SearchInNewTabLastCheckTime", "Wed Aug 18 2010 17:11:19 GMT+0200");
Gelöscht : user_pref("CT2319825.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gelöscht : user_pref("CT2319825.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Gelöscht : user_pref("CT2319825.SettingsCheckIntervalMin", 120);
Gelöscht : user_pref("CT2319825.SettingsLastCheckTime", "Wed Aug 18 2010 17:11:15 GMT+0200");
Gelöscht : user_pref("CT2319825.SettingsLastUpdate", "1282056409");
Gelöscht : user_pref("CT2319825.ThirdPartyComponentsInterval", 504);
Gelöscht : user_pref("CT2319825.ThirdPartyComponentsLastCheck", "Wed Aug 18 2010 17:11:15 GMT+0200");
Gelöscht : user_pref("CT2319825.ThirdPartyComponentsLastUpdate", "1255348257");
Gelöscht : user_pref("CT2319825.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Gelöscht : user_pref("CT2319825.Uninstall", true);
Gelöscht : user_pref("CT2319825.UserID", "UN13354327081739115");
Gelöscht : user_pref("CT2319825.WeatherNetwork", "");
Gelöscht : user_pref("CT2319825.WeatherPollDate", "Wed Aug 18 2010 17:11:22 GMT+0200");
Gelöscht : user_pref("CT2319825.WeatherUnit", "C");
Gelöscht : user_pref("CT2319825.alertChannelId", "715912");
Gelöscht : user_pref("CT2319825.clientLogIsEnabled", true);
Gelöscht : user_pref("CT2319825.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Gelöscht : user_pref("CT2319825.myStuffEnabled", true);
Gelöscht : user_pref("CT2319825.myStuffPublihserMinWidth", 400);
Gelöscht : user_pref("CT2319825.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gelöscht : user_pref("CT2319825.myStuffServiceIntervalMM", 1440);
Gelöscht : user_pref("CT2319825.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gelöscht : user_pref("CT2319825.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2319825");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2319825");
Gelöscht : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Wed Aug 18 2010 17:11:21 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2319825");
Gelöscht : user_pref("browser.search.defaultthis.engineName", "Winload Customized Web Search");
Gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&Sea[...]
Gelöscht : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q=");

-\\ Opera v [Version kann nicht ermittelt werden]

Datei : C:\Users\Danny\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [8391 octets] - [22/01/2013 11:54:40]
AdwCleaner[S1].txt - [8199 octets] - [22/01/2013 12:29:42]

########## EOF - C:\AdwCleaner[S1].txt - [8259 octets] ##########
         
OTL.txt
Code:
ATTFilter
OTL logfile created on: 1/22/2013 12:36:50 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Danny\Desktop
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1014.12 Mb Total Physical Memory | 207.13 Mb Available Physical Memory | 20.42% Memory free
1.99 Gb Paging File | 1.11 Gb Available in Paging File | 55.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.00 Gb Total Space | 60.91 Gb Free Space | 60.91% Space Free | Partition Type: NTFS
Drive D: | 117.87 Gb Total Space | 52.17 Gb Free Space | 44.27% Space Free | Partition Type: NTFS
 
