Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Hi an alle! Habe seit einigen tagen das isearch.babylon.com/?affID=113131& problem...

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 27.02.2013, 16:30   #1
Fingertab
 
Hi an alle! Habe seit einigen tagen das isearch.babylon.com/?affID=113131& problem... - Standard

Hi an alle! Habe seit einigen tagen das isearch.babylon.com/?affID=113131& problem...



Wie bei dem Tag beschrieben habe ich seit einigen tagen das isearch.babylon.com/?affID=113131& probleim beim öffnen eines neuen tabs in Mozilla Firefox Version 19.0

Das Problem besteht NUR beim öffnen eines neuen tabs... nicht beim Start des Browsers oder wenn ich die "Home" taste drücke. Da springt er immer ganz normal auf die eingestellte Startseite.


Wäre Euch sehr verbunden wenn Ihr oder zumindest einer mir bei diesem Problem helfen könnte.


Mfg Fingertab

Alt 27.02.2013, 16:32   #2
markusg
/// Malware-holic
 
Hi an alle! Habe seit einigen tagen das isearch.babylon.com/?affID=113131& problem... - Standard

Hi an alle! Habe seit einigen tagen das isearch.babylon.com/?affID=113131& problem...



Hi,

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 27.02.2013, 16:48   #3
Fingertab
 
Hi an alle! Habe seit einigen tagen das isearch.babylon.com/?affID=113131& problem... - Standard

Hi an alle! Habe seit einigen tagen das isearch.babylon.com/?affID=113131& problem...



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 27.02.2013 17:36:36 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\BlackLight\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,90 Gb Total Physical Memory | 2,63 Gb Available Physical Memory | 67,31% Memory free
7,80 Gb Paging File | 6,39 Gb Available in Paging File | 81,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 445,67 Gb Total Space | 357,11 Gb Free Space | 80,13% Space Free | Partition Type: NTFS
Drive D: | 19,80 Gb Total Space | 2,12 Gb Free Space | 10,71% Space Free | Partition Type: NTFS
 
Computer Name: BLACKLIGHT-HP | User Name: BlackLight | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.27 17:33:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\BlackLight\Desktop\OTL.exe
PRC - [2013.02.04 17:10:10 | 000,013,824 | ---- | M] (Smartbar) -- C:\Users\BlackLight\AppData\Local\Smartbar\Application\QuickShare.exe
PRC - [2012.08.13 11:08:08 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2012.08.13 11:08:08 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2012.06.28 16:40:52 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2012.03.05 13:38:38 | 000,578,944 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2012.03.05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2012.02.19 22:14:14 | 001,134,584 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2012.02.08 03:03:36 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012.02.08 03:03:34 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012.02.08 03:03:16 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
PRC - [2011.11.29 19:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.11.07 09:52:55 | 000,060,688 | ---- | M] (ZTE) -- C:\Program Files (x86)\congstar\Internet-Manager\Bin\mcserver.exe
PRC - [2011.11.07 09:52:29 | 000,220,944 | ---- | M] () -- C:\Program Files (x86)\congstar\Internet-Manager\Bin\dbus-daemon.exe
PRC - [2011.11.07 09:52:00 | 000,036,624 | ---- | M] () -- C:\Program Files (x86)\congstar\Internet-Manager\Bin\db_daemon.exe
PRC - [2011.08.19 14:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2010.11.21 04:24:03 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.02.13 16:02:24 | 001,842,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\7e95b379b65f904b14e472440b1092e4\System.Web.Services.ni.dll
MOD - [2013.02.13 16:02:10 | 012,542,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\45babd35f29911df78d6b41801de0075\System.Windows.Forms.ni.dll
MOD - [2013.02.13 16:01:51 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2013.02.04 17:10:10 | 000,023,040 | ---- | M] () -- C:\Users\BlackLight\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll
MOD - [2013.02.04 17:10:08 | 000,036,864 | ---- | M] () -- C:\Users\BlackLight\AppData\Local\Smartbar\Application\Smartbar.Resources.AutomaticUpdates.dll
MOD - [2013.02.04 17:10:06 | 001,575,424 | ---- | M] () -- C:\Users\BlackLight\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll
MOD - [2013.02.04 17:10:06 | 000,007,680 | ---- | M] () -- C:\Users\BlackLight\AppData\Local\Smartbar\Application\Smartbar.GUI.Multimedia.Loader.dll
MOD - [2013.02.04 17:07:02 | 000,650,240 | ---- | M] () -- C:\Users\BlackLight\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll
MOD - [2013.02.04 17:06:58 | 000,040,960 | ---- | M] () -- C:\Users\BlackLight\AppData\Local\Smartbar\Application\MACTrackBarLib.dll
MOD - [2013.02.04 17:06:56 | 000,051,200 | ---- | M] () -- C:\Users\BlackLight\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll
MOD - [2013.02.04 17:06:56 | 000,044,032 | ---- | M] () -- C:\Users\BlackLight\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll
MOD - [2013.02.04 17:06:54 | 000,073,728 | ---- | M] () -- C:\Users\BlackLight\AppData\Local\Smartbar\Application\Smartbar.Personalization.BusinessLogic.dll
MOD - [2013.02.04 17:06:52 | 000,062,976 | ---- | M] () -- C:\Users\BlackLight\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll
MOD - [2013.02.04 17:06:52 | 000,018,944 | ---- | M] () -- C:\Users\BlackLight\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll
MOD - [2013.02.04 17:06:52 | 000,013,312 | ---- | M] () -- C:\Users\BlackLight\AppData\Local\Smartbar\Application\Smartbar.Resources.SideBySide.dll
MOD - [2013.02.04 17:06:52 | 000,006,144 | ---- | M] () -- C:\Users\BlackLight\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.EventManager.dll
MOD - [2013.02.04 17:06:50 | 000,012,800 | ---- | M] () -- C:\Users\BlackLight\AppData\Local\Smartbar\Application\Smartbar.Resources.Utilities.dll
MOD - [2013.02.04 17:06:50 | 000,007,168 | ---- | M] () -- C:\Users\BlackLight\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll
MOD - [2013.02.04 17:06:48 | 000,012,288 | ---- | M] () -- C:\Users\BlackLight\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll
MOD - [2013.02.04 17:06:48 | 000,009,728 | ---- | M] () -- C:\Users\BlackLight\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll
MOD - [2013.02.04 17:06:48 | 000,007,168 | ---- | M] () -- C:\Users\BlackLight\AppData\Local\Smartbar\Application\Smartbar.Resources.ProcessDownMonitor.dll
MOD - [2013.02.04 17:06:46 | 000,074,752 | ---- | M] () -- C:\Users\BlackLight\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll
MOD - [2013.01.13 11:27:04 | 000,911,432 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.66.0__db937bc2d44ff139\System.Data.SQLite.dll
MOD - [2013.01.13 11:27:02 | 008,013,664 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2013.01.13 11:27:01 | 000,139,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll
MOD - [2013.01.11 22:23:08 | 001,661,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\1a05479a95f137497a8484c8f5079d02\System.Drawing.ni.dll
MOD - [2013.01.11 22:23:01 | 005,767,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\e93ffb76caad1b906a00fd8eacbd169e\System.Xml.ni.dll
MOD - [2013.01.11 22:22:58 | 001,016,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\f4f86fc366beeb9f2eca14f47c30d952\System.Configuration.ni.dll
MOD - [2013.01.11 22:22:56 | 008,411,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\020b37a8be18dc91962b358781fb5a42\System.ni.dll
MOD - [2013.01.11 22:22:25 | 000,647,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\6417abc9f092386199cffb3dbb70cded\System.EnterpriseServices.ni.dll
MOD - [2013.01.11 22:22:24 | 000,677,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\3ee04d46ea27259e500ca0d428ea3ed1\System.Transactions.ni.dll
MOD - [2013.01.11 22:22:23 | 006,816,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\afc43ef40c007311c5adeb95526b383d\System.Data.ni.dll
MOD - [2013.01.10 18:39:44 | 000,224,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\0ed1e8a88eae135e0e88471eaa2910d5\CustomMarshalers.ni.dll
MOD - [2012.08.10 16:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2012.03.15 23:00:34 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2011.11.07 09:52:29 | 000,220,944 | ---- | M] () -- C:\Program Files (x86)\congstar\Internet-Manager\Bin\dbus-daemon.exe
MOD - [2011.11.07 09:52:00 | 000,036,624 | ---- | M] () -- C:\Program Files (x86)\congstar\Internet-Manager\Bin\db_daemon.exe
MOD - [2011.11.07 09:43:33 | 000,020,992 | ---- | M] () -- C:\Program Files (x86)\congstar\Internet-Manager\Bin\libctlsvr.dll
MOD - [2011.11.07 09:39:08 | 000,099,328 | ---- | M] () -- C:\Program Files (x86)\congstar\Internet-Manager\Bin\itapi.dll
MOD - [2011.11.07 09:39:01 | 000,043,008 | ---- | M] () -- C:\Program Files (x86)\congstar\Internet-Manager\Bin\audio.dll
MOD - [2011.11.07 09:38:53 | 000,035,840 | ---- | M] () -- C:\Program Files (x86)\congstar\Internet-Manager\Bin\libConfig.dll
MOD - [2011.11.07 09:38:51 | 000,055,296 | ---- | M] () -- C:\Program Files (x86)\congstar\Internet-Manager\Bin\coder.dll
MOD - [2011.11.07 09:38:49 | 000,027,136 | ---- | M] () -- C:\Program Files (x86)\congstar\Internet-Manager\Bin\log.dll
MOD - [2011.05.06 04:03:32 | 000,594,944 | ---- | M] () -- C:\Program Files (x86)\congstar\Internet-Manager\Bin\dbus-1.dll
MOD - [2011.05.06 04:02:40 | 000,341,504 | ---- | M] () -- C:\Program Files (x86)\congstar\Internet-Manager\Bin\sqlite3.dll
MOD - [2010.11.21 04:24:08 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010.11.21 04:24:01 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2010.11.13 00:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.10.14 10:37:52 | 000,971,776 | ---- | M] () -- C:\Program Files (x86)\congstar\Internet-Manager\Bin\libxml2.dll
MOD - [2010.10.14 10:37:52 | 000,080,688 | ---- | M] () -- C:\Program Files (x86)\congstar\Internet-Manager\Bin\zlib1.dll
MOD - [2009.06.10 22:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2007.09.09 16:07:00 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\congstar\Internet-Manager\Bin\libexpat.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.02.27 14:19:51 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.20 18:47:49 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.01.27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013.01.27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013.01.08 14:41:40 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.14 02:42:10 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012.09.27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012.07.17 15:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2012.03.05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2012.02.19 22:14:14 | 001,134,584 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2012.02.08 03:03:36 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012.02.08 03:03:34 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012.02.08 03:03:16 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012.02.02 21:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV - [2011.11.29 19:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011.02.16 22:47:28 | 000,682,040 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.11.18 03:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.01.20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.12.14 02:42:22 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.11.15 02:38:20 | 000,040,712 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2012.09.12 15:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.07.17 18:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012.03.15 23:22:38 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012.03.15 23:22:38 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.24 04:33:18 | 000,425,232 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012.02.24 04:33:16 | 000,021,264 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver.sys -- (SmbDrv)
DRV:64bit: - [2012.02.03 21:57:58 | 001,838,656 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2012.01.17 01:21:46 | 000,675,432 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.12.06 12:23:08 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011.11.29 18:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.11.18 02:46:36 | 003,432,000 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rt2860.sys -- (RT80x86)
DRV:64bit: - [2011.10.27 19:27:52 | 000,259,688 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsP2Stor.sys -- (RSP2STOR)
DRV:64bit: - [2011.08.19 11:25:25 | 000,122,752 | ---- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HSPADataCardusbser.sys -- (HSPADataCardusbser)
DRV:64bit: - [2011.08.19 11:25:25 | 000,122,752 | ---- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HSPADataCardusbnmea.sys -- (HSPADataCardusbnmea)
DRV:64bit: - [2011.08.19 11:25:25 | 000,122,752 | ---- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HSPADataCardusbmdm.sys -- (HSPADataCardusbmdm)
DRV:64bit: - [2011.08.19 11:25:25 | 000,012,800 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2011.01.15 17:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010.12.16 23:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010.11.21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.12.15 03:46:38 | 000,039,552 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tcpipBM.sys -- (tcpipBM)
DRV:64bit: - [2009.12.15 03:46:30 | 000,016,512 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\BMLoad.sys -- (BMLoad)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 21:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-4/4?satitle={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-4/4?satitle={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Ask.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
IE - HKCU\..\SearchScopes\{A6EC9AEE-4391-4CE5-8419-167F36684096}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=IMB&o=15785&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^HQ&apn_dtid=^YYYYYY^YY^DE&apn_uid=e4d2f666-4fc8-4b8a-a059-5efcf78f9be6&apn_sauid=F048D723-CEEF-4F8B-A389-3DFA97503EC8
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-4/4?satitle={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.7.1
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.5.7
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - prefs.js..keyword.URL: "hxxp://feed.snap.do/?publisher=QuickOC&dpid=QuickOC&co=DE&userid=d4951ad8-5c15-460c-9973-0e740681d1a2&searchtype=ds&installDate=01/01/1970&q="
FF - prefs.js..network.proxy.backup.ftp: "192.168.14.1"
FF - prefs.js..network.proxy.backup.ftp_port: 8001
FF - prefs.js..network.proxy.backup.socks: "192.168.14.1"
FF - prefs.js..network.proxy.backup.socks_port: 8001
FF - prefs.js..network.proxy.backup.ssl: "192.168.14.1"
FF - prefs.js..network.proxy.backup.ssl_port: 8001
FF - prefs.js..network.proxy.ftp: "192.168.14.1"
FF - prefs.js..network.proxy.ftp_port: 8001
FF - prefs.js..network.proxy.http: "192.168.14.1"
FF - prefs.js..network.proxy.http_port: 8001
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "192.168.14.1"
FF - prefs.js..network.proxy.socks_port: 8001
FF - prefs.js..network.proxy.ssl: "192.168.14.1"
FF - prefs.js..network.proxy.ssl_port: 8001
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files (x86)\congstar\Internet-Manager\Bin\addon [2010.04.01 13:29:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.20 18:47:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.20 18:47:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.20 18:47:50 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.20 18:47:15 | 000,000,000 | ---D | M]
 
