Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Delta Search

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 28.02.2013, 08:56   #1
Lonovis
 
Delta Search - Standard

Delta Search



Hallo,
auf der Suche nach einem Treiber für meinen alten Drucker habe ich mir auf dieser Seite www.driverplatform.com/file_cf2001.html ein Tool zur Suche von Treibern (unbeabsichtigt) heruntergeladen. Das funktionierte natürlich nicht, da es nach einer Suportanfrage den treiber für Win7 nicht gibt. Dabei habe ich mir auch delta Search eingefangen und werde ihn nicht mehr los.

Ich habe schon einiges gemacht:

Programme deinstalliert die irgendwie nach Toolbar klingen oder die ich nicht kenne.

awdcleaner ausgeführt:
Code:
ATTFilter
# AdwCleaner v2.113 - Datei am 28/02/2013 um 08:01:12 erstellt
# Aktualisiert am 23/02/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : User - USER-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\User\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\ProgramData\APN
Ordner Gelöscht : C:\ProgramData\Babylon

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\BabylonToolbar
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\e55d6dabd3fba45
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\e55d6dabd3fba45
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=ec8393f4000000000000902b349d699f --> hxxp://www.google.com

-\\ Mozilla Firefox v19.0 (de)

-\\ Google Chrome v25.0.1364.97

*************************

AdwCleaner[S1].txt - [2237 octets] - [28/02/2013 08:01:12]

########## EOF - C:\AdwCleaner[S1].txt - [2297 octets] ##########
         
Mit TFC die temporären Dateien gelöscht.