Computer Name: DANNY-PC | User Name: Danny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Danny\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe (Synaptics, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\AsScrPro.exe (ASUS)
PRC - C:\Program Files\EeePC\HotkeyService\HotkeyService.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
PRC - C:\Program Files\EeePC\SHE\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\EeePC\CapsHook\CapsHook.exe (ASUS)
PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
PRC - C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe (ASUSTeK Computer Inc.)
PRC - C:\Windows\System32\AsusService.exe ()
PRC - C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
PRC - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe (ASUS)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\b95e7795ea5951d09521cddfc03b5c4e\Microsoft.VisualBasic.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\aa0c82eddc6cc12961a92835f777dcc0\System.Web.Services.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\01c6cb58745f397c9b7ccf3ab7bfc9cd\System.EnterpriseServices.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\536d704e93ffec9b54e4a0312fb5b996\System.Transactions.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d908c91e24616e6b8d38c9da61038b25\Accessibility.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Program Files\Mozilla Thunderbird\mozjs.dll ()
MOD - C:\Program Files\Mozilla Thunderbird\NSLDAP32V60.dll ()
MOD - C:\Program Files\Mozilla Thunderbird\NSLDAPPR32V60.dll ()
MOD - C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll ()
MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\windows\assembly\GAC_MSIL\SqliteShared\1.0.3726.20828__0d0f4b69e50e559b\SqliteShared.dll ()
MOD - C:\windows\assembly\GAC_32\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll ()
MOD - C:\Program Files\ASUS\ASUS WebStorage\EcaremeDLL.dll ()
MOD - C:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (ScrybeUpdater) -- C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe (Synaptics, Inc.)
SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (AsusService) -- C:\Windows\System32\AsusService.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (ASLDRService) -- C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe (ASUS)
SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (catchme) -- C:\Users\Danny\AppData\Local\Temp\catchme.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (HSPADataCardusbser) -- C:\Windows\System32\drivers\HSPADataCardusbser.sys (HSPADataCard Incorporated)
DRV - (HSPADataCardusbnmea) -- C:\Windows\System32\drivers\HSPADataCardusbnmea.sys (HSPADataCard Incorporated)
DRV - (HSPADataCardusbmdm) -- C:\Windows\System32\drivers\HSPADataCardusbmdm.sys (HSPADataCard Incorporated)
DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (ZTE Incorporated)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WINUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.)
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (AsUpIO) -- C:\Windows\System32\drivers\AsUpIO.sys ()
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (tcpipBM) -- C:\Windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.)
DRV - (BMLoad) -- C:\Windows\System32\drivers\BMLoad.sys (Bytemobile, Inc.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (hcw95rc) -- C:\Windows\System32\drivers\hcw95rc.sys (Hauppauge Computer Works, Inc.)
DRV - (hcw95bda) -- C:\Windows\System32\drivers\hcw95bda.sys (Hauppauge Computer Works, Inc.)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-844154740-1618517215-3757599251-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com [binary data]
IE - HKU\S-1-5-21-844154740-1618517215-3757599251-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-844154740-1618517215-3757599251-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-844154740-1618517215-3757599251-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKU\S-1-5-21-844154740-1618517215-3757599251-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-844154740-1618517215-3757599251-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official"
FF - prefs.js..extensions.enabledAddons: personas%40christopher.beard:1.6.2
FF - prefs.js..extensions.enabledAddons: ff-bmboc%40bytemobile.com:4.2.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKCU\Software\MozillaPlugins\intel.com/AppUp: C:\Program Files\Intel\IntelAppStore\bin\npAppUp.dll (Intel)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2011/06/09 17:50:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\congstar\Internet-Manager\Bin\addon [2010/04/01 13:29:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/18 21:42:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/18 21:41:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\finder@meingutscheincode.de: C:\Program Files\Mein Gutscheincode Finder\Firefox
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/18 21:42:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/18 21:41:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2010/08/17 00:09:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Danny\AppData\Roaming\mozilla\Extensions
[2010/08/17 00:09:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Danny\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/11/25 20:00:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Danny\AppData\Roaming\mozilla\Firefox\Profiles\xnh2q9it.default\extensions
[2012/07/19 16:41:16 | 000,000,000 | ---D | M] ("DHL Toolbar") -- C:\Users\Danny\AppData\Roaming\mozilla\Firefox\Profiles\xnh2q9it.default\extensions\{edc0b8a5-c050-4bb2-b785-a623b4515abf}
[2011/03/12 22:38:07 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Danny\AppData\Roaming\mozilla\Firefox\Profiles\xnh2q9it.default\extensions\personas@christopher.beard
[2012/11/25 20:00:10 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Danny\AppData\Roaming\mozilla\firefox\profiles\xnh2q9it.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/01/20 11:23:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2010/04/01 13:29:34 | 000,000,000 | ---D | M] (Bytemobile Optimization Client) -- C:\PROGRAM FILES\CONGSTAR\INTERNET-MANAGER\BIN\ADDON
[2013/01/18 21:42:01 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/11/12 11:41:04 | 000,171,136 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2012/10/24 23:03:12 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/10/24 23:03:11 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/24 23:03:12 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/10/24 23:03:12 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/10/24 23:03:12 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/10/24 23:03:11 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013/01/21 13:34:15 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-844154740-1618517215-3757599251-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS)