[2012.12.06 11:37:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BlackLight\AppData\Roaming\mozilla\Extensions
[2013.02.24 09:11:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BlackLight\AppData\Roaming\mozilla\Firefox\Profiles\y57gwj4e.default\extensions
[2013.02.19 21:13:07 | 000,530,982 | ---- | M] () (No name found) -- C:\Users\BlackLight\AppData\Roaming\mozilla\firefox\profiles\y57gwj4e.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013.02.14 20:02:44 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\BlackLight\AppData\Roaming\mozilla\firefox\profiles\y57gwj4e.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.02.04 16:22:10 | 000,242,136 | ---- | M] () (No name found) -- C:\Users\BlackLight\AppData\Roaming\mozilla\firefox\profiles\y57gwj4e.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013.01.03 14:11:07 | 000,002,335 | ---- | M] () -- C:\Users\BlackLight\AppData\Roaming\mozilla\firefox\profiles\y57gwj4e.default\searchplugins\askcom.xml
[2013.02.23 23:56:43 | 000,022,903 | ---- | M] () -- C:\Users\BlackLight\AppData\Roaming\mozilla\firefox\profiles\y57gwj4e.default\searchplugins\Web Search.xml
[2013.02.20 18:47:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013.02.20 18:47:50 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.28 16:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.11.29 10:19:31 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.29 10:19:31 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.11.29 10:19:31 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.29 10:19:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.29 10:19:31 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.29 10:19:31 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found.
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SetDefault] C:\Programme\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [Browser Infrastructure Helper] C:\Users\BlackLight\AppData\Local\Smartbar\Application\QuickShare.exe (Smartbar)
O4 - Startup: C:\Users\BlackLight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.3.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{83F9184D-AB15-40D0-9479-91F98673FB39}: DhcpNameServer = 192.168.14.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8B8A64B-8D85-4436-8726-66137241408F}: DhcpNameServer = 192.168.3.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{981e5aad-43af-11e2-b71c-a0b3ccca627e}\Shell - "" = AutoRun
O33 - MountPoints2\{981e5aad-43af-11e2-b71c-a0b3ccca627e}\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\{981e5aad-43af-11e2-b71c-a0b3ccca627e}\Shell\dinstall\command - "" = F:\Directx\dxsetup.exe
O33 - MountPoints2\{c3147e5d-41fc-11e2-bee7-a0b3ccca627e}\Shell - "" = AutoRun
O33 - MountPoints2\{c3147e5d-41fc-11e2-bee7-a0b3ccca627e}\Shell\AutoRun\command - "" = F:\SH4Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {438363A8-F486-4C37-834C-4955773CB3D3} - msiexec /fu {438363A8-F486-4C37-834C-4955773CB3D3} /qn
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.27 17:33:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\BlackLight\Desktop\OTL.exe
[2013.02.26 10:20:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2013.02.24 16:04:52 | 000,000,000 | ---D | C] -- C:\Users\BlackLight\Documents\Meine empfangenen Dateien
[2013.02.20 18:47:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.02.14 18:22:30 | 000,000,000 | ---D | C] -- C:\Users\BlackLight\Desktop\neuer wifi
[2013.02.13 20:08:14 | 000,000,000 | ---D | C] -- C:\Users\BlackLight\AppData\Roaming\Windows Live Writer
[2013.02.13 20:08:14 | 000,000,000 | ---D | C] -- C:\Users\BlackLight\AppData\Local\Windows Live Writer
[2013.02.10 21:07:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.02.10 21:07:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.02.02 16:16:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2013.02.02 15:37:13 | 000,000,000 | ---D | C] -- C:\Users\BlackLight\AppData\Roaming\TS3Client
[2013.02.02 15:36:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2013.02.02 15:36:24 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.27 17:33:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\BlackLight\Desktop\OTL.exe
[2013.02.27 17:19:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.27 16:53:31 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.27 16:53:31 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.27 16:53:31 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.27 16:53:31 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.27 16:53:31 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.27 16:52:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.27 06:46:01 | 000,031,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.27 06:46:01 | 000,031,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.27 06:38:29 | 3142,864,896 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.23 11:28:46 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBlackLight.job
[2013.02.14 17:49:32 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013.02.13 15:58:15 | 000,295,520 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.10 21:56:34 | 000,059,318 | ---- | M] () -- C:\Users\BlackLight\Documents\Picture 4.jpg
[2013.02.10 21:56:18 | 000,052,991 | ---- | M] () -- C:\Users\BlackLight\Documents\Picture 3.jpg
[2013.02.10 21:36:34 | 000,049,927 | ---- | M] () -- C:\Users\BlackLight\Documents\Picture 2.jpg
[2013.02.10 21:36:29 | 000,051,276 | ---- | M] () -- C:\Users\BlackLight\Documents\Picture 1.jpg
[2013.02.10 21:07:36 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.02.02 15:36:34 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.15 09:15:18 | 000,014,119 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2013.02.15 09:15:18 | 000,014,119 | ---- | C] () -- C:\Windows\SysNative\RaCoInst.dat
[2013.02.10 21:56:31 | 000,059,318 | ---- | C] () -- C:\Users\BlackLight\Documents\Picture 4.jpg
[2013.02.10 21:56:15 | 000,052,991 | ---- | C] () -- C:\Users\BlackLight\Documents\Picture 3.jpg
[2013.02.10 21:36:32 | 000,049,927 | ---- | C] () -- C:\Users\BlackLight\Documents\Picture 2.jpg
[2013.02.10 21:36:26 | 000,051,276 | ---- | C] () -- C:\Users\BlackLight\Documents\Picture 1.jpg
[2013.02.09 09:08:24 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.08 15:27:33 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForBlackLight.job
[2013.02.02 15:36:33 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2013.01.27 13:46:22 | 000,000,560 | ---- | C] () -- C:\Windows\_delis32.ini
[2013.01.08 12:11:20 | 000,000,600 | ---- | C] () -- C:\Windows\Rtcw.INI
[2012.12.30 16:25:12 | 000,193,664 | ---- | C] () -- C:\Windows\SysWow64\bmsdk.exe
[2012.12.30 16:25:12 | 000,002,960 | ---- | C] () -- C:\Windows\SysWow64\boc.ini
[2012.12.30 16:25:12 | 000,000,518 | ---- | C] () -- C:\Windows\SysWow64\bocinstall.ini
[2012.12.14 02:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.12.11 13:20:34 | 000,000,039 | ---- | C] () -- C:\Windows\WININIT.INI
[2012.12.11 13:05:56 | 000,081,920 | ---- | C] () -- C:\Windows\bwUnin-6.1.4.36-8876480L.exe
[2012.12.09 23:10:51 | 000,000,241 | ---- | C] () -- C:\Windows\QSync.INI
[2012.12.06 12:27:15 | 000,007,625 | ---- | C] () -- C:\Users\BlackLight\AppData\Local\Resmon.ResmonCfg
[2012.10.10 02:22:28 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012.10.10 02:22:20 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2012.02.14 19:47:04 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012.02.14 19:47:04 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012.02.14 19:47:04 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012.02.02 21:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.12.09 23:52:59 | 000,000,000 | ---D | M] -- C:\Users\BlackLight\AppData\Roaming\driveridentifier
[2013.01.03 14:18:30 | 000,000,000 | ---D | M] -- C:\Users\BlackLight\AppData\Roaming\ImgBurn
[2012.12.30 19:25:43 | 000,000,000 | ---D | M] -- C:\Users\BlackLight\AppData\Roaming\Internet-Manager
[2013.01.13 11:26:23 | 000,000,000 | ---D | M] -- C:\Users\BlackLight\AppData\Roaming\OpenCandy
[2012.12.08 16:14:04 | 000,000,000 | ---D | M] -- C:\Users\BlackLight\AppData\Roaming\OpenOffice.org
[2012.12.06 10:30:42 | 000,000,000 | ---D | M] -- C:\Users\BlackLight\AppData\Roaming\Synaptics
[2013.02.26 22:42:42 | 000,000,000 | ---D | M] -- C:\Users\BlackLight\AppData\Roaming\TS3Client
[2012.12.09 17:53:15 | 000,000,000 | ---D | M] -- C:\Users\BlackLight\AppData\Roaming\ts3overlay
[2013.02.02 16:11:29 | 000,000,000 | ---D | M] -- C:\Users\BlackLight\AppData\Roaming\ts3overlay_hook_win64
[2013.02.13 20:08:14 | 000,000,000 | ---D | M] -- C:\Users\BlackLight\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.12.15 19:10:03 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012.03.16 00:16:37 | 000,000,000 | -HSD | M] -- C:\boot
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2012.12.06 10:26:23 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012.12.11 08:05:25 | 000,000,000 | ---D | M] -- C:\Games
[2012.12.10 23:00:37 | 000,000,000 | -H-D | M] -- C:\HP
[2012.12.06 13:16:39 | 000,000,000 | ---D | M] -- C:\HP_TOOLS_mountHPSF
[2012.06.04 10:53:39 | 000,000,000 | ---D | M] -- C:\Intel
[2012.12.15 19:09:57 | 000,000,000 | ---D | M] -- C:\Neuer Ordner
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013.02.02 15:36:24 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.02.20 18:47:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)
[2013.02.26 10:20:21 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2012.12.06 10:26:23 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.12.06 10:27:06 | 000,000,000 | -HSD | M] -- C:\Recovery
[2013.02.26 10:01:02 | 000,000,000 | ---D | M] -- C:\SWSetup
[2013.02.27 17:38:00 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.12.06 10:27:12 | 000,000,000 | -H-D | M] -- C:\SYSTEM.SAV
[2013.02.02 16:16:56 | 000,000,000 | ---D | M] -- C:\temp
[2012.12.06 10:26:32 | 000,000,000 | R--D | M] -- C:\Users
[2013.02.26 22:10:30 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.21 04:23:55 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 06:08:49 | 000,032,568 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2013.02.08 15:27:33 | 000,000,352 | ---- | C] () -- C:\Windows\Tasks\HPCeeScheduleForBlackLight.job
[2013.02.09 09:08:24 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2012.03.15 23:09:35 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2012.03.15 23:09:35 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2012.03.15 23:09:35 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2012.03.15 23:09:35 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2012.03.15 23:09:35 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2012.03.15 23:09:35 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2011.11.29 18:40:32 | 000,568,600 | ---- | M] (Intel Corporation) MD5=C224331A54571C8C9162F7714400BBBD -- C:\Windows\SysNative\drivers\iaStor.sys
[2011.11.29 18:40:32 | 000,568,600 | ---- | M] (Intel Corporation) MD5=C224331A54571C8C9162F7714400BBBD -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_9c981fcb416c038e\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2012.03.15 23:22:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2012.03.15 23:22:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2012.03.15 23:22:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2012.03.15 23:22:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2012.03.15 23:22:38 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2012.03.15 23:22:38 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2012.03.15 23:22:38 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2012.03.15 23:22:38 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2013.02.27 17:37:41 | 001,310,720 | -HS- | M] () -- C:\Users\BlackLight\NTUSER.DAT
[2013.02.27 17:37:41 | 000,262,144 | -HS- | M] () -- C:\Users\BlackLight\ntuser.dat.LOG1
[2012.12.06 10:26:32 | 000,000,000 | -HS- | M] () -- C:\Users\BlackLight\ntuser.dat.LOG2
[2012.12.06 10:44:36 | 000,065,536 | -HS- | M] () -- C:\Users\BlackLight\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2012.12.06 10:44:36 | 000,524,288 | -HS- | M] () -- C:\Users\BlackLight\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2012.12.06 10:44:36 | 000,524,288 | -HS- | M] () -- C:\Users\BlackLight\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2012.12.06 10:26:32 | 000,000,020 | -HS- | M] () -- C:\Users\BlackLight\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<           >

< End of report >
         
--- --- ---


OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 27.02.2013 17:36:36 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\BlackLight\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,90 Gb Total Physical Memory | 2,63 Gb Available Physical Memory | 67,31% Memory free
7,80 Gb Paging File | 6,39 Gb Available in Paging File | 81,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 445,67 Gb Total Space | 357,11 Gb Free Space | 80,13% Space Free | Partition Type: NTFS
Drive D: | 19,80 Gb Total Space | 2,12 Gb Free Space | 10,71% Space Free | Partition Type: NTFS
 
Computer Name: BLACKLIGHT-HP | User Name: BlackLight | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01E83DAA-6AAF-4DA9-94E5-517BE5A21F54}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{063B6F39-4301-4B85-B4FA-E95575EA2FF6}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{0D6935CE-D55F-4F0E-855F-BBF9B2114364}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{2104E7BA-598F-40A8-B5A6-3E8FC5F8AFF2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4C2DED82-E1C1-4ECE-9CA0-E7A77423C10C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5521EC16-718E-4CDB-ABC1-2A356A665C5D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{59901C18-8EEC-4807-B57E-A4A5E5D6F25A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7498DB97-6633-4BCB-8971-825DE048665A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7DD6A192-0C20-4ECB-9C15-82FF431CB445}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{842FEBAD-4432-4B55-AAAA-7184050A4761}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{ABF31B26-5142-4467-A293-6C382A0A7CD5}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{B2E20141-27D6-472B-91FB-DFE54EBA0252}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E1FCD357-4B60-41EC-A425-51225FD1166A}" = lport=10243 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{062D3B37-D170-4644-ACB9-DD5E11E6BA69}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{0E2BA753-6C39-4460-9E9A-72246BD0EC40}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2012B00A-8B4A-42F7-98AB-8FF3F3C91190}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{25950EFD-6B13-4F6C-BF36-0862AB7AFE72}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{2CFA7904-0D6E-4B24-8817-9C13DDA3AC73}" = protocol=6 | dir=out | app=system | 
"{5D180E1F-10BE-4484-87BE-D8B7328D0439}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{5FF8BABF-F8F2-4312-AE5A-4360FFE0D252}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{688DE2AB-0686-44F4-AFAF-E8A7790172F0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6A18D028-2BB5-488A-8CB6-EF5B67146EB8}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{8ACBC8F0-124A-42A9-A605-CADD2359FDB4}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{90FF92CC-462B-4E3F-9CE5-17F82835329F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{AAB4D6CE-4253-4C5C-B1CB-5F6F6930DEA6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{AF813B5B-C91C-45AE-B49C-C9264F71FBEF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C889730E-740F-44C8-A9DB-6BF25BC547E7}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{D2970B0B-69F8-4382-983B-92A97536841A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D954CA6D-EAB1-461E-8E02-6EBE0E5A7EF6}" = dir=in | app=c:\users\blacklight\appdata\local\microsoft\skydrive\skydrive.exe | 
"{D958C890-E029-4C11-9D04-1EC35BB106D3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E91E4BEC-5867-4023-9887-5699D0FFB53E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F71A21EE-558E-4B67-A516-C392B79897AD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{5DBE42A9-7F43-4972-9863-295BD3F586BD}C:\program files (x86)\anno 1701\anno1701.exe" = protocol=6 | dir=in | app=c:\program files (x86)\anno 1701\anno1701.exe | 
"TCP Query User{938BF375-D1FF-40E3-839B-D62335DC5AFD}C:\games\world of tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world of tanks\wotlauncher.exe | 
"UDP Query User{80D4B328-444D-41D6-BC6C-AC76046F5E7E}C:\program files (x86)\anno 1701\anno1701.exe" = protocol=17 | dir=in | app=c:\program files (x86)\anno 1701\anno1701.exe | 
"UDP Query User{D4C73C0D-AD1A-4EEF-84EA-467EC62D671F}C:\games\world of tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world of tanks\wotlauncher.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5A847522-375C-4D05-BD3D-88C450CC047F}" = HP Launch Box
"{5F611ADA-B98C-4DBB-ADDE-414F08457ECF}" = Windows Live Family Safety
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240CD}" = WinZip 16.0
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D3AA8FD3-5FFA-4CFC-BA8E-99BFC6A41943}" = HP Security Assistant
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player 2.0.4
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0D005F09-A5F4-473B-A901-5735C6AF5628}" = Silent Hunter 4 Wolves of the Pacific
"{15F3A6F5-06AE-4332-AE3E-21CD0416827A}" = Windows Live Mail
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1EA7C505-E6DA-4B85-9432-EBD3C70D510D}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{23A3E560-069F-4CFC-8F6C-1B526EC735FC}" = Windows Live Writer Resources
"{27D28586-BEF1-4E06-8787-3B1FC3A41489}" = congstar Internet-Manager
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}" = opensource
"{373C3DAE-62C8-4F63-887C-769A8986ED50}" = GameShadow
"{3C3DCD2B-6FC7-41BF-BB80-40A936E1A785}" = Windows Live Writer
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{438363A8-F486-4C37-834C-4955773CB3D3}" = HP Setup
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{53B17A98-5BF0-40BC-AAFF-850A357975AC}" = HP Quick Launch
"{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7B0C5EF6-DE4C-4E20-8889-C17604FFE5CD}" = Windows Live Family Safety
"{7DA9DD7F-F4D9-40FB-BD27-69B7731DEDD9}" = ESU for Microsoft Windows 7 SP1
"{7E799992-5DA0-4A1A-9443-B1836B063FEC}" = HP Power Manager
"{85CE9026-C02A-46B4-B08C-4C77CCCC54FF}" = Windows Live Family Safety
"{86C40513-B5A4-476E-9EAB-EC118DCF4502}" = Windows Live Writer
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8913AC02-67B8-4B52-91B2-BBA7B9C265B5}" = Windows Live Writer Resources
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT5390R 802.11b/g/n 1x1 Wi-Fi Adapter
"{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A142E531-C598-4C74-895B-7EEACF0D571E}" = QuickShare
"{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701
"{AE364ACC-B9DF-466B-B4EA-AEECD0CD581E}" = Windows Live Messenger
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{B80D3EA9-A252-4AE5-AC51-81729F5C586F}" = Windows Live Mail
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2462056-BA75-4B2C-8267-DFEA2B6AC4AE}" = HP Software Framework
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
"{DB183033-C2DD-4A37-B43C-943DD4B28C77}" = HP Documentation
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = HP Recovery Manager
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{F28DAAFA-EEBB-48DB-9C8D-6521DD42786B}_is1" = World of Tanks version 8.1
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Black Mirror 2_is1" = Black Mirror 2
"GT Interactive - Driver" = GT Interactive - Driver
"ImgBurn" = ImgBurn
"Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PDF Complete" = PDF Complete Corporate Edition
"VirtualCloneDrive" = VirtualCloneDrive
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SkyDriveSetup.exe" = Microsoft SkyDrive
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 01.02.2013 02:08:14 | Computer Name = BlackLight-HP | Source = WinMgmt | ID = 10
Description = 
 