Und DDS+ ausgeführt:
DDS Logfile:
DDS Logfile:
Code:
ATTFilter
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16457  BrowserJavaVersion: 10.15.2
Run by User at 8:33:19 on 2013-02-28
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8189.6323 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Adobe\Adobe Creative Cloud Connection (64 Bit)\Creative Cloud Connection.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\PowerStrip\PStrip.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [CloudSync] C:\Program Files\Adobe\Adobe Creative Cloud Connection (64 Bit)\Creative Cloud Connection.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [AdobeBridge] <no file>
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
mRun: [WD Drive Unlocker] C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\User\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\Users\User\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\POWERS~1.LNK - C:\Program Files (x86)\PowerStrip\PStrip.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: NameServer = 192.168.1.1 193.189.244.194 193.189.244.202
TCP: Interfaces\{6D022F9A-947E-4755-9B99-8A134A8BDBC4} : DHCPNameServer = 192.168.1.1 193.189.244.194 193.189.244.202
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\idyrcqcy.default\
FF - prefs.js: browser.search.selectedEngine - Delta Search
FF - prefs.js: browser.startup.homepage - hxxp://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=ec8393f4000000000000902b349d699f
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX64.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Common Files\ParallelGraphics\Cortona\npcortona.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2012-12-29 11:22; {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}; C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}
FF - ExtSQL: 2013-01-08 13:44; ich@maltegoetz.de; C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\idyrcqcy.default\extensions\ich@maltegoetz.de
FF - ExtSQL: 2013-01-22 14:33; web2pdfextension@web2pdf.adobedotcom; C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.delta.tlbrSrchUrl - 
FF - user.js: extensions.delta.id - ec8393f4000000000000902b349d699f
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15763
FF - user.js: extensions.delta.vrsn - 1.8.10.0
FF - user.js: extensions.delta.vrsni - 1.8.10.0
FF - user.js: extensions.delta.vrsnTs - 1.8.10.012:32:43
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-11-15 111968]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
R1 PStrip64;PStrip64;C:\Windows\System32\drivers\pstrip64.sys [2013-2-4 13008]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-19 240640]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984]
R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
R2 WDBackup;WD Backup;C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [2012-6-14 1151424]
R2 WDDriveService;WD Drive Manager;C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2012-9-6 248248]
R2 WDRulesService;WD Rules;C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [2012-6-14 1177536]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-6 96256]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2011-7-29 56960]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2011-7-29 79104]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-12-13 565352]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-12-13 38456]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2012-6-14 14464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-12-13 46136]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-12 19456]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-12 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-12-12 30208]