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CapsHook] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [OOBESetup] C:\Program Files\asus\OOBERegBackup\OOBERegBackup.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKU\S-1-5-21-844154740-1618517215-3757599251-1000..\Run: [ShowBatteryBar] C:\Program Files\BatteryBar\ShowBatteryBar.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-844154740-1618517215-3757599251-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-844154740-1618517215-3757599251-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-844154740-1618517215-3757599251-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 10.11.2)
O16 - DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 1.7.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 1.7.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{983A5790-0C7D-48E8-BE1E-1DD96D3025A2}: DhcpNameServer = 192.168.178.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/01/22 11:06:42 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Danny\Desktop\tdsskiller.exe
[2013/01/22 11:04:28 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Danny\Desktop\aswMBR.exe
[2013/01/21 14:17:09 | 000,000,000 | ---D | C] -- C:\Users\Danny\Desktop\mbar-1.01.0.1016
[2013/01/21 13:38:38 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/01/21 13:38:27 | 000,000,000 | ---D | C] -- C:\Users\Danny\AppData\Local\temp
[2013/01/21 13:17:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2013/01/21 13:17:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2013/01/21 13:17:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2013/01/21 13:08:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/01/21 13:07:56 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2013/01/21 13:06:37 | 005,024,380 | R--- | C] (Swearware) -- C:\Users\Danny\Desktop\ComboFix.exe
[2013/01/20 11:34:48 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013/01/18 21:41:50 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/01/15 23:37:11 | 000,000,000 | ---D | C] -- C:\Users\Danny\AppData\Local\Tracker Software
[2013/01/15 23:31:25 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\windows\System32\javaw.exe
[2013/01/15 23:31:25 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\windows\System32\java.exe
[2013/01/15 23:31:25 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\windows\System32\WindowsAccessBridge.dll
[2013/01/15 23:30:43 | 000,261,024 | ---- | C] (Oracle Corporation) -- C:\windows\System32\javaws.exe
[2013/01/15 02:55:14 | 000,000,000 | ---D | C] -- C:\Users\Danny\AppData\Roaming\Malwarebytes
[2013/01/15 02:54:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/15 02:54:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/01/15 02:54:53 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2013/01/15 02:54:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/01/15 02:54:20 | 000,000,000 | ---D | C] -- C:\Users\Danny\AppData\Local\Programs
[2013/01/15 01:29:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Danny\Desktop\OTL.exe
[2013/01/14 20:09:34 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/01/10 08:49:55 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2013/01/10 08:49:14 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\conhost.exe
[2013/01/10 08:49:14 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\winsrv.dll
[2013/01/10 08:49:14 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-file-l1-1-0.dll
[2013/01/10 08:49:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/10 08:49:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/10 08:49:13 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-security-base-l1-1-0.dll
[2013/01/10 08:49:13 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/10 08:49:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/10 08:49:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2013/01/10 08:49:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2013/01/10 08:49:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/10 08:49:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/10 08:49:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/10 08:49:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/10 08:49:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2013/01/10 08:49:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/10 08:49:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/10 08:49:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2013/01/10 08:49:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-util-l1-1-0.dll
[2013/01/10 08:49:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-string-l1-1-0.dll
[2013/01/10 08:49:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2013/01/10 08:49:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-io-l1-1-0.dll
[2013/01/10 08:49:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2013/01/10 08:49:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/10 08:49:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2013/01/10 08:49:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/10 08:49:12 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/10 08:49:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2013/01/10 08:49:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/10 08:49:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-console-l1-1-0.dll
[2013/01/10 08:48:03 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\gameux.dll
[2013/01/10 08:48:03 | 000,046,592 | ---- | C] (Microsoft) -- C:\windows\System32\fpb.rs
[2013/01/10 08:48:03 | 000,045,568 | ---- | C] (Microsoft) -- C:\windows\System32\oflc-nz.rs
[2013/01/10 08:48:03 | 000,044,544 | ---- | C] (Microsoft) -- C:\windows\System32\pegibbfc.rs
[2013/01/10 08:48:03 | 000,043,520 | ---- | C] (Microsoft) -- C:\windows\System32\csrr.rs
[2013/01/10 08:48:03 | 000,040,960 | ---- | C] (Microsoft) -- C:\windows\System32\cob-au.rs
[2013/01/10 08:48:03 | 000,030,720 | ---- | C] (Microsoft) -- C:\windows\System32\usk.rs
[2013/01/10 08:48:03 | 000,021,504 | ---- | C] (Microsoft) -- C:\windows\System32\grb.rs
[2013/01/10 08:48:03 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\System32\pegi-pt.rs
[2013/01/10 08:48:03 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\System32\pegi.rs
[2013/01/10 08:48:03 | 000,015,360 | ---- | C] (Microsoft) -- C:\windows\System32\djctq.rs
[2013/01/10 08:48:02 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Wpc.dll
[2013/01/10 08:48:00 | 000,055,296 | ---- | C] (Microsoft) -- C:\windows\System32\cero.rs
[2013/01/10 08:48:00 | 000,051,712 | ---- | C] (Microsoft) -- C:\windows\System32\esrb.rs
[2013/01/10 08:48:00 | 000,023,552 | ---- | C] (Microsoft) -- C:\windows\System32\oflc.rs
[2013/01/10 08:48:00 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\System32\pegi-fi.rs
[2013/01/10 08:47:33 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ncrypt.dll
[2013/01/10 08:47:31 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\taskhost.exe
[2013/01/08 20:50:22 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
 