Error - 01.02.2013 06:55:19 | Computer Name = BlackLight-HP | Source = WinMgmt | ID = 10
Description = 
 
Error - 03.02.2013 04:05:54 | Computer Name = BlackLight-HP | Source = WinMgmt | ID = 10
Description = 
 
Error - 04.02.2013 05:15:31 | Computer Name = BlackLight-HP | Source = WinMgmt | ID = 10
Description = 
 
Error - 05.02.2013 02:54:44 | Computer Name = BlackLight-HP | Source = WinMgmt | ID = 10
Description = 
 
Error - 06.02.2013 04:19:50 | Computer Name = BlackLight-HP | Source = WinMgmt | ID = 10
Description = 
 
Error - 06.02.2013 10:51:45 | Computer Name = BlackLight-HP | Source = WinMgmt | ID = 10
Description = 
 
Error - 07.02.2013 01:29:33 | Computer Name = BlackLight-HP | Source = WinMgmt | ID = 10
Description = 
 
Error - 08.02.2013 13:49:52 | Computer Name = BlackLight-HP | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 18.0.2.4780 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 614    Startzeit: 
01ce06118412c4a6    Endzeit: 60    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
   
 
Error - 08.02.2013 18:55:24 | Computer Name = BlackLight-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 18.0.2.4780,
 Zeitstempel: 0x510c057b  Name des fehlerhaften Moduls: xul.dll, Version: 18.0.2.4780,
 Zeitstempel: 0x510c04a9  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0012bdc8  ID des fehlerhaften
 Prozesses: 0x12e4  Startzeit der fehlerhaften Anwendung: 0x01ce0624de797d46  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll  Berichtskennung:
 9ec4c4a2-7242-11e2-9ca3-a0b3ccca627e
 
Error - 09.02.2013 04:05:07 | Computer Name = BlackLight-HP | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.02.2013 07:59:54 | Computer Name = BlackLight-HP | Source = Application Hang | ID = 1002
Description = Programm ts3client_win64.exe, Version 3.0.9.0 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: e3c    Startzeit: 01ce06bca61e872e    Endzeit: 23    Anwendungspfad: 
C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe    Berichts-ID: 32ab0555-72b0-11e2-9a49-a0b3ccca627e

 
[ Hewlett-Packard Events ]
Error - 07.12.2012 11:21:32 | Computer Name = BlackLight-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 07.12.2012 11:26:13 | Computer Name = BlackLight-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 26.01.2013 11:38:05 | Computer Name = BlackLight-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261   bei HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Message:
 Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.  StackTrace:   bei
 HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Source:
 HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01  Path: C:\Program
 Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: de-DE  RAM: 3996
Ram
 Utilization: 40  TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()

 
[ HP Connection Manager Events ]
Error - 21.12.2012 07:31:07 | Computer Name = BlackLight-HP | Source = hpCMSrv | ID = 5
Description = 2012/12/21 12:31:07.578|00000E98|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 21.12.2012 07:31:09 | Computer Name = BlackLight-HP | Source = hpCMSrv | ID = 5
Description = 2012/12/21 12:31:09.575|00000E98|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 21.12.2012 07:31:11 | Computer Name = BlackLight-HP | Source = hpCMSrv | ID = 5
Description = 2012/12/21 12:31:11.572|00000E98|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 21.12.2012 07:31:15 | Computer Name = BlackLight-HP | Source = hpCMSrv | ID = 5
Description = 2012/12/21 12:31:15.581|00000E98|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 21.12.2012 07:31:17 | Computer Name = BlackLight-HP | Source = hpCMSrv | ID = 5
Description = 2012/12/21 12:31:17.578|00000E98|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 23.12.2012 06:34:25 | Computer Name = BlackLight-HP | Source = hpCMSrv | ID = 5
Description = 2012/12/23 11:34:25.732|00000B28|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 23.12.2012 06:34:27 | Computer Name = BlackLight-HP | Source = hpCMSrv | ID = 5
Description = 2012/12/23 11:34:27.731|00000B28|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 23.12.2012 06:34:29 | Computer Name = BlackLight-HP | Source = hpCMSrv | ID = 5
Description = 2012/12/23 11:34:29.728|00000B28|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 23.12.2012 16:36:45 | Computer Name = BlackLight-HP | Source = hpCMSrv | ID = 5
Description = 2012/12/23 21:36:45.904|0000139C|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 24.12.2012 09:06:25 | Computer Name = BlackLight-HP | Source = hpMobile | ID = 5
Description = 2012.12.24 14:06:25.252|000012E4|Error      |[HP.Mobile]Wlan::UpdateProperties{void()}|Die
 Daten sind unzulässig. (Ausnahme von HRESULT: 0x8007000D)
 
[ HP Software Framework Events ]
Error - 15.03.2012 10:06:33 | Computer Name = AULFISL4LFL4V | Source = CaslSmBios | ID = 5
Description = 2012.03.15 15:06:33.028|0000060C|Error      |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
 occurred in querying WMI for WmiMonitorBrightness: 'Nicht unterstützt '
 
[ Media Center Events ]
Error - 15.02.2013 03:15:51 | Computer Name = BlackLight-HP | Source = MCUpdate | ID = 0
Description = 08:15:50 - Fehler beim Herstellen der Internetverbindung.  08:15:50 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 15.02.2013 03:16:02 | Computer Name = BlackLight-HP | Source = MCUpdate | ID = 0
Description = 08:15:56 - Fehler beim Herstellen der Internetverbindung.  08:15:56 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 15.02.2013 04:16:35 | Computer Name = BlackLight-HP | Source = MCUpdate | ID = 0
Description = 09:16:35 - Fehler beim Herstellen der Internetverbindung.  09:16:35 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 15.02.2013 04:16:48 | Computer Name = BlackLight-HP | Source = MCUpdate | ID = 0
Description = 09:16:40 - Fehler beim Herstellen der Internetverbindung.  09:16:40 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 24.02.2013 03:22:25 | Computer Name = BlackLight-HP | Source = MCUpdate | ID = 0
Description = 08:22:25 - Fehler beim Herstellen der Internetverbindung.  08:22:25 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 24.02.2013 03:23:24 | Computer Name = BlackLight-HP | Source = MCUpdate | ID = 0
Description = 08:22:30 - Fehler beim Herstellen der Internetverbindung.  08:22:32 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 22.01.2013 07:52:52 | Computer Name = BlackLight-HP | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
 \Device\NetBT_Tcpip_{AA2FA9AC-5CA4-4786-ACA1-177EA4F80946} vom Serverdienst nicht
 gebunden werden. Der Serverdienst konnte nicht gestartet werden.
 
Error - 22.01.2013 08:00:52 | Computer Name = BlackLight-HP | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.

	Neue
 Signaturversion:      Vorherige Signaturversion: 1.143.180.0     Aktualisierungsquelle: %%859

	Aktualisierungsphase:
 %%852     Quellpfad: Microsoft Home Page | Devices and Services     Signaturtyp: %%800     Aktualisierungstyp: %%803

	Benutzer:
 NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:      Vorherige Modulversion: 1.1.9103.0     Fehlercode:
 0x80072efd     Fehlerbeschreibung: Die Serververbindung konnte nicht hergestellt werden.
 
 
Error - 27.01.2013 08:42:10 | Computer Name = BlackLight-HP | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.

	Neue
 Signaturversion:      Vorherige Signaturversion: 1.143.942.0     Aktualisierungsquelle: %%859

	Aktualisierungsphase:
 %%852     Quellpfad: Microsoft Home Page | Devices and Services     Signaturtyp: %%800     Aktualisierungstyp: %%803

	Benutzer:
 NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:      Vorherige Modulversion: 1.1.9103.0     Fehlercode:
 0x80072efd     Fehlerbeschreibung: Die Serververbindung konnte nicht hergestellt werden.
 
 
Error - 31.01.2013 03:54:46 | Computer Name = BlackLight-HP | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.

	Neue
 Signaturversion:      Vorherige Signaturversion: 1.143.1136.0     Aktualisierungsquelle: 
%%859     Aktualisierungsphase: %%852     Quellpfad: Microsoft Home Page | Devices and Services     Signaturtyp: 
%%800     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:
      Vorherige Modulversion: 1.1.9103.0     Fehlercode: 0x80072ee2     Fehlerbeschreibung: Das
 Zeitlimit für den Vorgang wurde erreicht. 
 
Error - 07.02.2013 10:11:08 | Computer Name = BlackLight-HP | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.

	Neue
 Signaturversion:      Vorherige Signaturversion: 1.143.1665.0     Aktualisierungsquelle: 
%%859     Aktualisierungsphase: %%852     Quellpfad: Microsoft Home Page | Devices and Services     Signaturtyp: 
%%800     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:
      Vorherige Modulversion: 1.1.9103.0     Fehlercode: 0x80072efd     Fehlerbeschreibung: Die
 Serververbindung konnte nicht hergestellt werden. 
 
Error - 08.02.2013 02:03:23 | Computer Name = BlackLight-HP | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.

	Neue
 Signaturversion:      Vorherige Signaturversion: 1.143.1665.0     Aktualisierungsquelle: 
%%859     Aktualisierungsphase: %%852     Quellpfad: Microsoft Home Page | Devices and Services     Signaturtyp: 
%%800     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:
      Vorherige Modulversion: 1.1.9103.0     Fehlercode: 0x80072efd     Fehlerbeschreibung: Die
 Serververbindung konnte nicht hergestellt werden. 
 
Error - 14.02.2013 14:58:47 | Computer Name = BlackLight-HP | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst HPWMISVC erreicht.
 
Error - 15.02.2013 03:22:37 | Computer Name = BlackLight-HP | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.

	Neue
 Signaturversion:      Vorherige Signaturversion: 1.143.2233.0     Aktualisierungsquelle: 
%%859     Aktualisierungsphase: %%852     Quellpfad: Microsoft Home Page | Devices and Services     Signaturtyp: 
%%800     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:
      Vorherige Modulversion: 1.1.9103.0     Fehlercode: 0x80072efd     Fehlerbeschreibung: Die
 Serververbindung konnte nicht hergestellt werden. 
 
Error - 15.02.2013 04:23:31 | Computer Name = BlackLight-HP | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst HPWMISVC erreicht.
 
Error - 16.02.2013 05:21:59 | Computer Name = BlackLight-HP | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.

	Neue
 Signaturversion:      Vorherige Signaturversion: 1.143.2340.0     Aktualisierungsquelle: 
%%859     Aktualisierungsphase: %%852     Quellpfad: Microsoft Home Page | Devices and Services     Signaturtyp: 
%%800     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:
      Vorherige Modulversion: 1.1.9103.0     Fehlercode: 0x80072efd     Fehlerbeschreibung: Die
 Serververbindung konnte nicht hergestellt werden. 
 
 
< End of report >
         
--- --- ---

Nebenbei Frage:

Wie kommt man zu dem mist?
__________________

Alt 27.02.2013, 16:59   #4
markusg
/// Malware-holic
 
Hi an alle! Habe seit einigen tagen das isearch.babylon.com/?affID=113131& problem... - Standard

Hi an alle! Habe seit einigen tagen das isearch.babylon.com/?affID=113131& problem...



Hi,


otl fix

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
ATTFilter
:OTL
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
:files
:Commands
[emptytemp]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 27.02.2013, 17:10   #5
Fingertab
 
Hi an alle! Habe seit einigen tagen das isearch.babylon.com/?affID=113131& problem... - Standard

Hi an alle! Habe seit einigen tagen das isearch.babylon.com/?affID=113131& problem...



All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: BlackLight
->Temp folder emptied: 765481 bytes
->Temporary Internet Files folder emptied: 316693 bytes
->FireFox cache emptied: 6679533 bytes
->Flash cache emptied: 722 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 64569 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 8,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02272013_180709

Files\Folders moved on Reboot...
C:\Users\BlackLight\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


Alt 27.02.2013, 17:19   #6
markusg
/// Malware-holic
 
Hi an alle! Habe seit einigen tagen das isearch.babylon.com/?affID=113131& problem... - Standard

Hi an alle! Habe seit einigen tagen das isearch.babylon.com/?affID=113131& problem...



Hi,
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
--> Hi an alle! Habe seit einigen tagen das isearch.babylon.com/?affID=113131& problem...

Alt 27.02.2013, 17:26   #7
Fingertab
 
Hi an alle! Habe seit einigen tagen das isearch.babylon.com/?affID=113131& problem... - Standard

Hi an alle! Habe seit einigen tagen das isearch.babylon.com/?affID=113131& problem...