.
=============== File Associations ===============
.
FileExt: .js: jsfile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\Dreamweaver.exe","%1"
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2013-02-28 06:30:56	95648	----a-w-	C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-27 11:37:58	--------	d-----w-	C:\Users\User\AppData\Roaming\GetRightToGo
2013-02-27 11:32:24	--------	d-----w-	C:\Users\User\AppData\Roaming\Babylon
2013-02-22 12:55:10	--------	d-----w-	C:\Users\User\AppData\Local\Apple Computer
2013-02-22 12:53:58	--------	d-----w-	C:\Users\User\AppData\Local\Apple
2013-02-08 07:39:15	--------	d-----w-	C:\Program Files (x86)\AMD AVT
2013-02-08 07:39:10	--------	d-----w-	C:\Program Files (x86)\AMD APP
2013-02-06 10:25:18	--------	d-----w-	C:\Program Files (x86)\Mozilla Firefox.bak
2013-02-04 08:47:48	13008	----a-w-	C:\Windows\System32\drivers\pstrip64.sys
2013-02-04 08:47:47	--------	d-----w-	C:\Program Files (x86)\PowerStrip
.
==================== Find3M  ====================
.
2013-02-28 06:30:52	861088	----a-w-	C:\Windows\SysWow64\npdeployJava1.dll
2013-02-28 06:30:52	782240	----a-w-	C:\Windows\SysWow64\deployJava1.dll
2013-02-27 08:06:42	71024	----a-w-	C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-27 08:06:42	691568	----a-w-	C:\Windows\SysWow64\FlashPlayerApp.exe
2013-01-03 15:27:11	10752	----a-w-	C:\Windows\System32\E_GCINST.DLL
2013-01-03 15:27:09	83968	----a-w-	C:\Windows\System32\E_ID4BHRE.DLL
2013-01-03 15:27:09	120320	----a-w-	C:\Windows\System32\E_ILMHRE.DLL
2012-12-19 20:50:14	5630200	----a-w-	C:\Windows\SysWow64\atiumdag.dll
2012-12-19 20:48:48	11278336	----a-w-	C:\Windows\System32\drivers\atikmdag.sys
2012-12-19 20:29:36	23461376	----a-w-	C:\Windows\System32\atio6axx.dll
2012-12-19 20:22:50	70144	----a-w-	C:\Windows\System32\coinst_9.012.dll
2012-12-19 20:19:46	163840	----a-w-	C:\Windows\System32\atiapfxx.exe
2012-12-19 20:18:04	51200	----a-w-	C:\Windows\System32\aticalrt64.dll
2012-12-19 20:18:02	46080	----a-w-	C:\Windows\SysWow64\aticalrt.dll
2012-12-19 20:17:54	44544	----a-w-	C:\Windows\System32\aticalcl64.dll
2012-12-19 20:17:52	44032	----a-w-	C:\Windows\SysWow64\aticalcl.dll
2012-12-19 20:17:40	16082944	----a-w-	C:\Windows\System32\aticaldd64.dll
2012-12-19 20:13:24	13703168	----a-w-	C:\Windows\SysWow64\aticaldd.dll
2012-12-19 20:12:44	18982400	----a-w-	C:\Windows\SysWow64\atioglxx.dll
2012-12-19 20:09:52	960512	----a-w-	C:\Windows\SysWow64\aticfx32.dll
2012-12-19 20:08:04	1151488	----a-w-	C:\Windows\System32\aticfx64.dll
2012-12-19 20:06:00	6681088	----a-w-	C:\Windows\SysWow64\atidxx32.dll
2012-12-19 19:59:44	5087744	----a-w-	C:\Windows\System32\atiumd6a.dll
2012-12-19 19:57:00	442368	----a-w-	C:\Windows\System32\atidemgy.dll
2012-12-19 19:56:46	550912	----a-w-	C:\Windows\System32\atieclxx.exe
2012-12-19 19:56:00	240640	----a-w-	C:\Windows\System32\atiesrxx.exe
2012-12-19 19:54:38	120320	----a-w-	C:\Windows\System32\atitmm64.dll
2012-12-19 19:54:22	21504	----a-w-	C:\Windows\System32\atimuixx.dll
2012-12-19 19:54:18	59392	----a-w-	C:\Windows\System32\atiedu64.dll
2012-12-19 19:54:12	43520	----a-w-	C:\Windows\SysWow64\ati2edxx.dll
2012-12-19 19:49:00	7370752	----a-w-	C:\Windows\System32\atidxx64.dll
2012-12-19 19:44:28	4162048	----a-w-	C:\Windows\SysWow64\atiumdva.dll