========== Files - Modified Within 30 Days ==========
 
[2013/01/22 12:39:51 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/22 12:39:51 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/22 12:31:58 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/01/22 12:31:46 | 797,532,160 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/22 12:10:02 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/01/22 11:54:06 | 000,574,315 | ---- | M] () -- C:\Users\Danny\Desktop\adwcleaner.exe
[2013/01/22 11:27:43 | 000,000,512 | ---- | M] () -- C:\Users\Danny\Desktop\MBR.dat
[2013/01/22 11:06:43 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Danny\Desktop\tdsskiller.exe
[2013/01/22 11:05:22 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Danny\Desktop\aswMBR.exe
[2013/01/21 14:14:42 | 013,462,931 | ---- | M] () -- C:\Users\Danny\Desktop\mbar-1.01.0.1016.zip
[2013/01/21 13:34:15 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2013/01/21 13:06:41 | 005,024,380 | R--- | M] (Swearware) -- C:\Users\Danny\Desktop\ComboFix.exe
[2013/01/20 12:01:00 | 000,000,000 | ---- | M] () -- C:\UnInstall.dat
[2013/01/20 11:37:51 | 000,000,020 | ---- | M] () -- C:\windows\øt
[2013/01/20 11:35:01 | 000,659,056 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2013/01/20 11:35:01 | 000,620,202 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2013/01/20 11:35:01 | 000,132,594 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2013/01/20 11:35:01 | 000,108,384 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2013/01/15 01:33:24 | 000,000,000 | ---- | M] () -- C:\Users\Danny\defogger_reenable
[2013/01/15 01:30:36 | 000,365,568 | ---- | M] () -- C:\Users\Danny\Desktop\gmer-2.0.18444.exe
[2013/01/15 01:29:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Danny\Desktop\OTL.exe
[2013/01/15 01:28:36 | 000,050,477 | ---- | M] () -- C:\Users\Danny\Desktop\Defogger.exe
[2013/01/12 03:30:20 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\windows\System32\WindowsAccessBridge.dll
[2013/01/12 03:26:19 | 000,261,024 | ---- | M] (Oracle Corporation) -- C:\windows\System32\javaws.exe
[2013/01/12 03:26:16 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\windows\System32\javaw.exe
[2013/01/12 03:24:49 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\windows\System32\java.exe
[2013/01/10 10:15:43 | 000,288,296 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2013/01/09 22:23:30 | 000,118,879 | ---- | M] () -- C:\Users\Danny\Desktop\Nr 22 - 22102010 Bachelorprüfungsordnung Phil Fak 4 Satzung zur Änderung.pdf
[2013/01/09 22:22:31 | 001,647,871 | ---- | M] () -- C:\Users\Danny\Desktop\Nr 46 - 30092009 Bachelorstudiengänge 3 Satzung zur Änderung der Neufassung der.pdf
[2013/01/09 22:21:54 | 000,053,596 | ---- | M] () -- C:\Users\Danny\Desktop\Nr 25 - 15052009 Bachelorprüfungsordnung Phil Fak 2 Satzung zur Änderung der N.pdf
[2013/01/09 22:16:10 | 002,050,882 | ---- | M] () -- C:\Users\Danny\Desktop\Nr 35 - 08102007 Bachelorprüfungsordnung Phil Fak Neufassung.pdf
[2013/01/09 22:10:33 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2013/01/09 22:10:33 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2013/01/04 10:40:51 | 000,040,752 | ---- | M] () -- C:\Users\Danny\Desktop\Nr 06 - 14032006 Satzung der Ethikkommission Med Fak.pdf
[2013/01/04 10:40:26 | 000,720,571 | ---- | M] () -- C:\Users\Danny\Desktop\Nr 25 - 05102006 Bachelorstudiengänge der Phil Fak Prüfungsordnung.pdf
[2012/12/30 19:38:48 | 000,001,187 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2012/12/30 15:51:14 | 000,069,206 | ---- | M] () -- C:\Users\Danny\Desktop\Merkblatt_Einzureichende_Belege_ab_VZ2011_Ansichts-PDF.pdf
 