18:22:39.0966 1124 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
18:22:40.0185 1124 ============================================================
18:22:40.0185 1124 Current date / time: 2013/02/27 18:22:40.0185
18:22:40.0185 1124 SystemInfo:
18:22:40.0185 1124
18:22:40.0185 1124 OS Version: 6.1.7601 ServicePack: 1.0
18:22:40.0185 1124 Product type: Workstation
18:22:40.0185 1124 ComputerName: BLACKLIGHT-HP
18:22:40.0185 1124 UserName: BlackLight
18:22:40.0185 1124 Windows directory: C:\Windows
18:22:40.0185 1124 System windows directory: C:\Windows
18:22:40.0185 1124 Running under WOW64
18:22:40.0185 1124 Processor architecture: Intel x64
18:22:40.0185 1124 Number of processors: 2
18:22:40.0185 1124 Page size: 0x1000
18:22:40.0185 1124 Boot type: Normal boot
18:22:40.0185 1124 ============================================================
18:22:40.0918 1124 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:22:40.0918 1124 ============================================================
18:22:40.0918 1124 \Device\Harddisk0\DR0:
18:22:40.0918 1124 MBR partitions:
18:22:40.0918 1124 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
18:22:40.0918 1124 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x37B56800
18:22:40.0918 1124 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x37BBA800, BlocksNum 0x2797800
18:22:40.0918 1124 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33800
18:22:40.0918 1124 ============================================================
18:22:40.0933 1124 C: <-> \Device\Harddisk0\DR0\Partition2
18:22:40.0980 1124 D: <-> \Device\Harddisk0\DR0\Partition3
18:22:40.0980 1124 ============================================================
18:22:40.0980 1124 Initialize success
18:22:40.0980 1124 ============================================================
18:24:07.0123 5036 ============================================================
18:24:07.0123 5036 Scan started
18:24:07.0123 5036 Mode: Manual; SigCheck; TDLFS;
18:24:07.0123 5036 ============================================================
18:24:07.0420 5036 ================ Scan system memory ========================
18:24:07.0420 5036 System memory - ok
18:24:07.0420 5036 ================ Scan services =============================
18:24:07.0576 5036 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
18:24:07.0654 5036 1394ohci - ok
18:24:07.0716 5036 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
18:24:07.0763 5036 ACPI - ok
18:24:07.0794 5036 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
18:24:07.0857 5036 AcpiPmi - ok
18:24:07.0966 5036 [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:24:07.0997 5036 AdobeFlashPlayerUpdateSvc - ok
18:24:08.0044 5036 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
18:24:08.0091 5036 adp94xx - ok
18:24:08.0138 5036 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
18:24:08.0184 5036 adpahci - ok
18:24:08.0216 5036 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
18:24:08.0216 5036 adpu320 - ok
18:24:08.0247 5036 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:24:08.0294 5036 AeLookupSvc - ok
18:24:08.0372 5036 [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
18:24:08.0403 5036 AERTFilters - ok
18:24:08.0450 5036 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
18:24:08.0528 5036 AFD - ok
18:24:08.0559 5036 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:24:08.0590 5036 agp440 - ok
18:24:08.0621 5036 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
18:24:08.0652 5036 ALG - ok
18:24:08.0699 5036 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
18:24:08.0730 5036 aliide - ok
18:24:08.0746 5036 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
18:24:08.0762 5036 amdide - ok
18:24:08.0808 5036 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
18:24:08.0855 5036 AmdK8 - ok
18:24:08.0886 5036 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
18:24:08.0902 5036 AmdPPM - ok
18:24:08.0933 5036 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:24:08.0949 5036 amdsata - ok
18:24:08.0964 5036 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
18:24:08.0980 5036 amdsbs - ok
18:24:08.0996 5036 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:24:09.0011 5036 amdxata - ok
18:24:09.0042 5036 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
18:24:09.0105 5036 AppID - ok
18:24:09.0120 5036 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:24:09.0198 5036 AppIDSvc - ok
18:24:09.0214 5036 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
18:24:09.0261 5036 Appinfo - ok
18:24:09.0308 5036 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
18:24:09.0323 5036 arc - ok
18:24:09.0339 5036 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
18:24:09.0354 5036 arcsas - ok
18:24:09.0386 5036 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:24:09.0464 5036 AsyncMac - ok
18:24:09.0495 5036 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
18:24:09.0495 5036 atapi - ok
18:24:09.0542 5036 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:24:09.0604 5036 AudioEndpointBuilder - ok
18:24:09.0635 5036 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
18:24:09.0666 5036 AudioSrv - ok
18:24:09.0713 5036 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:24:09.0791 5036 AxInstSV - ok
18:24:09.0854 5036 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
18:24:09.0885 5036 b06bdrv - ok
18:24:09.0932 5036 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
18:24:09.0994 5036 b57nd60a - ok
18:24:10.0056 5036 [ 9E84A931DBEE0292E38ED672F6293A99 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
18:24:10.0150 5036 BCM43XX - ok
18:24:10.0197 5036 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
18:24:10.0228 5036 BDESVC - ok
18:24:10.0259 5036 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
18:24:10.0353 5036 Beep - ok
18:24:10.0400 5036 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
18:24:10.0493 5036 BFE - ok
18:24:10.0540 5036 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
18:24:10.0618 5036 BITS - ok
18:24:10.0665 5036 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
18:24:10.0696 5036 blbdrive - ok
18:24:10.0727 5036 [ 057F482CFDB57E75202E2E37795F2D3B ] BMLoad C:\Windows\system32\drivers\BMLoad.sys
18:24:10.0774 5036 BMLoad ( UnsignedFile.Multi.Generic ) - warning
18:24:10.0774 5036 BMLoad - detected UnsignedFile.Multi.Generic (1)
18:24:10.0821 5036 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:24:10.0852 5036 bowser - ok
18:24:10.0883 5036 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
18:24:10.0914 5036 BrFiltLo - ok
18:24:10.0930 5036 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
18:24:10.0946 5036 BrFiltUp - ok
18:24:10.0977 5036 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
18:24:10.0992 5036 Browser - ok
18:24:11.0024 5036 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:24:11.0086 5036 Brserid - ok
18:24:11.0117 5036 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:24:11.0148 5036 BrSerWdm - ok
18:24:11.0180 5036 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:24:11.0226 5036 BrUsbMdm - ok
18:24:11.0242 5036 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:24:11.0273 5036 BrUsbSer - ok
18:24:11.0320 5036 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
18:24:11.0367 5036 BTHMODEM - ok
18:24:11.0414 5036 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
18:24:11.0460 5036 bthserv - ok
18:24:11.0492 5036 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:24:11.0538 5036 cdfs - ok
18:24:11.0570 5036 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:24:11.0616 5036 cdrom - ok
18:24:11.0648 5036 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
18:24:11.0726 5036 CertPropSvc - ok
18:24:11.0772 5036 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
18:24:11.0804 5036 circlass - ok
18:24:11.0850 5036 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
18:24:11.0882 5036 CLFS - ok
18:24:11.0928 5036 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:24:11.0944 5036 clr_optimization_v2.0.50727_32 - ok
18:24:11.0975 5036 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:24:11.0991 5036 clr_optimization_v2.0.50727_64 - ok
18:24:12.0053 5036 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:24:12.0084 5036 clr_optimization_v4.0.30319_32 - ok
18:24:12.0116 5036 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:24:12.0131 5036 clr_optimization_v4.0.30319_64 - ok
18:24:12.0131 5036 clwvd - ok
18:24:12.0178 5036 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
18:24:12.0194 5036 CmBatt - ok
18:24:12.0225 5036 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:24:12.0256 5036 cmdide - ok
18:24:12.0287 5036 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
18:24:12.0334 5036 CNG - ok
18:24:12.0381 5036 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
18:24:12.0396 5036 Compbatt - ok
18:24:12.0412 5036 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
18:24:12.0443 5036 CompositeBus - ok
18:24:12.0459 5036 COMSysApp - ok
18:24:12.0490 5036 [ 815F3180B5117E42E422188E9CCC89C6 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
18:24:12.0506 5036 cphs - ok
18:24:12.0537 5036 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
18:24:12.0537 5036 crcdisk - ok
18:24:12.0584 5036 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:24:12.0615 5036 CryptSvc - ok
18:24:12.0662 5036 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:24:12.0755 5036 DcomLaunch - ok
18:24:12.0786 5036 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
18:24:12.0833 5036 defragsvc - ok
18:24:12.0880 5036 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:24:12.0942 5036 DfsC - ok
18:24:12.0989 5036 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
18:24:13.0020 5036 Dhcp - ok
18:24:13.0036 5036 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
18:24:13.0083 5036 discache - ok
18:24:13.0114 5036 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
18:24:13.0130 5036 Disk - ok
18:24:13.0145 5036 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:24:13.0176 5036 Dnscache - ok
18:24:13.0208 5036 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
18:24:13.0254 5036 dot3svc - ok
18:24:13.0286 5036 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
18:24:13.0332 5036 DPS - ok
18:24:13.0364 5036 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:24:13.0395 5036 drmkaud - ok
18:24:13.0426 5036 [ CE7743807258A7D383C427E3C178A49E ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:24:13.0457 5036 DXGKrnl - ok
18:24:13.0473 5036 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
18:24:13.0520 5036 EapHost - ok
18:24:13.0629 5036 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
18:24:13.0769 5036 ebdrv - ok
18:24:13.0785 5036 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
18:24:13.0816 5036 EFS - ok
18:24:13.0910 5036 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:24:13.0956 5036 ehRecvr - ok
18:24:13.0988 5036 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
18:24:14.0003 5036 ehSched - ok
18:24:14.0081 5036 [ A05FC7ECA0966EBB70E4D17B855A853B ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
18:24:14.0112 5036 ElbyCDIO - ok
18:24:14.0159 5036 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
18:24:14.0222 5036 elxstor - ok
18:24:14.0237 5036 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:24:14.0268 5036 ErrDev - ok
18:24:14.0315 5036 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
18:24:14.0393 5036 EventSystem - ok
18:24:14.0424 5036 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
18:24:14.0471 5036 exfat - ok
18:24:14.0487 5036 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:24:14.0534 5036 fastfat - ok
18:24:14.0580 5036 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
18:24:14.0643 5036 Fax - ok
18:24:14.0674 5036 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
18:24:14.0705 5036 fdc - ok
18:24:14.0721 5036 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
18:24:14.0768 5036 fdPHost - ok
18:24:14.0768 5036 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
18:24:14.0799 5036 FDResPub - ok
18:24:14.0830 5036 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:24:14.0846 5036 FileInfo - ok
18:24:14.0846 5036 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:24:14.0892 5036 Filetrace - ok
18:24:14.0924 5036 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
18:24:14.0939 5036 flpydisk - ok
18:24:14.0955 5036 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:24:14.0970 5036 FltMgr - ok
18:24:15.0017 5036 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
18:24:15.0080 5036 FontCache - ok
18:24:15.0126 5036 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:24:15.0158 5036 FontCache3.0.0.0 - ok
18:24:15.0173 5036 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:24:15.0189 5036 FsDepends - ok
18:24:15.0236 5036 [ B16B626996C74B564005BA855C5DEE90 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
18:24:15.0251 5036 fssfltr - ok
18:24:15.0360 5036 [ 812E1BA5C52A78F13EA6AA10DF708B1D ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
18:24:15.0438 5036 fsssvc - ok
18:24:15.0454 5036 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:24:15.0485 5036 Fs_Rec - ok
18:24:15.0501 5036 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:24:15.0532 5036 fvevol - ok
18:24:15.0548 5036 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
18:24:15.0563 5036 gagp30kx - ok
18:24:15.0594 5036 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
18:24:15.0672 5036 gpsvc - ok
18:24:15.0688 5036 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:24:15.0735 5036 hcw85cir - ok
18:24:15.0782 5036 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:24:15.0828 5036 HdAudAddService - ok
18:24:15.0860 5036 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
18:24:15.0891 5036 HDAudBus - ok
18:24:15.0922 5036 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
18:24:15.0969 5036 HidBatt - ok
18:24:15.0984 5036 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
18:24:16.0016 5036 HidBth - ok
18:24:16.0047 5036 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
18:24:16.0078 5036 HidIr - ok
18:24:16.0094 5036 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
18:24:16.0125 5036 hidserv - ok
18:24:16.0172 5036 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
18:24:16.0187 5036 HidUsb - ok
18:24:16.0218 5036 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:24:16.0281 5036 hkmsvc - ok
18:24:16.0296 5036 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:24:16.0328 5036 HomeGroupListener - ok
18:24:16.0359 5036 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:24:16.0390 5036 HomeGroupProvider - ok
18:24:16.0484 5036 [ BB1FC298BE53AAB1E110F6E786BD8AC5 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
18:24:16.0499 5036 HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - warning
18:24:16.0499 5036 HP Support Assistant Service - detected UnsignedFile.Multi.Generic (1)
18:24:16.0593 5036 [ 7B8C1B09C11E8DB7C4480ABD7D17E821 ] HPAuto C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
18:24:16.0640 5036 HPAuto - ok
18:24:16.0702 5036 [ 514455F6586473791C5C6B25BA4E1BAB ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
18:24:16.0764 5036 hpqwmiex - ok
18:24:16.0811 5036 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
18:24:16.0811 5036 HpSAMD - ok
18:24:16.0858 5036 [ 2BEC76BDCD1BC080210325E7B5094834 ] HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
18:24:16.0889 5036 HPWMISVC - ok
18:24:16.0936 5036 [ 20BCB023B85632ECAE16825DA4DABB0F ] HSPADataCardusbmdm C:\Windows\system32\DRIVERS\HSPADataCardusbmdm.sys
18:24:16.0967 5036 HSPADataCardusbmdm - ok
18:24:16.0983 5036 [ 20BCB023B85632ECAE16825DA4DABB0F ] HSPADataCardusbnmea C:\Windows\system32\DRIVERS\HSPADataCardusbnmea.sys
18:24:17.0014 5036 HSPADataCardusbnmea - ok
18:24:17.0014 5036 [ 20BCB023B85632ECAE16825DA4DABB0F ] HSPADataCardusbser C:\Windows\system32\DRIVERS\HSPADataCardusbser.sys
18:24:17.0030 5036 HSPADataCardusbser - ok
18:24:17.0076 5036 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:24:17.0154 5036 HTTP - ok
18:24:17.0170 5036 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:24:17.0186 5036 hwpolicy - ok
18:24:17.0217 5036 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
18:24:17.0232 5036 i8042prt - ok
18:24:17.0279 5036 [ C224331A54571C8C9162F7714400BBBD ] iaStor C:\Windows\system32\drivers\iaStor.sys
18:24:17.0310 5036 iaStor - ok
18:24:17.0373 5036 [ 7D4B9A48430ED57ACA6373B71D5904CA ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
18:24:17.0404 5036 IAStorDataMgrSvc - ok