2012-12-19 19:44:12	6786560	----a-w-	C:\Windows\System32\atiumd64.dll
2012-12-19 19:33:50	56320	----a-w-	C:\Windows\System32\atimpc64.dll
2012-12-19 19:33:50	56320	----a-w-	C:\Windows\System32\amdpcom64.dll
2012-12-19 19:33:42	619008	----a-w-	C:\Windows\System32\atiadlxx.dll
2012-12-19 19:33:40	56832	----a-w-	C:\Windows\SysWow64\atimpc32.dll
2012-12-19 19:33:40	56832	----a-w-	C:\Windows\SysWow64\amdpcom32.dll
2012-12-19 19:33:32	421888	----a-w-	C:\Windows\SysWow64\atiadlxy.dll
2012-12-19 19:33:18	17920	----a-w-	C:\Windows\System32\atig6pxx.dll
2012-12-19 19:33:14	14848	----a-w-	C:\Windows\SysWow64\atiglpxx.dll
2012-12-19 19:33:14	14848	----a-w-	C:\Windows\System32\atiglpxx.dll
2012-12-19 19:33:10	41984	----a-w-	C:\Windows\System32\atig6txx.dll
2012-12-19 19:33:04	33280	----a-w-	C:\Windows\SysWow64\atigktxx.dll
2012-12-19 19:32:54	552960	----a-w-	C:\Windows\System32\drivers\atikmpag.sys
2012-12-19 19:31:14	130048	----a-w-	C:\Windows\System32\atiuxp64.dll
2012-12-19 19:31:08	109568	----a-w-	C:\Windows\SysWow64\atiuxpag.dll
2012-12-19 19:31:00	104448	----a-w-	C:\Windows\System32\atiu9p64.dll
2012-12-19 19:30:52	83968	----a-w-	C:\Windows\SysWow64\atiu9pag.dll
2012-12-19 19:30:16	53248	----a-w-	C:\Windows\System32\drivers\ati2erec.dll
2012-12-19 14:45:12	222720	----a-w-	C:\Windows\System32\clinfo.exe
2012-12-19 14:44:48	76288	----a-w-	C:\Windows\System32\OpenVideo64.dll
2012-12-19 14:44:42	65536	----a-w-	C:\Windows\SysWow64\OpenVideo.dll
2012-12-19 14:44:36	64000	----a-w-	C:\Windows\System32\OVDecode64.dll
2012-12-19 14:44:32	56320	----a-w-	C:\Windows\SysWow64\OVDecode.dll
2012-12-19 14:44:20	34518016	----a-w-	C:\Windows\System32\amdocl64.dll
2012-12-19 14:38:48	28732928	----a-w-	C:\Windows\SysWow64\amdocl.dll
2012-12-19 14:34:40	54784	----a-w-	C:\Windows\System32\OpenCL.dll
2012-12-19 14:34:38	50176	----a-w-	C:\Windows\SysWow64\OpenCL.dll
2012-12-16 17:11:22	46080	----a-w-	C:\Windows\System32\atmlib.dll
2012-12-16 14:45:03	367616	----a-w-	C:\Windows\System32\atmfd.dll
2012-12-16 14:13:28	295424	----a-w-	C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:13:20	34304	----a-w-	C:\Windows\SysWow64\atmlib.dll
2012-12-13 09:30:13	0	----a-w-	C:\Windows\ativpsrm.bin
2012-12-07 13:20:16	441856	----a-w-	C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31	2746368	----a-w-	C:\Windows\System32\gameux.dll
2012-12-07 12:26:17	308736	----a-w-	C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43	2576384	----a-w-	C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04	30720	----a-w-	C:\Windows\System32\usk.rs
2012-12-07 11:20:03	43520	----a-w-	C:\Windows\System32\csrr.rs
2012-12-07 11:20:03	23552	----a-w-	C:\Windows\System32\oflc.rs
2012-12-07 11:20:01	45568	----a-w-	C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01	44544	----a-w-	C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01	20480	----a-w-	C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00	20480	----a-w-	C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59	20480	----a-w-	C:\Windows\System32\pegi.rs
2012-12-07 11:19:58	46592	----a-w-	C:\Windows\System32\fpb.rs
2012-12-07 11:19:57	40960	----a-w-	C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57	21504	----a-w-	C:\Windows\System32\grb.rs
2012-12-07 11:19:57	15360	----a-w-	C:\Windows\System32\djctq.rs
2012-12-07 11:19:56	55296	----a-w-	C:\Windows\System32\cero.rs
2012-12-07 11:19:55	51712	----a-w-	C:\Windows\System32\esrb.rs
.
============= FINISH:  8:34:35,06 ===============
         