========== Files Created - No Company Name ==========
 
[2013/01/22 11:54:03 | 000,574,315 | ---- | C] () -- C:\Users\Danny\Desktop\adwcleaner.exe
[2013/01/22 11:27:43 | 000,000,512 | ---- | C] () -- C:\Users\Danny\Desktop\MBR.dat
[2013/01/21 14:14:39 | 013,462,931 | ---- | C] () -- C:\Users\Danny\Desktop\mbar-1.01.0.1016.zip
[2013/01/21 13:17:39 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2013/01/21 13:17:39 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2013/01/21 13:17:39 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2013/01/21 13:17:39 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2013/01/21 13:17:39 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2013/01/20 11:37:51 | 000,000,020 | ---- | C] () -- C:\windows\øt
[2013/01/20 11:15:20 | 000,000,000 | ---- | C] () -- C:\UnInstall.dat
[2013/01/15 01:33:24 | 000,000,000 | ---- | C] () -- C:\Users\Danny\defogger_reenable
[2013/01/15 01:30:36 | 000,365,568 | ---- | C] () -- C:\Users\Danny\Desktop\gmer-2.0.18444.exe
[2013/01/15 01:28:34 | 000,050,477 | ---- | C] () -- C:\Users\Danny\Desktop\Defogger.exe
[2013/01/09 22:23:30 | 000,118,879 | ---- | C] () -- C:\Users\Danny\Desktop\Nr 22 - 22102010 Bachelorprüfungsordnung Phil Fak 4 Satzung zur Änderung.pdf
[2013/01/09 22:22:29 | 001,647,871 | ---- | C] () -- C:\Users\Danny\Desktop\Nr 46 - 30092009 Bachelorstudiengänge 3 Satzung zur Änderung der Neufassung der.pdf
[2013/01/09 22:21:54 | 000,053,596 | ---- | C] () -- C:\Users\Danny\Desktop\Nr 25 - 15052009 Bachelorprüfungsordnung Phil Fak 2 Satzung zur Änderung der N.pdf
[2013/01/09 22:16:07 | 002,050,882 | ---- | C] () -- C:\Users\Danny\Desktop\Nr 35 - 08102007 Bachelorprüfungsordnung Phil Fak Neufassung.pdf
[2013/01/04 10:40:50 | 000,040,752 | ---- | C] () -- C:\Users\Danny\Desktop\Nr 06 - 14032006 Satzung der Ethikkommission Med Fak.pdf
[2013/01/04 10:40:26 | 000,720,571 | ---- | C] () -- C:\Users\Danny\Desktop\Nr 25 - 05102006 Bachelorstudiengänge der Phil Fak Prüfungsordnung.pdf
[2012/12/30 19:38:48 | 000,001,187 | ---- | C] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2012/12/30 15:50:58 | 000,069,206 | ---- | C] () -- C:\Users\Danny\Desktop\Merkblatt_Einzureichende_Belege_ab_VZ2011_Ansichts-PDF.pdf
[2012/10/19 00:37:36 | 000,116,224 | ---- | C] () -- C:\windows\System32\redmonnt.dll
[2012/10/19 00:37:36 | 000,045,056 | ---- | C] () -- C:\windows\System32\unredmon.exe
[2011/07/04 15:32:45 | 000,007,621 | ---- | C] () -- C:\Users\Danny\AppData\Local\Resmon.ResmonCfg
[2011/04/21 08:46:39 | 000,393,256 | ---- | C] () -- C:\windows\System32\CNQ4809N.DAT
[2011/03/23 15:13:41 | 000,009,704 | ---- | C] () -- C:\windows\HCWPNP.INI
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:AB689DEA

< End of report >
         
EXTRAS.txt
Code:
ATTFilter
OTL Extras logfile created on: 1/22/2013 12:36:50 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Danny\Desktop
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1014.12 Mb Total Physical Memory | 207.13 Mb Available Physical Memory | 20.42% Memory free
1.99 Gb Paging File | 1.11 Gb Available in Paging File | 55.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.00 Gb Total Space | 60.91 Gb Free Space | 60.91% Space Free | Partition Type: NTFS
Drive D: | 117.87 Gb Total Space | 52.17 Gb Free Space | 44.27% Space Free | Partition Type: NTFS
 