18:24:17.0451 5036 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:24:17.0482 5036 iaStorV - ok
18:24:17.0560 5036 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:24:17.0622 5036 idsvc - ok
18:24:17.0778 5036 [ 348214F96642FD4FEF630DE021BA3540 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
18:24:17.0966 5036 igfx - ok
18:24:17.0997 5036 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
18:24:18.0012 5036 iirsp - ok
18:24:18.0044 5036 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
18:24:18.0122 5036 IKEEXT - ok
18:24:18.0246 5036 [ 112A84BD9A31C59826AC2979D451F0DA ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
18:24:18.0324 5036 IntcAzAudAddService - ok
18:24:18.0371 5036 [ 6C9FFFECA9FED31347D211C5D1FFBD2D ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
18:24:18.0434 5036 IntcDAud - ok
18:24:18.0480 5036 [ 832CE330DD987227B7DEA8C03F22AEFA ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
18:24:19.0557 5036 Intel(R) Capability Licensing Service Interface - ok
18:24:19.0588 5036 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
18:24:19.0588 5036 intelide - ok
18:24:19.0619 5036 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
18:24:19.0650 5036 intelppm - ok
18:24:19.0666 5036 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:24:19.0744 5036 IPBusEnum - ok
18:24:19.0775 5036 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:24:19.0806 5036 IpFilterDriver - ok
18:24:19.0822 5036 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:24:19.0853 5036 iphlpsvc - ok
18:24:19.0884 5036 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
18:24:19.0916 5036 IPMIDRV - ok
18:24:19.0916 5036 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:24:19.0978 5036 IPNAT - ok
18:24:19.0994 5036 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:24:20.0009 5036 IRENUM - ok
18:24:20.0025 5036 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:24:20.0025 5036 isapnp - ok
18:24:20.0040 5036 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
18:24:20.0056 5036 iScsiPrt - ok
18:24:20.0103 5036 [ DBD76BC1D498FE368F2C8CB76C3E00A4 ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
18:24:20.0134 5036 jhi_service - ok
18:24:20.0150 5036 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
18:24:20.0165 5036 kbdclass - ok
18:24:20.0196 5036 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
18:24:20.0228 5036 kbdhid - ok
18:24:20.0243 5036 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
18:24:20.0259 5036 KeyIso - ok
18:24:20.0290 5036 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:24:20.0306 5036 KSecDD - ok
18:24:20.0337 5036 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:24:20.0352 5036 KSecPkg - ok
18:24:20.0384 5036 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
18:24:20.0430 5036 ksthunk - ok
18:24:20.0462 5036 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
18:24:20.0493 5036 KtmRm - ok
18:24:20.0555 5036 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
18:24:20.0633 5036 LanmanServer - ok
18:24:20.0649 5036 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:24:20.0696 5036 LanmanWorkstation - ok
18:24:20.0742 5036 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:24:20.0774 5036 lltdio - ok
18:24:20.0805 5036 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:24:20.0898 5036 lltdsvc - ok
18:24:20.0914 5036 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:24:20.0961 5036 lmhosts - ok
18:24:21.0008 5036 [ 86E4CC39C953D11EF57CF54C4DC78238 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
18:24:21.0054 5036 LMS - ok
18:24:21.0086 5036 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
18:24:21.0117 5036 LSI_FC - ok
18:24:21.0132 5036 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
18:24:21.0148 5036 LSI_SAS - ok
18:24:21.0164 5036 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
18:24:21.0195 5036 LSI_SAS2 - ok
18:24:21.0210 5036 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
18:24:21.0226 5036 LSI_SCSI - ok
18:24:21.0242 5036 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
18:24:21.0320 5036 luafv - ok
18:24:21.0366 5036 [ 1B4DBCAA0321BBB76255983148051F09 ] massfilter C:\Windows\system32\drivers\massfilter.sys
18:24:21.0382 5036 massfilter - ok
18:24:21.0413 5036 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:24:21.0429 5036 Mcx2Svc - ok
18:24:21.0460 5036 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
18:24:21.0476 5036 megasas - ok
18:24:21.0507 5036 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
18:24:21.0522 5036 MegaSR - ok
18:24:21.0554 5036 [ 772A1DEEDFDBC244183B5C805D1B7D85 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
18:24:21.0585 5036 MEIx64 - ok
18:24:21.0616 5036 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
18:24:21.0663 5036 MMCSS - ok
18:24:21.0678 5036 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
18:24:21.0741 5036 Modem - ok
18:24:21.0772 5036 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:24:21.0803 5036 monitor - ok
18:24:21.0819 5036 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
18:24:21.0834 5036 mouclass - ok
18:24:21.0866 5036 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\drivers\mouhid.sys
18:24:21.0897 5036 mouhid - ok
18:24:21.0944 5036 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:24:21.0944 5036 mountmgr - ok
18:24:22.0006 5036 [ 5C5E45DDABEFBC9F564F1D5C83258B8F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:24:22.0022 5036 MozillaMaintenance - ok
18:24:22.0068 5036 [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
18:24:22.0084 5036 MpFilter - ok
18:24:22.0115 5036 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
18:24:22.0131 5036 mpio - ok
18:24:22.0146 5036 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:24:22.0178 5036 mpsdrv - ok
18:24:22.0224 5036 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
18:24:22.0349 5036 MpsSvc - ok
18:24:22.0365 5036 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:24:22.0380 5036 MRxDAV - ok
18:24:22.0412 5036 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:24:22.0427 5036 mrxsmb - ok
18:24:22.0458 5036 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:24:22.0490 5036 mrxsmb10 - ok
18:24:22.0505 5036 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:24:22.0521 5036 mrxsmb20 - ok
18:24:22.0536 5036 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
18:24:22.0552 5036 msahci - ok
18:24:22.0568 5036 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:24:22.0583 5036 msdsm - ok
18:24:22.0614 5036 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
18:24:22.0630 5036 MSDTC - ok
18:24:22.0661 5036 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:24:22.0708 5036 Msfs - ok
18:24:22.0739 5036 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:24:22.0817 5036 mshidkmdf - ok
18:24:22.0833 5036 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:24:22.0833 5036 msisadrv - ok
18:24:22.0864 5036 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:24:22.0942 5036 MSiSCSI - ok
18:24:22.0942 5036 msiserver - ok
18:24:22.0989 5036 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:24:23.0051 5036 MSKSSRV - ok
18:24:23.0160 5036 [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
18:24:23.0176 5036 MsMpSvc - ok
18:24:23.0207 5036 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:24:23.0254 5036 MSPCLOCK - ok
18:24:23.0285 5036 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:24:23.0348 5036 MSPQM - ok
18:24:23.0379 5036 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:24:23.0394 5036 MsRPC - ok
18:24:23.0410 5036 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
18:24:23.0426 5036 mssmbios - ok
18:24:23.0441 5036 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:24:23.0488 5036 MSTEE - ok
18:24:23.0519 5036 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
18:24:23.0519 5036 MTConfig - ok
18:24:23.0550 5036 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
18:24:23.0550 5036 Mup - ok
18:24:23.0582 5036 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
18:24:23.0644 5036 napagent - ok
18:24:23.0675 5036 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:24:23.0706 5036 NativeWifiP - ok
18:24:23.0769 5036 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:24:23.0816 5036 NDIS - ok
18:24:23.0862 5036 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:24:23.0940 5036 NdisCap - ok
18:24:23.0972 5036 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:24:24.0003 5036 NdisTapi - ok
18:24:24.0018 5036 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:24:24.0050 5036 Ndisuio - ok
18:24:24.0065 5036 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:24:24.0112 5036 NdisWan - ok
18:24:24.0128 5036 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:24:24.0174 5036 NDProxy - ok
18:24:24.0206 5036 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:24:24.0237 5036 NetBIOS - ok
18:24:24.0268 5036 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:24:24.0299 5036 NetBT - ok
18:24:24.0330 5036 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
18:24:24.0330 5036 Netlogon - ok
18:24:24.0362 5036 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
18:24:24.0424 5036 Netman - ok
18:24:24.0440 5036 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
18:24:24.0502 5036 netprofm - ok
18:24:24.0564 5036 [ FB21D47BA5606A4EDBBAC353D4BD06F0 ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys
18:24:24.0642 5036 netr28x - ok
18:24:24.0674 5036 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:24:24.0689 5036 NetTcpPortSharing - ok
18:24:24.0720 5036 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
18:24:24.0752 5036 nfrd960 - ok
18:24:24.0798 5036 [ 162100E0BC8377710F9D170631921C03 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
18:24:24.0814 5036 NisDrv - ok
18:24:24.0876 5036 [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
18:24:24.0923 5036 NisSrv - ok
18:24:24.0954 5036 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:24:25.0001 5036 NlaSvc - ok
18:24:25.0032 5036 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:24:25.0079 5036 Npfs - ok
18:24:25.0110 5036 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
18:24:25.0142 5036 nsi - ok
18:24:25.0142 5036 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:24:25.0204 5036 nsiproxy - ok
18:24:25.0266 5036 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:24:25.0376 5036 Ntfs - ok
18:24:25.0391 5036 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
18:24:25.0422 5036 Null - ok
18:24:25.0454 5036 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
18:24:25.0485 5036 NVENETFD - ok
18:24:25.0532 5036 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:24:25.0563 5036 nvraid - ok
18:24:25.0578 5036 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:24:25.0594 5036 nvstor - ok
18:24:25.0610 5036 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:24:25.0625 5036 nv_agp - ok
18:24:25.0641 5036 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:24:25.0656 5036 ohci1394 - ok
18:24:25.0688 5036 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:24:25.0719 5036 p2pimsvc - ok
18:24:25.0797 5036 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
18:24:25.0844 5036 p2psvc - ok
18:24:25.0875 5036 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
18:24:25.0890 5036 Parport - ok
18:24:25.0922 5036 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:24:25.0937 5036 partmgr - ok
18:24:25.0937 5036 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:24:26.0000 5036 PcaSvc - ok
18:24:26.0031 5036 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
18:24:26.0046 5036 pci - ok
18:24:26.0078 5036 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
18:24:26.0093 5036 pciide - ok
18:24:26.0124 5036 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
18:24:26.0140 5036 pcmcia - ok
18:24:26.0156 5036 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
18:24:26.0156 5036 pcw - ok
18:24:26.0202 5036 pdfcDispatcher - ok
18:24:26.0234 5036 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:24:26.0296 5036 PEAUTH - ok
18:24:26.0374 5036 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
18:24:26.0405 5036 PerfHost - ok
18:24:26.0468 5036 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
18:24:26.0561 5036 pla - ok
18:24:26.0592 5036 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:24:26.0624 5036 PlugPlay - ok
18:24:26.0639 5036 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:24:26.0670 5036 PNRPAutoReg - ok
18:24:26.0702 5036 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:24:26.0717 5036 PNRPsvc - ok
18:24:26.0733 5036 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:24:26.0780 5036 PolicyAgent - ok
18:24:26.0826 5036 [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power C:\Windows\system32\umpo.dll
18:24:26.0842 5036 Power - ok
18:24:26.0889 5036 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:24:26.0951 5036 PptpMiniport - ok
18:24:26.0967 5036 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
18:24:27.0014 5036 Processor - ok
18:24:27.0045 5036 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
18:24:27.0092 5036 ProfSvc - ok
18:24:27.0092 5036 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:24:27.0107 5036 ProtectedStorage - ok
18:24:27.0154 5036 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:24:27.0232 5036 Psched - ok
18:24:27.0310 5036 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
18:24:27.0404 5036 ql2300 - ok
18:24:27.0419 5036 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
18:24:27.0419 5036 ql40xx - ok
18:24:27.0450 5036 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
18:24:27.0482 5036 QWAVE - ok
18:24:27.0513 5036 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:24:27.0528 5036 QWAVEdrv - ok
18:24:27.0560 5036 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:24:27.0591 5036 RasAcd - ok
18:24:27.0638 5036 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:24:27.0669 5036 RasAgileVpn - ok
18:24:27.0700 5036 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
18:24:27.0794 5036 RasAuto - ok
18:24:27.0809 5036 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:24:27.0856 5036 Rasl2tp - ok
18:24:27.0887 5036 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
18:24:27.0934 5036 RasMan - ok
18:24:27.0934 5036 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:24:27.0981 5036 RasPppoe - ok
18:24:28.0012 5036 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:24:28.0059 5036 RasSstp - ok
18:24:28.0090 5036 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:24:28.0137 5036 rdbss - ok
18:24:28.0184 5036 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
18:24:28.0215 5036 rdpbus - ok
18:24:28.0246 5036 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:24:28.0293 5036 RDPCDD - ok
18:24:28.0308 5036 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:24:28.0355 5036 RDPENCDD - ok
18:24:28.0371 5036 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:24:28.0402 5036 RDPREFMP - ok
18:24:28.0449 5036 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
18:24:28.0464 5036 RdpVideoMiniport - ok
18:24:28.0480 5036 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:24:28.0496 5036 RDPWD - ok
18:24:28.0527 5036 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:24:28.0542 5036 rdyboost - ok
18:24:28.0574 5036 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:24:28.0636 5036 RemoteAccess - ok
18:24:28.0667 5036 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:24:28.0714 5036 RemoteRegistry - ok
18:24:28.0745 5036 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:24:28.0792 5036 RpcEptMapper - ok
18:24:28.0823 5036 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
18:24:28.0839 5036 RpcLocator - ok
18:24:28.0870 5036 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
18:24:28.0917 5036 RpcSs - ok
18:24:28.0964 5036 [ 7F324DFFCA5318EEF040DBE351D038D8 ] RSP2STOR C:\Windows\system32\DRIVERS\RtsP2Stor.sys
18:24:28.0979 5036 RSP2STOR - ok
18:24:29.0010 5036 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:24:29.0073 5036 rspndr - ok
18:24:29.0198 5036 [ C9222E8191211F68C96CB9F371486996 ] RT80x86 C:\Windows\system32\DRIVERS\RT2860.sys
18:24:29.0244 5036 RT80x86 - ok
18:24:29.0276 5036 [ EB8EA1C4C5E076D9EA61FB59960C5830 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
18:24:29.0291 5036 RTL8167 - ok
18:24:29.0307 5036 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
18:24:29.0322 5036 SamSs - ok
18:24:29.0322 5036 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:24:29.0338 5036 sbp2port - ok