[/CODE]
--- --- ---
--- --- ---


attach:
Code:
ATTFilter
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 13.12.2012 00:10:28
System Uptime: 28.02.2013 08:28:49 (0 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. |  | GA-970A-DS3
Processor: AMD Phenom(tm) II X4 965 Processor | Socket M2 | 2176/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 704,612 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is FIXED (NTFS) - 931 GiB total, 709,837 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP36: 08.02.2013 18:00:09 - Windows-Sicherung
RP37: 15.02.2013 18:00:09 - Windows-Sicherung
RP38: 22.02.2013 13:54:06 - Installed Safari
RP39: 27.02.2013 12:39:57 - Installed Driver Detective.
RP40: 28.02.2013 07:30:04 - Removed Java(TM) 6 Update 39
RP41: 28.02.2013 07:30:37 - Installed Java 7 Update 15
.
==== Installed Programs ======================
.
1&1 SmartFax
7-Zip 9.20
Adobe Acrobat X Pro - English, Français, Deutsch
Adobe AIR
Adobe Creative Cloud Connection
Adobe CS6 Design and Web Premium
Adobe Flash Player 11 Plugin
Adobe Help Manager
Adobe Reader XI (11.0.01) - Deutsch
Adobe Shockwave Player 11.6
Adobe Widget Browser
Adobe® Content Viewer
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Fuel
AMD Media Foundation Decoders
AMD USB Filter Driver
AMD VISION Engine Control Center
Apple Software Update
AVG 2013
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cortona3D Viewer
EasyCash&Tax 1.58
ECTPlugAnlagenverzeichnis 1.5
Elster-Export 1.13
EPSON BX305 Plus Series Printer Uninstall
EPSON Scan
Etron USB3.0 Host Controller
FileZilla Client 3.6.0.2
Google Chrome
Google Update Helper
Java 7 Update 15
Java Auto Updater
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
Mozilla Firefox 19.0 (x86 de)
Mozilla Maintenance Service
Mozilla Thunderbird 17.0.3 (x86 de)
OpenOffice.org 3.4.1
PDF Settings CS6
PowerStrip 3 (remove only)
Realtek Ethernet Controller Driver
Realtek HDMI Audio Driver for ATI
Realtek High Definition Audio Driver
Safari
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
swMSM
TEC-IT Barcode Studio 14.0
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Visual Studio 2010 x64 Redistributables
WD Drive Utilities
WD Security
WD SmartWare
Windows Media Player Firefox Plugin
WonderWebWare CSS Menu Generator 4.1
.
==== End Of File ===========================
         
Der Delta Search ist immernoch da und nervt!