Computer Name: DANNY-PC | User Name: Danny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-844154740-1618517215-3757599251-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12D9827D-E68C-4A4D-B547-27C5276AAF5B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{1F02B523-A70A-4521-8F7A-E01404740443}" = rport=445 | protocol=6 | dir=out | app=system | 
"{2EF29DF8-05B4-4F18-8F18-D4DA7CE99308}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary | 
"{3F15569D-A990-4D60-8326-AB55DF0F6269}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{606A869D-535C-4168-8D3C-24BB9C53E868}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{6E6299B2-885E-4471-9DA3-7E29B97DF87E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7AC75C99-C85A-4477-83F8-D997E30B0B1A}" = lport=445 | protocol=6 | dir=in | app=system | 
"{7CC8D969-6294-4FD2-BA04-C9CA60D3FD24}" = rport=139 | protocol=6 | dir=out | app=system | 
"{7EB19E55-7D19-4D2F-91E4-616F3B75C560}" = lport=138 | protocol=17 | dir=in | app=system | 
"{8C85562E-1268-438A-987D-4653E7DE1998}" = lport=139 | protocol=6 | dir=in | app=system | 
"{9189FDB7-0F60-4908-B508-6130B7218258}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{98A04DAA-33EA-4072-83AE-0A28D2597E45}" = lport=137 | protocol=17 | dir=in | app=system | 
"{9A4E19BF-A3F7-4545-8DE2-3F8370CB8ADB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A0D91D61-B780-4B5E-B7A6-F4A7F3F94AC3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A201FC9F-0B87-4AAE-88C6-80B7722C7E49}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 | 
"{A90BCA1A-751B-4A2E-B2AB-4EE026B8DA17}" = rport=137 | protocol=17 | dir=out | app=system | 
"{AE6079B6-C825-4B5C-99FC-A64C2E4C90CB}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 | 
"{B083AE7B-D4C5-4E88-A094-9980757C5F96}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{BA1E8C6A-C8EC-41EB-8EBF-3EA5B5BB1B12}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{BF1DD50F-9977-4324-B735-5C7C671C1483}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{CA7192D2-FC1C-4C78-8B67-EB3A8012B8F5}" = rport=138 | protocol=17 | dir=out | app=system | 
"{E156E7AD-C325-4FE8-8535-35F5D5DC0231}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E87D5E42-F192-4B89-8043-4EDFDE0B5163}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F4C27420-1C5E-4414-80EF-4ED97A3F1A6A}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{F5A4E98C-03D8-41DF-8300-C9DF24636CE7}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary | 
"{FD20F2E3-A591-4139-9004-566DA8B82ED6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0517116C-D0E8-446C-9C72-98123591A900}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{241089C1-E410-4CF4-B48B-83884243BCFD}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{3EBA39D7-7BB4-4ADD-A61B-DA6307CD1063}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{52A610A9-10A2-42EB-8B0A-169818C1C967}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{78922A2F-9BE4-4294-AF0E-67F3281DF894}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{A143D63E-5D1C-42A0-9E82-3893F22F195F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{A247D571-E068-4F61-95D0-EBA8528955DB}" = protocol=17 | dir=in | app=c:\users\danny\appdata\roaming\dropbox\bin\dropbox.exe | 
"{A852C37D-A086-4679-98BC-B03E751601AD}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{AEB71E96-77D9-4C0F-AD7D-5FBAA896E132}" = protocol=6 | dir=in | app=c:\users\danny\appdata\roaming\dropbox\bin\dropbox.exe | 
"{AEC030CA-707B-4096-93CF-15CB1864B35E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{EEDD54AB-9237-4512-A167-B8393C321B12}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{F309993C-29DE-49E3-BA03-16288AD5C542}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"TCP Query User{3BFCAEA8-2FF6-4F74-B368-54600AA6D82B}C:\program files\yworks\yed\yed.exe" = protocol=6 | dir=in | app=c:\program files\yworks\yed\yed.exe | 
"TCP Query User{A02200B6-46B5-4E85-B1B5-6F54F4F319EE}C:\users\danny\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\danny\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{C384783C-A4D5-44CC-9C50-7C6316CD530A}C:\program files\yworks\yed\yed.exe" = protocol=6 | dir=in | app=c:\program files\yworks\yed\yed.exe | 
"UDP Query User{9B2D190F-942D-42EB-994E-E396F5A6868D}C:\program files\yworks\yed\yed.exe" = protocol=17 | dir=in | app=c:\program files\yworks\yed\yed.exe | 
"UDP Query User{A10B38BD-61BD-4F2B-8376-3E786C845DF3}C:\users\danny\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\danny\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{FA5C925D-06D0-4047-AB1C-3550B015D68C}C:\program files\yworks\yed\yed.exe" = protocol=17 | dir=in | app=c:\program files\yworks\yed\yed.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4809" = CanoScan LiDE 210 Scanner Driver
"{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}" = Synaptics Gesture Suite featuring SYNAPTICS | Scrybe
"{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"{1E11EE30-C0D4-46BC-9142-27EB4C37BE35}" = Angry Birds
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 11
"{27D28586-BEF1-4E06-8787-3B1FC3A41489}" = congstar Internet-Manager
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B5092B6-F231-4D18-83BC-2618B729CA45}" = CapsHook
"{4FCBCF89-1823-4D97-A6F2-0E8DD66E273A}" = Broadcom Wireless Network Adapter
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{6333FC29-BFE5-4024-AC78-958A1A7555D1}" = EeeSplendid
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.9.0
"{859D40CF-8491-44AD-8FA8-7389CB418C64}" = 32 Bit HP CIO Components Installer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AC7CCB3C-8E86-4165-9363-30B7CCCD9742}" = Angry Birds Rio
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{D802DD00-16A8-4A58-AFC9-020C2380ECDA}" = EeeSplendid
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3D2DEDC-4732-4188-8A3A-1A3FFBD4D6C8}" = ebi.BookReader3J
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"3309-7404-0599-8908" = yEd Graph Editor 3.10
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASUS VIBE" = ASUS VIBE
"ASUS WebStorage" = ASUS WebStorage
"Avira AntiVir Desktop" = Avira Free Antivirus
"BatteryBar" = BatteryBar (remove only)
"CanonSolutionMenuEX" = Canon Solution Menu EX
"CCleaner" = CCleaner
"Citrix ICA Web Client" = Citrix ICA Web Client
"Eee Docking_is1" = Eee Docking 3.7.0
"ElsterFormular" = ElsterFormular
"ESET Online Scanner" = ESET Online Scanner v3
"FormatFactory" = FormatFactory 2.96
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"Intel AppUp(SM) center 28264" = Intel AppUp(SM) center
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"Mozilla Thunderbird 17.0.2 (x86 de)" = Mozilla Thunderbird 17.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"OOBERegBackup_is1" = OOBERegBackup
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"ScreenSaverPatch_is1" = ScreenSaverPatch
"Sudoku Generator" = Sudoku Generator 2.63
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-844154740-1618517215-3757599251-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 1/27/2012 10:49:43 AM | Computer Name = Danny-PC | Source = CVHSVC | ID = 100
Description = 
 