18:24:29.0369 5036 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:24:29.0400 5036 SCardSvr - ok
18:24:29.0432 5036 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:24:29.0478 5036 scfilter - ok
18:24:29.0525 5036 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
18:24:29.0634 5036 Schedule - ok
18:24:29.0666 5036 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
18:24:29.0697 5036 SCPolicySvc - ok
18:24:29.0728 5036 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
18:24:29.0759 5036 sdbus - ok
18:24:29.0775 5036 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:24:29.0806 5036 SDRSVC - ok
18:24:29.0822 5036 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:24:29.0900 5036 secdrv - ok
18:24:29.0915 5036 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
18:24:29.0962 5036 seclogon - ok
18:24:29.0978 5036 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
18:24:30.0024 5036 SENS - ok
18:24:30.0040 5036 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:24:30.0056 5036 SensrSvc - ok
18:24:30.0087 5036 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
18:24:30.0102 5036 Serenum - ok
18:24:30.0134 5036 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
18:24:30.0180 5036 Serial - ok
18:24:30.0212 5036 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
18:24:30.0258 5036 sermouse - ok
18:24:30.0290 5036 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
18:24:30.0352 5036 SessionEnv - ok
18:24:30.0368 5036 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:24:30.0383 5036 sffdisk - ok
18:24:30.0383 5036 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:24:30.0414 5036 sffp_mmc - ok
18:24:30.0430 5036 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:24:30.0446 5036 sffp_sd - ok
18:24:30.0492 5036 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
18:24:30.0524 5036 sfloppy - ok
18:24:30.0555 5036 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:24:30.0617 5036 SharedAccess - ok
18:24:30.0648 5036 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:24:30.0711 5036 ShellHWDetection - ok
18:24:30.0742 5036 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
18:24:30.0758 5036 SiSRaid2 - ok
18:24:30.0789 5036 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
18:24:30.0804 5036 SiSRaid4 - ok
18:24:30.0867 5036 [ 011E958267FEB6ED72F1BFA80072943C ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
18:24:30.0898 5036 SkypeUpdate - ok
18:24:30.0929 5036 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:24:30.0992 5036 Smb - ok
18:24:31.0054 5036 [ AA17A14DA3B572C886D8064C72E9CC50 ] SmbDrv C:\Windows\system32\drivers\Smb_driver.sys
18:24:31.0070 5036 SmbDrv - ok
18:24:31.0101 5036 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:24:31.0132 5036 SNMPTRAP - ok
18:24:31.0148 5036 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
18:24:31.0148 5036 spldr - ok
18:24:31.0194 5036 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
18:24:31.0226 5036 Spooler - ok
18:24:31.0350 5036 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
18:24:31.0522 5036 sppsvc - ok
18:24:31.0538 5036 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:24:31.0569 5036 sppuinotify - ok
18:24:31.0600 5036 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
18:24:31.0631 5036 srv - ok
18:24:31.0647 5036 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:24:31.0678 5036 srv2 - ok
18:24:31.0725 5036 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
18:24:31.0740 5036 SrvHsfHDA - ok
18:24:31.0772 5036 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
18:24:31.0850 5036 SrvHsfV92 - ok
18:24:31.0865 5036 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
18:24:31.0912 5036 SrvHsfWinac - ok
18:24:31.0928 5036 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:24:31.0943 5036 srvnet - ok
18:24:31.0974 5036 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:24:32.0037 5036 SSDPSRV - ok
18:24:32.0037 5036 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:24:32.0068 5036 SstpSvc - ok
18:24:32.0099 5036 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
18:24:32.0099 5036 stexstor - ok
18:24:32.0146 5036 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
18:24:32.0177 5036 stisvc - ok
18:24:32.0177 5036 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
18:24:32.0193 5036 swenum - ok
18:24:32.0224 5036 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
18:24:32.0271 5036 swprv - ok
18:24:32.0318 5036 [ 321EA1320771419C0956DE50F270C3E5 ] SynTP C:\Windows\system32\drivers\SynTP.sys
18:24:32.0333 5036 SynTP - ok
18:24:32.0364 5036 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
18:24:32.0458 5036 SysMain - ok
18:24:32.0458 5036 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:24:32.0474 5036 TabletInputService - ok
18:24:32.0505 5036 [ 8B9FD32C71F29DF235A27CE9FF4F19DC ] taphss6 C:\Windows\system32\DRIVERS\taphss6.sys
18:24:32.0520 5036 taphss6 - ok
18:24:32.0520 5036 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:24:32.0552 5036 TapiSrv - ok
18:24:32.0567 5036 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
18:24:32.0614 5036 TBS - ok
18:24:32.0676 5036 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:24:32.0817 5036 Tcpip - ok
18:24:32.0942 5036 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:24:33.0004 5036 TCPIP6 - ok
18:24:33.0066 5036 [ 1A95043750E359F993154EF8559BE518 ] tcpipBM C:\Windows\system32\drivers\tcpipBM.sys
18:24:33.0098 5036 tcpipBM ( UnsignedFile.Multi.Generic ) - warning
18:24:33.0098 5036 tcpipBM - detected UnsignedFile.Multi.Generic (1)
18:24:33.0129 5036 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:24:33.0144 5036 tcpipreg - ok
18:24:33.0176 5036 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:24:33.0191 5036 TDPIPE - ok
18:24:33.0222 5036 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:24:33.0238 5036 TDTCP - ok
18:24:33.0254 5036 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:24:33.0300 5036 tdx - ok
18:24:33.0300 5036 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
18:24:33.0316 5036 TermDD - ok
18:24:33.0347 5036 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
18:24:33.0394 5036 TermService - ok
18:24:33.0410 5036 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
18:24:33.0425 5036 Themes - ok
18:24:33.0441 5036 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
18:24:33.0472 5036 THREADORDER - ok
18:24:33.0488 5036 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
18:24:33.0534 5036 TrkWks - ok
18:24:33.0597 5036 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:24:33.0644 5036 TrustedInstaller - ok
18:24:33.0675 5036 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:24:33.0722 5036 tssecsrv - ok
18:24:33.0753 5036 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
18:24:33.0800 5036 TsUsbFlt - ok
18:24:33.0831 5036 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
18:24:33.0846 5036 TsUsbGD - ok
18:24:33.0878 5036 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:24:33.0940 5036 tunnel - ok
18:24:33.0956 5036 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
18:24:33.0971 5036 uagp35 - ok
18:24:33.0987 5036 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:24:34.0034 5036 udfs - ok
18:24:34.0065 5036 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:24:34.0080 5036 UI0Detect - ok
18:24:34.0096 5036 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:24:34.0112 5036 uliagpkx - ok
18:24:34.0143 5036 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:24:34.0158 5036 umbus - ok
18:24:34.0190 5036 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
18:24:34.0221 5036 UmPass - ok
18:24:34.0283 5036 [ D80B1075B69B57A3AB78F750CE463ECE ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
18:24:34.0314 5036 UNS - ok
18:24:34.0346 5036 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
18:24:34.0408 5036 upnphost - ok
18:24:34.0470 5036 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
18:24:34.0517 5036 usbaudio - ok
18:24:34.0564 5036 [ 2B26FCB7C634C49313FD72120FB9946E ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:24:34.0595 5036 usbccgp - ok
18:24:34.0626 5036 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:24:34.0673 5036 usbcir - ok
18:24:34.0689 5036 [ AA68C758B3F225618A5FD1ED40C383C4 ] usbehci C:\Windows\system32\drivers\usbehci.sys
18:24:34.0704 5036 usbehci - ok
18:24:34.0720 5036 [ 66E1EF753543785D7E2C44719B2C5DAD ] usbhub C:\Windows\system32\drivers\usbhub.sys
18:24:34.0767 5036 usbhub - ok
18:24:34.0782 5036 [ B26ACA4784AD1295C25A7501FD4AB79E ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:24:34.0829 5036 usbohci - ok
18:24:34.0845 5036 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
18:24:34.0892 5036 usbprint - ok
18:24:34.0923 5036 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:24:34.0970 5036 USBSTOR - ok
18:24:34.0985 5036 [ 35944CFF264134FFD2E7EED0F8B81A56 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
18:24:35.0001 5036 usbuhci - ok
18:24:35.0032 5036 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
18:24:35.0063 5036 usbvideo - ok
18:24:35.0079 5036 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
18:24:35.0126 5036 UxSms - ok
18:24:35.0126 5036 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
18:24:35.0141 5036 VaultSvc - ok
18:24:35.0172 5036 [ FD911873C0BB6945FA38C16E9A2B58F9 ] VClone C:\Windows\system32\DRIVERS\VClone.sys
18:24:35.0188 5036 VClone - ok
18:24:35.0219 5036 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
18:24:35.0219 5036 vdrvroot - ok
18:24:35.0250 5036 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
18:24:35.0313 5036 vds - ok
18:24:35.0344 5036 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:24:35.0360 5036 vga - ok
18:24:35.0375 5036 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
18:24:35.0422 5036 VgaSave - ok
18:24:35.0453 5036 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
18:24:35.0469 5036 vhdmp - ok
18:24:35.0484 5036 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
18:24:35.0500 5036 viaide - ok
18:24:35.0516 5036 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:24:35.0531 5036 volmgr - ok
18:24:35.0547 5036 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:24:35.0562 5036 volmgrx - ok
18:24:35.0594 5036 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:24:35.0609 5036 volsnap - ok
18:24:35.0640 5036 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
18:24:35.0656 5036 vsmraid - ok
18:24:35.0718 5036 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
18:24:35.0828 5036 VSS - ok
18:24:35.0843 5036 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
18:24:35.0874 5036 vwifibus - ok
18:24:35.0890 5036 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
18:24:35.0937 5036 vwififlt - ok
18:24:35.0968 5036 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
18:24:35.0984 5036 vwifimp - ok
18:24:36.0015 5036 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
18:24:36.0062 5036 W32Time - ok
18:24:36.0077 5036 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
18:24:36.0108 5036 WacomPen - ok
18:24:36.0140 5036 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:24:36.0202 5036 WANARP - ok
18:24:36.0202 5036 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:24:36.0233 5036 Wanarpv6 - ok
18:24:36.0311 5036 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
18:24:36.0389 5036 WatAdminSvc - ok
18:24:36.0436 5036 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
18:24:36.0498 5036 wbengine - ok
18:24:36.0530 5036 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:24:36.0545 5036 WbioSrvc - ok
18:24:36.0561 5036 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:24:36.0592 5036 wcncsvc - ok
18:24:36.0608 5036 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:24:36.0623 5036 WcsPlugInService - ok
18:24:36.0654 5036 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
18:24:36.0654 5036 Wd - ok
18:24:36.0686 5036 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:24:36.0748 5036 Wdf01000 - ok
18:24:36.0779 5036 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:24:36.0842 5036 WdiServiceHost - ok
18:24:36.0842 5036 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:24:36.0857 5036 WdiSystemHost - ok
18:24:36.0888 5036 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
18:24:36.0904 5036 WebClient - ok
18:24:36.0935 5036 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:24:36.0982 5036 Wecsvc - ok
18:24:36.0982 5036 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:24:37.0013 5036 wercplsupport - ok
18:24:37.0044 5036 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
18:24:37.0076 5036 WerSvc - ok
18:24:37.0107 5036 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:24:37.0138 5036 WfpLwf - ok
18:24:37.0154 5036 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:24:37.0169 5036 WIMMount - ok
18:24:37.0200 5036 WinDefend - ok
18:24:37.0200 5036 WinHttpAutoProxySvc - ok
18:24:37.0247 5036 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:24:37.0294 5036 Winmgmt - ok
18:24:37.0356 5036 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
18:24:37.0481 5036 WinRM - ok
18:24:37.0512 5036 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
18:24:37.0575 5036 Wlansvc - ok
18:24:37.0715 5036 [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:24:37.0824 5036 wlidsvc - ok
18:24:37.0840 5036 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:24:37.0871 5036 WmiAcpi - ok
18:24:37.0902 5036 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:24:37.0934 5036 wmiApSrv - ok
18:24:37.0949 5036 WMPNetworkSvc - ok
18:24:37.0980 5036 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:24:37.0996 5036 WPCSvc - ok
18:24:38.0027 5036 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:24:38.0043 5036 WPDBusEnum - ok
18:24:38.0090 5036 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:24:38.0152 5036 ws2ifsl - ok
18:24:38.0183 5036 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
18:24:38.0230 5036 wscsvc - ok
18:24:38.0230 5036 WSearch - ok
18:24:38.0308 5036 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
18:24:38.0402 5036 wuauserv - ok
18:24:38.0417 5036 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:24:38.0433 5036 WudfPf - ok
18:24:38.0464 5036 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:24:38.0495 5036 WUDFRd - ok
18:24:38.0526 5036 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:24:38.0542 5036 wudfsvc - ok
18:24:38.0573 5036 [ F0B1D8725FAB9F4A559CCC91A960FCE0 ] WwanSvc C:\Windows\System32\wwansvc.dll
18:24:38.0589 5036 WwanSvc - ok
18:24:38.0604 5036 ================ Scan global ===============================
18:24:38.0636 5036 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:24:38.0651 5036 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
18:24:38.0651 5036 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
18:24:38.0682 5036 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:24:38.0714 5036 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:24:38.0714 5036 [Global] - ok
18:24:38.0714 5036 ================ Scan MBR ==================================
18:24:38.0729 5036 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:24:39.0041 5036 \Device\Harddisk0\DR0 - ok
18:24:39.0041 5036 ================ Scan VBR ==================================
18:24:39.0057 5036 [ 710B8B3419FC40AA8857786421376A52 ] \Device\Harddisk0\DR0\Partition1
18:24:39.0057 5036 \Device\Harddisk0\DR0\Partition1 - ok
18:24:39.0088 5036 [ 693BFED2803D3816732892E5B6388960 ] \Device\Harddisk0\DR0\Partition2
18:24:39.0088 5036 \Device\Harddisk0\DR0\Partition2 - ok
18:24:39.0135 5036 [ BBF02F872A48440F57A2960F7CD1EFA9 ] \Device\Harddisk0\DR0\Partition3
18:24:39.0135 5036 \Device\Harddisk0\DR0\Partition3 - ok
18:24:39.0150 5036 [ B27587B12213AC0522138E0D16E91A70 ] \Device\Harddisk0\DR0\Partition4
18:24:39.0150 5036 \Device\Harddisk0\DR0\Partition4 - ok
18:24:39.0150 5036 ============================================================
18:24:39.0150 5036 Scan finished
18:24:39.0150 5036 ============================================================
18:24:39.0166 3168 Detected object count: 3
18:24:39.0166 3168 Actual detected object count: 3
18:25:18.0791 3168 BMLoad ( UnsignedFile.Multi.Generic ) - skipped by user
18:25:18.0807 3168 BMLoad ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:25:18.0807 3168 HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:25:18.0807 3168 HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:25:18.0807 3168 tcpipBM ( UnsignedFile.Multi.Generic ) - skipped by user
18:25:18.0807 3168 tcpipBM ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:25:38.0572 4864 Deinitialize success