Danke für die Hilfe.

Lonovis

Alt 28.02.2013, 09:34   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Delta Search - Standard

Delta Search



Hallo und

JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________

__________________

Alt 28.02.2013, 12:16   #3
Lonovis
 
Delta Search - Standard

Delta Search



Mahlzeit cosinus,

hier die Dateien
OTL.txt
Code:
ATTFilter
OTL logfile created on: 28.02.2013 12:08:34 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\User\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,19 Gb Available Physical Memory | 77,40% Memory free
15,99 Gb Paging File | 13,99 Gb Available in Paging File | 87,47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 704,32 Gb Free Space | 75,62% Space Free | Partition Type: NTFS
Drive J: | 931,48 Gb Total Space | 709,84 Gb Free Space | 76,21% Space Free | Partition Type: NTFS
 
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\User\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe (Western Digital)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe (Western Digital )
PRC - C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe (Western Digital )
PRC - C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.)
PRC - C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe (Western Digital)
PRC - C:\Program Files (x86)\PowerStrip\PStrip.exe (EnTech Taiwan)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\acrotray.deu ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (WDDriveService) -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe (Western Digital)
SRV - (WDRulesService) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe (Western Digital )
SRV - (WDBackup) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe (Western Digital )
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (EtronXHCI) -- C:\Windows\SysNative\drivers\EtronXHCI.sys (Etron Technology Inc)
DRV:64bit: - (EtronHub3) -- C:\Windows\SysNative\drivers\EtronHub3.sys (Etron Technology Inc)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (PStrip64) -- C:\Windows\SysNative\drivers\pstrip64.sys ()
DRV - (AODDriver4.2) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3616812966-1746947061-3455423072-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-3616812966-1746947061-3455423072-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3616812966-1746947061-3455423072-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-3616812966-1746947061-3455423072-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EE 58 5F AF FA 10 CE 01  [binary data]
IE - HKU\S-1-5-21-3616812966-1746947061-3455423072-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3616812966-1746947061-3455423072-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3616812966-1746947061-3455423072-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.3
FF - prefs.js..extensions.enabledAddons: youtubeunblocker%40unblocker.yt:0.3.0
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0038-ABCDEFFEDCBA%7D:6.0.38
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@parallelgraphics.com/Cortona: C:\Program Files (x86)\Common Files\ParallelGraphics\Cortona\npcortona.dll (ParallelGraphics)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013.01.25 09:47:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.27 10:42:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.27 10:42:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.01.08 19:31:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.01.08 19:31:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.12.13 18:01:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2013.02.27 18:15:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\idyrcqcy.default\extensions
[2013.01.08 13:44:17 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\idyrcqcy.default\extensions\ich@maltegoetz.de
[2013.01.30 22:03:57 | 000,004,412 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\idyrcqcy.default\extensions\youtubeunblocker@unblocker.yt.xpi
[2013.02.14 14:13:45 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\idyrcqcy.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.02.28 07:30:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.02.27 10:42:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013.02.27 10:42:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}
[2013.02.27 10:42:17 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.11.29 10:19:31 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.29 10:19:31 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.11.29 10:19:31 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.29 10:19:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.29 10:19:31 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.29 10:19:31 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\11.0.0.379_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [WD Drive Unlocker] C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe (Western Digital)
O4 - HKLM..\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3616812966-1746947061-3455423072-1000..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-3616812966-1746947061-3455423072-1000..\Run: [CloudSync] C:\Programme\Adobe\Adobe Creative Cloud Connection (64 Bit)\Creative Cloud Connection.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerStrip.lnk = C:\Program Files (x86)\PowerStrip\PStrip.exe (EnTech Taiwan)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6D022F9A-947E-4755-9B99-8A134A8BDBC4}: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{612e6ee0-44ad-11e2-88b1-cb65fc456e6a}\Shell - "" = AutoRun
O33 - MountPoints2\{612e6ee0-44ad-11e2-88b1-cb65fc456e6a}\Shell\AutoRun\command - "" = H:\Run.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.28 10:19:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2013.02.28 10:04:14 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.02.28 10:04:03 | 000,000,000 | ---D | C] -- C:\JRT
[2013.02.28 10:00:58 | 000,547,491 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\User\Desktop\JRT.exe
[2013.02.28 08:33:01 | 000,700,783 | R--- | C] (Swearware) -- C:\Users\User\Desktop\dds+.exe
[2013.02.28 08:27:00 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\TFC.exe
[2013.02.28 07:31:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.02.28 07:31:09 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.02.28 07:30:56 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.02.28 07:30:56 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.02.28 07:30:56 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.02.28 07:30:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.02.27 12:37:58 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\GetRightToGo
[2013.02.27 10:42:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.02.22 13:55:10 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Apple Computer
[2013.02.22 13:55:08 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Apple Computer
[2013.02.22 13:54:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safari
[2013.02.22 13:54:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013.02.22 13:53:58 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Apple
[2013.02.22 13:53:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2013.02.22 13:53:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2013.02.13 09:19:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013.02.08 08:39:21 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2013.02.08 08:39:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2013.02.08 08:39:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2013.02.08 08:38:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2013.02.06 16:03:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013.02.06 16:03:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2013.02.06 11:25:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox.bak
[2013.02.04 09:48:01 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PowerStrip
[2013.02.04 09:47:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PowerStrip
[2013.02.01 13:01:09 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\FileZilla
[2013.02.01 13:01:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2013.02.01 13:01:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.28 12:06:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.28 11:39:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.28 10:19:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2013.02.28 10:00:58 | 000,547,491 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\User\Desktop\JRT.exe
[2013.02.28 08:33:02 | 000,700,783 | R--- | M] (Swearware) -- C:\Users\User\Desktop\dds+.exe
[2013.02.28 08:29:23 | 000,009,310 | ---- | M] () -- C:\Users\User\AppData\Roaming\PStrip.ini
[2013.02.28 08:29:14 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.28 08:29:14 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\ROC_JAN2013_TB_rmv.job
[2013.02.28 08:29:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.28 08:29:10 | 2145,419,263 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.28 08:27:01 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\TFC.exe
[2013.02.28 08:03:29 | 000,009,310 | ---- | M] () -- C:\Users\User\AppData\Roaming\PStrip.bak
[2013.02.28 07:57:59 | 000,594,019 | ---- | M] () -- C:\Users\User\Desktop\adwcleaner.exe
[2013.02.28 07:30:52 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll
[2013.02.28 07:30:52 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.02.28 07:30:52 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.02.28 07:30:52 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.02.28 07:30:52 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.02.28 07:30:52 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.02.28 06:04:03 | 000,009,310 | ---- | M] () -- C:\Users\User\AppData\Roaming\PStrip.bko
[2013.02.27 18:27:49 | 000,009,310 | ---- | M] () -- C:\Users\User\AppData\Roaming\PStrip.bk!
[2013.02.27 09:06:42 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.02.27 09:06:42 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.02.22 08:56:35 | 000,000,132 | ---- | M] () -- C:\Users\User\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
[2013.02.21 13:08:18 | 000,001,456 | ---- | M] () -- C:\Users\User\AppData\Local\Adobe Für Web speichern 13.0 Prefs
[2013.02.20 11:03:39 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.20 11:03:39 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.20 11:03:39 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.20 11:03:39 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.20 11:03:39 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.17 11:17:28 | 005,645,824 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.13 09:19:00 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013.02.04 09:50:46 | 000,001,462 | ---- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerStrip.lnk
[2013.02.04 09:48:05 | 000,000,061 | ---- | M] () -- C:\Windows\wininit.ini
 