Error - 2/6/2012 3:50:47 AM | Computer Name = Danny-PC | Source = CVHSVC | ID = 100
Description = 
 
Error - 2/17/2012 4:36:46 AM | Computer Name = Danny-PC | Source = CVHSVC | ID = 100
Description = 
 
Error - 2/17/2012 6:46:27 AM | Computer Name = Danny-PC | Source = CVHSVC | ID = 100
Description = 
 
Error - 2/17/2012 8:10:29 AM | Computer Name = Danny-PC | Source = CVHSVC | ID = 100
Description = 
 
Error - 2/18/2012 2:14:44 PM | Computer Name = Danny-PC | Source = CVHSVC | ID = 100
Description = 
 
Error - 3/10/2012 6:24:34 PM | Computer Name = Danny-PC | Source = CVHSVC | ID = 100
Description = 
 
Error - 3/15/2012 4:26:36 AM | Computer Name = Danny-PC | Source = CVHSVC | ID = 100
Description = 
 
Error - 3/19/2012 2:21:33 AM | Computer Name = Danny-PC | Source = CVHSVC | ID = 100
Description = 
 
Error - 4/3/2012 8:18:40 AM | Computer Name = Danny-PC | Source = CVHSVC | ID = 100
Description = 
 
[ System Events ]
Error - 1/20/2013 3:42:35 PM | Computer Name = Danny-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 1/20/2013 8:19:53 PM | Computer Name = Danny-PC | Source = volsnap | ID = 393251
Description = Die Schattenkopien von Volume "D:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht vergrößert werden kann.
 
Error - 1/21/2013 6:22:15 AM | Computer Name = Danny-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 1/21/2013 8:20:02 AM | Computer Name = Danny-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Asus Launcher Service" wurde unerwartet beendet. Dies ist 
bereits 1 Mal passiert.
 