Alt 27.02.2013, 17:44   #8
markusg
/// Malware-holic
 
Hi an alle! Habe seit einigen tagen das isearch.babylon.com/?affID=113131& problem... - Standard

Hi an alle! Habe seit einigen tagen das isearch.babylon.com/?affID=113131& problem...



Hi,
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 27.02.2013, 18:13   #9
Fingertab
 
Hi an alle! Habe seit einigen tagen das isearch.babylon.com/?affID=113131& problem... - Standard

Hi an alle! Habe seit einigen tagen das isearch.babylon.com/?affID=113131& problem...



Combofix Logfile:
Code:
ATTFilter
ComboFix 13-02-26.01 - BlackLight 27.02.2013  19:04:33.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3996.2602 [GMT 1:00]
ausgeführt von:: c:\users\BlackLight\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-01-27 bis 2013-02-27  ))))))))))))))))))))))))))))))
.
.
2013-02-27 18:09 . 2013-02-27 18:09	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-02-27 17:07 . 2013-02-27 17:07	--------	d-----w-	C:\_OTL
2013-02-27 14:50 . 2013-02-08 00:28	9162192	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5F24BA75-D5E9-40BA-80AA-0AC2F1769123}\mpengine.dll
2013-02-26 08:55 . 2013-02-08 00:28	9162192	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-02-15 09:17 . 2013-02-15 09:17	893552	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-02-15 09:17 . 2013-02-15 09:17	42776	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2013-02-15 09:17 . 2013-02-15 09:17	1236816	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2013-02-13 19:18 . 2013-02-24 08:23	893552	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-02-13 19:18 . 2013-02-24 08:23	42776	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-02-13 19:18 . 2013-02-13 19:18	1236816	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-02-13 19:08 . 2013-02-13 19:08	--------	d-----w-	c:\users\BlackLight\AppData\Local\Windows Live Writer
2013-02-13 19:08 . 2013-02-13 19:08	--------	d-----w-	c:\users\BlackLight\AppData\Roaming\Windows Live Writer
2013-02-13 12:09 . 2013-01-08 22:01	768000	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 12:09 . 2013-01-09 01:10	996352	----a-w-	c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 12:08 . 2013-01-09 01:04	96768	----a-w-	c:\windows\system32\mshtmled.dll
2013-02-13 12:08 . 2013-01-09 01:04	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2013-02-13 12:08 . 2013-01-08 21:56	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2013-02-13 06:33 . 2013-01-05 05:53	5553512	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-02-13 06:33 . 2013-01-05 05:00	3967848	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-02-13 06:33 . 2013-01-05 05:00	3913064	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-02-13 06:33 . 2013-01-04 03:26	3153408	----a-w-	c:\windows\system32\win32k.sys
2013-02-13 06:33 . 2013-01-04 05:46	215040	----a-w-	c:\windows\system32\winsrv.dll
2013-02-13 06:33 . 2013-01-04 04:51	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2013-02-13 06:33 . 2013-01-04 02:47	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2013-02-13 06:33 . 2013-01-04 02:47	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2013-02-13 06:33 . 2013-01-04 02:47	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2013-02-13 06:33 . 2013-01-04 02:47	2048	----a-w-	c:\windows\SysWow64\user.exe
2013-02-13 06:32 . 2013-01-03 06:00	1913192	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-02-13 06:32 . 2013-01-03 06:00	288088	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-10 20:07 . 2013-02-10 20:07	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2013-02-02 14:37 . 2013-02-26 21:42	--------	d-----w-	c:\users\BlackLight\AppData\Roaming\TS3Client
2013-02-02 14:36 . 2013-02-02 14:36	--------	d-----w-	c:\program files\TeamSpeak 3 Client
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-27 13:19 . 2012-03-15 13:45	71024	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-27 13:19 . 2012-03-15 13:45	691568	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-13 12:12 . 2012-12-06 17:09	70004024	----a-w-	c:\windows\system32\MRT.exe
2013-01-30 10:53 . 2010-11-21 03:27	273840	------w-	c:\windows\system32\MpSigStub.exe
2013-01-26 16:02 . 2013-01-26 16:02	19696	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-01-20 14:59 . 2013-01-20 14:59	230320	----a-w-	c:\windows\system32\drivers\MpFilter.sys
2013-01-20 14:59 . 2012-08-30 21:03	130008	----a-w-	c:\windows\system32\drivers\NisDrvWFP.sys
2013-01-04 04:43 . 2013-02-13 06:33	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-12-16 17:11 . 2012-12-21 11:30	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-16 15:42 . 2012-12-16 15:42	1998168	----a-w-	c:\windows\SysWow64\d3dx9_43.dll
2012-12-16 14:45 . 2012-12-21 11:30	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 11:30	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 11:30	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-14 01:42 . 2012-12-14 01:42	9728	----a-w-	c:\windows\system32\IGFXDEVLib.dll
2012-12-14 01:42 . 2012-12-14 01:42	437760	----a-w-	c:\windows\system32\igfxrnor.lrc
2012-12-14 01:42 . 2012-12-14 01:42	384512	----a-w-	c:\windows\system32\igfxpph.dll
2012-12-14 01:42 . 2012-02-14 18:47	12615680	----a-w-	c:\windows\system32\igdumd64.dll
2012-12-14 01:42 . 2012-12-14 01:42	64512	----a-w-	c:\windows\SysWow64\igdde32.dll
2012-12-14 01:42 . 2012-12-14 01:42	440320	----a-w-	c:\windows\system32\igfxrell.lrc
2012-12-14 01:42 . 2012-12-14 01:42	437760	----a-w-	c:\windows\system32\igfxrptb.lrc
2012-12-14 01:42 . 2012-12-14 01:42	437248	----a-w-	c:\windows\system32\igfxrtha.lrc
2012-12-14 01:42 . 2012-12-14 01:42	435712	----a-w-	c:\windows\system32\igfxrheb.lrc
2012-12-14 01:42 . 2012-12-14 01:42	435712	----a-w-	c:\windows\system32\igfxrara.lrc
2012-12-14 01:42 . 2012-12-14 01:42	431104	----a-w-	c:\windows\system32\igfxrkor.lrc
2012-12-14 01:42 . 2012-12-14 01:42	429056	----a-w-	c:\windows\system32\igfxrcht.lrc
2012-12-14 01:42 . 2012-12-14 01:42	330752	----a-w-	c:\windows\SysWow64\igfxdv32.dll
2012-12-14 01:42 . 2012-12-14 01:42	28672	----a-w-	c:\windows\system32\igfxexps.dll
2012-12-14 01:42 . 2012-10-10 01:22	11174912	----a-w-	c:\windows\SysWow64\igd10umd32.dll
2012-12-14 01:42 . 2012-02-14 17:57	64000	----a-w-	c:\windows\system32\igfxsrvc.dll
2012-12-14 01:42 . 2012-02-14 17:56	110592	----a-w-	c:\windows\system32\hccutils.dll
2012-12-14 01:42 . 2012-12-14 01:42	640512	----a-w-	c:\windows\SysWow64\igfxcmrt32.dll
2012-12-14 01:42 . 2012-12-14 01:42	512112	----a-w-	c:\windows\system32\igfxsrvc.exe
2012-12-14 01:42 . 2012-12-14 01:42	438784	----a-w-	c:\windows\system32\igfxrnld.lrc
2012-12-14 01:42 . 2012-12-14 01:42	438784	----a-w-	c:\windows\system32\igfxrdeu.lrc
2012-12-14 01:42 . 2012-12-14 01:42	3121152	----a-w-	c:\windows\SysWow64\igfxcmjit32.dll
2012-12-14 01:42 . 2012-12-14 01:42	255088	----a-w-	c:\windows\system32\igfxext.exe
2012-12-14 01:42 . 2012-12-14 01:42	13030400	----a-w-	c:\windows\system32\ig4icd64.dll
2012-12-14 01:42 . 2012-12-14 01:42	483840	----a-w-	c:\windows\system32\igfx11cmrt64.dll
2012-12-14 01:42 . 2012-12-14 01:42	439808	----a-w-	c:\windows\system32\igfxresn.lrc
2012-12-14 01:42 . 2012-12-14 01:42	437760	----a-w-	c:\windows\system32\igfxrtrk.lrc
2012-12-14 01:42 . 2012-12-14 01:42	428544	----a-w-	c:\windows\system32\igfxrchs.lrc
2012-12-14 01:42 . 2012-10-10 01:22	9007616	----a-w-	c:\windows\system32\igfxress.dll
2012-12-14 01:42 . 2012-02-14 18:42	12858368	----a-w-	c:\windows\system32\igd10umd64.dll
2012-12-14 01:42 . 2012-12-14 01:42	80384	----a-w-	c:\windows\system32\igdde64.dll
2012-12-14 01:42 . 2012-12-14 01:42	459264	----a-w-	c:\windows\SysWow64\igfx11cmrt32.dll
2012-12-14 01:42 . 2012-12-14 01:42	439296	----a-w-	c:\windows\system32\igfxrrus.lrc
2012-12-14 01:42 . 2012-12-14 01:42	438784	----a-w-	c:\windows\system32\igfxrptg.lrc
2012-12-14 01:42 . 2012-12-14 01:42	286208	----a-w-	c:\windows\system32\igfxrenu.lrc
2012-12-14 01:42 . 2012-12-14 01:42	142336	----a-w-	c:\windows\system32\igfxdo.dll
2012-12-14 01:42 . 2012-10-10 01:22	11049472	----a-w-	c:\windows\SysWow64\igdumd32.dll
2012-12-14 01:42 . 2012-12-14 01:42	5353888	----a-w-	c:\windows\system32\drivers\igdkmd64.sys
2012-12-14 01:42 . 2012-12-14 01:42	439296	----a-w-	c:\windows\system32\igfxrrom.lrc
2012-12-14 01:42 . 2012-12-14 01:42	438272	----a-w-	c:\windows\system32\igfxrcsy.lrc
2012-12-14 01:42 . 2012-12-14 01:42	25088	----a-w-	c:\windows\SysWow64\igfxexps32.dll
2012-12-14 01:42 . 2012-12-14 01:42	185968	----a-w-	c:\windows\system32\difx64.exe
2012-12-14 01:42 . 2012-12-14 01:42	518656	----a-w-	c:\windows\system32\igfxcmrt64.dll
2012-12-14 01:42 . 2012-12-14 01:42	438272	----a-w-	c:\windows\system32\igfxrfin.lrc
2012-12-14 01:42 . 2012-12-14 01:42	437760	----a-w-	c:\windows\system32\igfxrsve.lrc
2012-12-14 01:42 . 2012-12-14 01:42	432128	----a-w-	c:\windows\system32\igfxrjpn.lrc
2012-12-14 01:42 . 2012-12-14 01:42	116224	----a-w-	c:\windows\system32\igfxCoIn_v2932.dll
2012-12-14 01:42 . 2012-12-14 01:42	10812416	----a-w-	c:\windows\SysWow64\ig4icd32.dll
2012-12-14 01:42 . 2012-12-14 01:42	442880	----a-w-	c:\windows\system32\igfxdev.dll
2012-12-14 01:42 . 2012-12-14 01:42	438784	----a-w-	c:\windows\system32\igfxrita.lrc
2012-12-14 01:42 . 2012-12-14 01:42	438272	----a-w-	c:\windows\system32\igfxrhun.lrc
2012-12-14 01:42 . 2012-12-14 01:42	437248	----a-w-	c:\windows\system32\igfxrdan.lrc
2012-12-14 01:42 . 2012-12-14 01:42	126976	----a-w-	c:\windows\system32\igfxcpl.cpl
2012-12-14 01:42 . 2012-12-14 01:42	441968	----a-w-	c:\windows\system32\igfxpers.exe
2012-12-14 01:42 . 2012-12-14 01:42	439808	----a-w-	c:\windows\system32\igfxrfra.lrc
2012-12-14 01:42 . 2012-12-14 01:42	410112	----a-w-	c:\windows\system32\igfxTMM.dll
2012-12-14 01:42 . 2012-12-14 01:42	172144	----a-w-	c:\windows\system32\igfxtray.exe
2012-12-14 01:42 . 2012-12-14 01:42	5906032	----a-w-	c:\windows\system32\GfxUI.exe
2012-12-14 01:42 . 2012-12-14 01:42	438784	----a-w-	c:\windows\system32\igfxrsky.lrc
2012-12-14 01:42 . 2012-12-14 01:42	438784	----a-w-	c:\windows\system32\igfxrplk.lrc
2012-12-14 01:42 . 2012-12-14 01:42	438784	----a-w-	c:\windows\system32\igfxrhrv.lrc
2012-12-14 01:42 . 2012-12-14 01:42	3511296	----a-w-	c:\windows\system32\igfxcmjit64.dll
2012-12-14 01:42 . 2012-12-14 01:42	175104	----a-w-	c:\windows\system32\gfxSrvc.dll
2012-12-14 01:42 . 2012-12-14 01:42	437760	----a-w-	c:\windows\system32\igfxrslv.lrc
2012-12-14 01:42 . 2012-12-14 01:42	399984	----a-w-	c:\windows\system32\hkcmd.exe
2012-12-14 01:42 . 2012-12-14 01:42	277616	----a-w-	c:\windows\SysWow64\IntelCpHeciSvc.exe
2012-12-11 19:19 . 2012-12-11 19:19	45056	----a-r-	c:\users\BlackLight\AppData\Roaming\Microsoft\Installer\{373C3DAE-62C8-4F63-887C-769A8986ED50}\GameShadow.exe1_0A3DE514292C4EBA987823B82B0B2BA2.exe
2012-12-11 19:19 . 2012-12-11 19:19	45056	----a-r-	c:\users\BlackLight\AppData\Roaming\Microsoft\Installer\{373C3DAE-62C8-4F63-887C-769A8986ED50}\GameShadow.exe_0A3DE514292C4EBA987823B82B0B2BA2.exe
2012-12-11 19:19 . 2012-12-11 19:19	45056	----a-r-	c:\users\BlackLight\AppData\Roaming\Microsoft\Installer\{373C3DAE-62C8-4F63-887C-769A8986ED50}\ARPPRODUCTICON.exe
2012-12-11 12:05 . 2012-12-11 12:05	81920	------w-	c:\windows\bwUnin-6.1.4.36-8876480L.exe
2012-12-07 13:20 . 2013-01-09 21:25	441856	----a-w-	c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-09 21:25	2746368	----a-w-	c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-09 21:25	308736	----a-w-	c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-09 21:25	2576384	----a-w-	c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-09 21:25	30720	----a-w-	c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-09 21:25	43520	----a-w-	c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-09 21:25	23552	----a-w-	c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-09 21:25	45568	----a-w-	c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-09 21:25	44544	----a-w-	c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-09 21:25	20480	----a-w-	c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-09 21:25	20480	----a-w-	c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-09 21:25	20480	----a-w-	c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-09 21:25	46592	----a-w-	c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-09 21:25	40960	----a-w-	c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-09 21:25	21504	----a-w-	c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-09 21:25	15360	----a-w-	c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-09 21:25	55296	----a-w-	c:\windows\system32\cero.rs
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]
2010-11-21 03:24	297808	----a-w-	c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-01-03 16:07	220632	----a-w-	c:\users\BlackLight\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-01-03 16:07	220632	----a-w-	c:\users\BlackLight\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-01-03 16:07	220632	----a-w-	c:\users\BlackLight\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Browser Infrastructure Helper"="c:\users\BlackLight\AppData\Local\Smartbar\Application\QuickShare.exe" [2013-02-04 13824]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18708224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2012-02-19 684024]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2012-06-28 74752]
.
c:\users\BlackLight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
MCtlSvc.lnk - c:\program files (x86)\congstar\Internet-Manager\Bin\mcserver.exe [2012-12-30 60688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
R3 HSPADataCardusbmdm;HSPADataCard Proprietary USB Driver;c:\windows\system32\DRIVERS\HSPADataCardusbmdm.sys [2011-08-19 122752]
R3 HSPADataCardusbnmea;HSPADataCard NMEA Port;c:\windows\system32\DRIVERS\HSPADataCardusbnmea.sys [2011-08-19 122752]
R3 HSPADataCardusbser;HSPADataCard Diagnostic Port;c:\windows\system32\DRIVERS\HSPADataCardusbser.sys [2011-08-19 122752]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2011-08-19 12800]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2012-02-03 1838656]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys [2011-10-27 259688]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [2012-11-15 40712]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2013-01-11 1255736]
S0 BMLoad;Bytemobile Boot Time Load Driver;c:\windows\system32\drivers\BMLoad.sys [2009-12-15 16512]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-16 682040]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-03-05 35200]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-29 13592]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-02 628448]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-02-08 161560]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2012-02-19 1134584]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-02-08 363800]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 331264]
S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\DRIVERS\RT2860.sys [2011-11-18 3432000]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-01-17 675432]
S3 SmbDrv;SmbDrv;c:\windows\system32\drivers\Smb_driver.sys [2012-02-24 21264]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-15 13:19]
.
2013-02-23 c:\windows\Tasks\HPCeeScheduleForBlackLight.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 03:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-01-03 16:07	244696	----a-w-	c:\users\BlackLight\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-01-03 16:07	244696	----a-w-	c:\users\BlackLight\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-01-03 16:07	244696	----a-w-	c:\users\BlackLight\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-02-13 6463592]
"SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-12-19 44880]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://de.ask.com/?l=dis&o=15788
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = localhost
TCP: DhcpNameServer = 192.168.3.1
FF - ProfilePath - c:\users\BlackLight\AppData\Roaming\Mozilla\Firefox\Profiles\y57gwj4e.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://feed.snap.do/?publisher=QuickOC&dpid=QuickOC&co=DE&userid=d4951ad8-5c15-460c-9973-0e740681d1a2&searchtype=ds&installDate=01/01/1970&q=
FF - prefs.js: network.proxy.ftp - 192.168.14.1
FF - prefs.js: network.proxy.ftp_port - 8001
FF - prefs.js: network.proxy.http - 192.168.14.1
FF - prefs.js: network.proxy.http_port - 8001
FF - prefs.js: network.proxy.socks - 192.168.14.1
FF - prefs.js: network.proxy.socks_port - 8001
FF - prefs.js: network.proxy.ssl - 192.168.14.1
FF - prefs.js: network.proxy.ssl_port - 8001
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-02-04 16:22; {e4a8a97b-f2ed-450b-b12d-ee082ba24781}; c:\users\BlackLight\AppData\Roaming\Mozilla\Firefox\Profiles\y57gwj4e.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM_Wow6432Node-ActiveSetup-{438363A8-F486-4C37-834C-4955773CB3D3} - msiexec
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-GT Interactive - Driver - c:\windows\IsUn0407.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1541843390-3253037748-2459413601-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1541843390-3253037748-2459413601-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-02-27  19:11:47
ComboFix-quarantined-files.txt  2013-02-27 18:11
.
Vor Suchlauf: 13 Verzeichnis(se), 384.118.525.952 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 383.629.164.544 Bytes frei
.
- - End Of File - - 04C124C62507F387B6E6BE4980687528
         
--- --- ---


ohne probleme durchgelaufen

Alt 27.02.2013, 18:17   #10
markusg
/// Malware-holic
 
Hi an alle! Habe seit einigen tagen das isearch.babylon.com/?affID=113131& problem... - Standard

Hi an alle! Habe seit einigen tagen das isearch.babylon.com/?affID=113131& problem...



Hi,
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 27.02.2013, 18:58   #11
Fingertab
 
Hi an alle! Habe seit einigen tagen das isearch.babylon.com/?affID=113131& problem... - Standard

Hi an alle! Habe seit einigen tagen das isearch.babylon.com/?affID=113131& problem...



Malwarebytes Anti-Malware (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.27.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
BlackLight :: BLACKLIGHT-HP [Administrator]

Schutz: Aktiviert

27.02.2013 19:21:11
mbam-log-2013-02-27 (19-21-11).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 340386
Laufzeit: 36 Minute(n), 15 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Alt 27.02.2013, 19:02   #12
markusg
/// Malware-holic
 
Hi an alle! Habe seit einigen tagen das isearch.babylon.com/?affID=113131& problem... - Standard

Hi an alle! Habe seit einigen tagen das isearch.babylon.com/?affID=113131& problem...



Hi,

lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 27.02.2013, 19:21   #13
Fingertab
 
Hi an alle! Habe seit einigen tagen das isearch.babylon.com/?affID=113131& problem... - Standard

Hi an alle! Habe seit einigen tagen das isearch.babylon.com/?affID=113131& problem...



Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 27.02.2013 6,00MB 11.6.602.171 /notwendig
Adobe Flash Player 11 Plugin Adobe Systems Incorporated 27.02.2013 6,00MB 11.6.602.171 /notwendig
Adobe Shockwave Player 12.0 Adobe Systems, Inc. 26.02.2013 12.0.0.112 /notwendig
Anno 1701 Sunflowers 07.12.2012 1.02 /notwendig (game)
Black Mirror 2 dtp 07.12.2012 /notwendig (game)
CCleaner Piriform 25.11.2012 3.25 /notwendig
congstar Internet-Manager ZTE CORPORATION 30.12.2012 1.0.0.3 /notwendig
GameShadow GameShadow Ltd 11.12.2012 18,5MB 2.03.0000 /weiß nicht ob notwendig
GT Interactive - Driver 13.01.2013 /notwendig (game)
HP Documentation Hewlett-Packard 15.03.2012 440MB 1.1.0.0 /notwendig
HP Launch Box Hewlett-Packard Company 04.06.2012 2,38MB 1.1.5 /notwendig
HP On Screen Display Hewlett-Packard Company 15.03.2012 1,48MB 1.3.5 /notwendig
HP Power Manager Hewlett-Packard Company 04.06.2012 6,03MB 1.4.8 /notwendig
HP Quick Launch Hewlett-Packard Company 15.03.2012 7,24MB 2.7.2 /notwendig
HP Security Assistant Hewlett-Packard Company 15.03.2012 2,66MB 3.0.2 /notwendig
HP Setup Hewlett-Packard Company 15.03.2012 50,9MB 9.1.15430.4033 /notwendig
HP Software Framework Hewlett-Packard Company 07.12.2012 8,24MB 4.6.10.1 /notwendig
HP Support Assistant Hewlett-Packard Company 26.01.2013 83,8MB 7.0.39.15 /notwendig
ImgBurn LIGHTNING UK! 03.01.2013 2.5.7.0 /notwendig
Intel(R) Control Center Intel Corporation 04.06.2012 1.2.1.1007 /denke notwendig
Intel(R) Management Engine Components Intel Corporation 15.03.2012 8.0.2.1410 /denke notwendig
Intel(R) OpenCL CPU Runtime Intel Corporation 04.06.2012 /denke notwendig
Intel(R) Processor Graphics Intel Corporation 25.01.2013 9.17.10.2932 /denke notwendig
Intel(R) Rapid Storage Technology Intel Corporation 04.06.2012 11.0.0.1032 /unbekannt
Intel® Trusted Connect Service Client Intel Corporation 04.06.2012 10,6MB 1.23.605.1 /überfragt
Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation 27.02.2013 18,4MB 1.70.0.1100 /vermute notwendig
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 06.12.2012 38,8MB 4.0.30319 /notwendig
Microsoft Security Essentials Microsoft Corporation 14.02.2013 4.2.223.1 /notwendig
Microsoft SkyDrive Microsoft Corporation 03.01.2013 25,1MB 16.4.6013.0910 /unsicher ob notwendig
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 15.03.2012 1,69MB 3.1.0000 /notwendig
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 06.12.2012 300KB 8.0.61001 /notwendig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 15.03.2012 788KB 9.0.30729 /notwendig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 04.06.2012 788KB 9.0.30729.4148 /notwendig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 06.12.2012 788KB 9.0.30729.6161 /notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 15.12.2012 234KB 9.0.30729 /notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 09.12.2012 238KB 9.0.30729 /notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 04.06.2012 596KB 9.0.30729.4148 /notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 06.12.2012 600KB 9.0.30729.6161 /notwendig
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Corporation 06.12.2012 12,3MB 10.0.30319 /notwendig
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Corporation 06.12.2012 9,90MB 10.0.30319 /notwendig
Mozilla Firefox 19.0 (x86 de) Mozilla 20.02.2013 43,6MB 19.0 /notwendig
Mozilla Maintenance Service Mozilla 20.02.2013 330KB 19.0 /notwendig
NVIDIA PhysX NVIDIA Corporation 15.12.2012 78,9MB 9.10.0513 /notwendig bzw. unsicher
OpenOffice.org 3.4.1 Apache Software Foundation 06.12.2012 331MB 3.41.9593 /notwendig
PDF Complete Corporate Edition PDF Complete, Inc 04.06.2012 4.0.87 /notwendig
QuickShare Linkury Inc. 06.02.2013 19,4MB 1.6.1.795 /nicht notwendig /unbekannt
Ralink RT5390R 802.11b/g/n 1x1 Wi-Fi Adapter Ralink 15.02.2013 3.02.03.0 /notwendig
Realtek Ethernet Controller Driver Realtek 04.06.2012 7.51.116.2012 /notwendig
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 04.06.2012 6.0.1.6577 /notwendig
Realtek PCIE Card Reader Realtek Semiconductor Corp. 04.06.2012 6.1.7601.29005 /notwendig
Silent Hunter 4 Wolves of the Pacific Ubisoft 11.12.2012 1.04.0000 /notwendig
Skype™ 6.1 Skype Technologies S.A. 10.02.2013 21,1MB 6.1.129 /notwendig
Synaptics Pointing Device Driver Synaptics Incorporated 04.06.2012 46,4MB 16.0.1.0 /notwendig
TeamSpeak 3 Client TeamSpeak Systems GmbH 02.02.2013 3.0.6 /notwendig
VirtualCloneDrive Elaborate Bytes 11.12.2012 /notwendig
VLC media player 2.0.4 VideoLAN 06.12.2012 2.0.4 /notwendig
Winamp Nullsoft, Inc 13.01.2013 5.63 /notwendig
Winamp Erkennungs-Plug-in Nullsoft, Inc 13.01.2013 75,0KB 1.0.0.1 /notwendig
Windows Live Essentials Microsoft Corporation 03.01.2013 16.4.3505.0912 /notwendig
WinRAR 4.20 (64-Bit) win.rar GmbH 06.12.2012 4.20.0 /notwendig
WinZip 16.0 WinZip Computing, S.L. 15.03.2012 75,8MB 16.0.9715 / notwendig
World of Tanks version 8.1 Wargaming 11.12.2012 8,33GB 8.1 / nicht notwendig lässt sich nicht deinstallieren

Alt 27.02.2013, 19:47   #14
markusg
/// Malware-holic
 
Hi an alle! Habe seit einigen tagen das isearch.babylon.com/?affID=113131& problem... - Standard

Hi an alle! Habe seit einigen tagen das isearch.babylon.com/?affID=113131& problem...



deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden, instalieren.
deinstaliere:
QuickShare
World of
Revo Uninstaller - Download - Filepony
mit Rewo deinstalieren.

Öffne CCleaner, analysieren, starten, PC neustarten.
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 28.02.2013, 13:21   #15
Fingertab
 
Hi an alle! Habe seit einigen tagen das isearch.babylon.com/?affID=113131& problem... - Standard

Hi an alle! Habe seit einigen tagen das isearch.babylon.com/?affID=113131& problem...



AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.113 - Datei am 28/02/2013 um 14:17:39 erstellt
# Aktualisiert am 23/02/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : BlackLight - BLACKLIGHT-HP
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\BlackLight\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\BlackLight\AppData\Roaming\Mozilla\Firefox\Profiles\y57gwj4e.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Users\BlackLight\AppData\Roaming\Mozilla\Firefox\Profiles\y57gwj4e.default\searchplugins\Web Search.xml
Ordner Gelöscht : C:\Users\BlackLight\AppData\Roaming\OpenCandy

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKCU\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16464

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://de.ask.com/?l=dis&o=15788 --> hxxp://www.google.com

-\\ Mozilla Firefox v19.0 (de)

Datei : C:\Users\BlackLight\AppData\Roaming\Mozilla\Firefox\Profiles\y57gwj4e.default\prefs.js

Gelöscht : user_pref("browser.newtab.url", "hxxp://feed.snap.do/?publisher=QuickOC&dpid=QuickOC&co=DE&userid=d4[...]
Gelöscht : user_pref("browser.search.order.1", "Ask.com");
Gelöscht : user_pref("extensions.helperbar.SmartbarDisabled", false);
Gelöscht : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Gelöscht : user_pref("keyword.URL", "hxxp://feed.snap.do/?publisher=QuickOC&dpid=QuickOC&co=DE&userid=d4951ad8-[...]

*************************

AdwCleaner[S1].txt - [3342 octets] - [28/02/2013 14:17:39]

########## EOF - C:\AdwCleaner[S1].txt - [3402 octets] ##########
         
--- --- ---


muhahaha... ist weg momentan ^^
und sorry das ich gestern nicht weiter gemacht hab... musste schlafen ^^

Antwort

Themen zu Hi an alle! Habe seit einigen tagen das isearch.babylon.com/?affID=113131& problem...
finger, firefox, home, mozilla, mozilla firefox, neue, neuen, problem, spring, springt, start, tagen, taste, verbunden, version, öffnen



Ähnliche Themen: Hi an alle! Habe seit einigen tagen das isearch.babylon.com/?affID=113131& problem...


  1. Hallo ,habe seit einigen Tagen das Problem ,dass beim Zocken-mit höherem Grafikanspruch der Rechner Abstürzt folgende Felermeldung:BCCode: 1
    Alles rund um Windows - 24.10.2015 (0)
  2. Seit einigen Tagen zu jeder Urzeit Internetprobleme (Zu langsam)
    Netzwerk und Hardware - 30.06.2015 (6)
  3. Schlechtes Internet seit einigen Tagen-Log's
    Log-Analyse und Auswertung - 26.08.2014 (9)
  4. Schlechtes Internet seit einigen Tagen
    Netzwerk und Hardware - 17.08.2014 (5)
  5. Seit einigen Tagen hohe Prozessorauslastung > 50 % im Leerlauf
    Log-Analyse und Auswertung - 29.06.2014 (3)
  6. isearch Babylon problem + rechner Langsamer
    Plagegeister aller Art und deren Bekämpfung - 10.05.2013 (9)
  7. http://isearch.babylon.com/?affID=113131&
    Plagegeister aller Art und deren Bekämpfung - 27.04.2013 (12)
  8. http://isearch.babylon.com/?affID=111583&babsrc=lnkry
    Plagegeister aller Art und deren Bekämpfung - 14.03.2013 (31)
  9. Internet Extrem Lahm seit einigen Tagen
    Plagegeister aller Art und deren Bekämpfung - 21.08.2012 (3)
  10. Win7 64Bit friert seit einigen Tagen ein, nur Systemstart hilft
    Plagegeister aller Art und deren Bekämpfung - 18.01.2012 (0)
  11. Seit 3 Tagen habe ich Problem in meinem Laptop.
    Plagegeister aller Art und deren Bekämpfung - 27.07.2011 (2)
  12. Internet seit einigen Tagen recht langsam.
    Log-Analyse und Auswertung - 14.05.2011 (1)
  13. Internetverbindung langsam seit einigen Tagen
    Log-Analyse und Auswertung - 10.02.2011 (4)
  14. Pc sowie Internet lahmt seit einigen Tagen.
    Mülltonne - 09.10.2008 (0)
  15. mein Pc spinnt total seit einigen Tagen..
    Alles rund um Windows - 20.08.2008 (3)
  16. Rechner ruckelt seit einigen Tagen, bitte Log-File prüfen
    Log-Analyse und Auswertung - 30.07.2006 (10)
  17. PC seit einigen Tagen extrem langsam
    Log-Analyse und Auswertung - 29.01.2006 (8)

Zum Thema Hi an alle! Habe seit einigen tagen das isearch.babylon.com/?affID=113131& problem... - Wie bei dem Tag beschrieben habe ich seit einigen tagen das isearch.babylon.com/?affID=113131& probleim beim öffnen eines neuen tabs in Mozilla Firefox Version 19.0 Das Problem besteht NUR beim öffnen eines - Hi an alle! Habe seit einigen tagen das isearch.babylon.com/?affID=113131& problem......
Archiv
Du betrachtest: Hi an alle! Habe seit einigen tagen das isearch.babylon.com/?affID=113131& problem... auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.