Error - 1/21/2013 8:20:12 AM | Computer Name = Danny-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 1/21/2013 8:27:02 AM | Computer Name = Danny-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 1/21/2013 8:34:25 AM | Computer Name = Danny-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 1/21/2013 8:43:43 AM | Computer Name = Danny-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 1/22/2013 4:55:10 AM | Computer Name = Danny-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 1/22/2013 7:32:34 AM | Computer Name = Danny-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
 
< End of report >
         

Antwort

Themen zu TR/Crypt.ZPACK.GEN8 in C:\Windows\System32\wmidxu.dll durch Avira gefunden und isoliert
.com, 32 bit, antivir, application/pdf:, avira, bho, bingbar, eeepc, error, failed, fehler, firefox, flash player, helper, install.exe, installation, logfile, loswerden, microsoft office starter 2010, mozilla, realtek, registry, rundll, security, software, svchost.exe, system, tracker, trojaner, udp, windows



Ähnliche Themen: TR/Crypt.ZPACK.GEN8 in C:\Windows\System32\wmidxu.dll durch Avira gefunden und isoliert


  1. Windows 7: USB-Stick zeigt nur noch Verknüpfungen an + avira hat TR/Crypt.ZPACK.82398 gefunden
    Log-Analyse und Auswertung - 13.08.2014 (23)
  2. WIN 7 Crypt.ZPACK.80380 laut Avira gefunden
    Plagegeister aller Art und deren Bekämpfung - 03.06.2014 (11)
  3. TR/Crypt.ZPACK.Gen8 windows vista
    Plagegeister aller Art und deren Bekämpfung - 10.03.2014 (19)
  4. TR/Crypt.ZPACK.Gen8 gefunden
    Log-Analyse und Auswertung - 23.01.2014 (5)
  5. Trojaner "TR/Crypt.ZPACK.Gen8" in C:\Users\johanna\AppData\Roaming\skype.dat via Avira gefunden
    Plagegeister aller Art und deren Bekämpfung - 20.09.2013 (7)
  6. Trojaner tr/crypt.xpack.gen8 von Avira Gefunden
    Plagegeister aller Art und deren Bekämpfung - 19.07.2013 (12)
  7. Probleme mit der Tastatur und dann TR/Crypt.ZPACK.Gen8 von Avira gefunden...
    Log-Analyse und Auswertung - 31.05.2013 (4)
  8. TR/Crypt.ZPACK.Gen8 in C:\Users\quattro\wgsdgsdgdsgsd.exe gefunden. PC war gesperrt.
    Plagegeister aller Art und deren Bekämpfung - 20.04.2013 (9)
  9. TR/Crypt/ZPACK.Gen8 in Avira Quarantäne
    Log-Analyse und Auswertung - 04.03.2013 (20)
  10. AVIRA meldet 'TR/Crypt.ZPACK.Gen8' (C:\System Volume Information\_restore{...}\RP353\A0103375.exe)
    Plagegeister aller Art und deren Bekämpfung - 15.02.2013 (11)
  11. Avira findet TR/Crypt.ZPACK.Gen8, TR/Vcaredrix.A.3 und Tr/Crpyt.EPACK.Gen8
    Plagegeister aller Art und deren Bekämpfung - 30.08.2012 (21)
  12. TR/Crypt.ZPACK.GEN8
    Log-Analyse und Auswertung - 09.06.2012 (6)
  13. Am 1.4.2011 tr/crypt.zpack.gen8 gemeldet, heute als? TR/Offend.kdv.585087.1 gefunden
    Log-Analyse und Auswertung - 05.06.2012 (38)
  14. TR/Crypt.ZPACK.GEN8 - nach Start schwarzer Desktop, keine Progr./Dateien; AVIRA Warnung, Systemfehle
    Log-Analyse und Auswertung - 19.05.2012 (1)
  15. TR/Crypt.ZPACK.GEN8 - nach Start schwarzer Desktop, keine Progr./Dateien; AVIRA Warnung, Systemfehle
    Log-Analyse und Auswertung - 17.04.2012 (19)
  16. TR/Crypt.ZPACK.Gen2 Trojan wurde von Avira gefunden c:\windows\system32\sshnaS21.dll
    Plagegeister aller Art und deren Bekämpfung - 31.03.2011 (1)
  17. TR/Crypt.ZPACK.Gen durch Avira gefunden
    Plagegeister aller Art und deren Bekämpfung - 24.03.2010 (3)

Zum Thema TR/Crypt.ZPACK.GEN8 in C:\Windows\System32\wmidxu.dll durch Avira gefunden und isoliert - Hallo zusammen, ich habe gestern von einer vermeintlich vertrauenswürdigen Seite eine Datei heruntergeladen, die sich allerdings nicht installieren ließ, da Avira den Trojaner erkannt und in Quarantäne gestellt hat. Es - TR/Crypt.ZPACK.GEN8 in C:\Windows\System32\wmidxu.dll durch Avira gefunden und isoliert...
Archiv
Du betrachtest: TR/Crypt.ZPACK.GEN8 in C:\Windows\System32\wmidxu.dll durch Avira gefunden und isoliert auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.