========== Files Created - No Company Name ==========
 
[2013.02.28 07:57:58 | 000,594,019 | ---- | C] () -- C:\Users\User\Desktop\adwcleaner.exe
[2013.02.22 13:54:51 | 000,002,503 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
[2013.02.22 13:53:58 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2013.02.08 08:22:23 | 000,009,310 | ---- | C] () -- C:\Users\User\AppData\Roaming\PStrip.bko
[2013.02.05 06:21:34 | 000,009,310 | ---- | C] () -- C:\Users\User\AppData\Roaming\PStrip.bk!
[2013.02.05 06:21:30 | 000,009,310 | ---- | C] () -- C:\Users\User\AppData\Roaming\PStrip.bak
[2013.02.04 09:50:17 | 000,001,462 | ---- | C] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerStrip.lnk
[2013.02.04 09:50:15 | 000,009,310 | ---- | C] () -- C:\Users\User\AppData\Roaming\PStrip.ini
[2013.02.04 09:48:05 | 000,000,061 | ---- | C] () -- C:\Windows\wininit.ini
[2013.02.04 09:47:48 | 000,013,008 | ---- | C] () -- C:\Windows\SysNative\drivers\pstrip64.sys
[2013.02.01 15:01:45 | 000,001,456 | ---- | C] () -- C:\Users\User\AppData\Local\Adobe Für Web speichern 13.0 Prefs
[2013.01.30 12:27:10 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\ROC_JAN2013_TB_rmv.job
[2012.12.17 11:37:17 | 000,000,132 | ---- | C] () -- C:\Users\User\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
[2012.12.13 10:30:13 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.12.13 00:17:55 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2012.06.11 17:50:16 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.06.11 17:50:16 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.05.02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 924 bytes -> C:\Users\User\AppData\Local\zfDI8hNP:9jzsu3MeVO8lP629eoZidm
@Alternate Data Stream - 893 bytes -> C:\Users\User\AppData\Local\Fl47LNO6B03h:d5ncCKnuEqBWo3ERSZIZSZman

< End of report >
         

Extras.txt:
Code:
ATTFilter
OTL Extras logfile created on: 28.02.2013 12:08:34 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\User\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,19 Gb Available Physical Memory | 77,40% Memory free
15,99 Gb Paging File | 13,99 Gb Available in Paging File | 87,47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 704,32 Gb Free Space | 75,62% Space Free | Partition Type: NTFS
Drive J: | 931,48 Gb Total Space | 709,84 Gb Free Space | 76,21% Space Free | Partition Type: NTFS
 
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3616812966-1746947061-3455423072-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{27F0321B-4DA1-4D7B-A99D-6B5DF0C84C11}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | 
"{2F7C0876-419A-4EED-839F-F67D23D2BDB1}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | 
"{41E05429-6983-4F3A-9D65-7AEA9CE34B68}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | 
"{63C1E460-CAF8-4AB8-ADEB-613E32ADFBA6}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | 
"{67843C42-447D-4F87-B3FB-00ED79C0AC20}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | 
"{88AC10B3-85D4-4786-BB28-85FA37DDFFE3}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | 
"{C448708D-6149-41EC-9FD7-E75B814B1FB5}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | 
"{CD55089B-8238-464E-ACE8-AF9E863711F0}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | 
"TCP Query User{AB6DFA9E-A2F7-4C29-B376-3777AA41330F}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"UDP Query User{50BA3392-D54F-40B0-97E0-EEBD840C74BB}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{22A51951-1F45-4C8A-B888-306527F9C45F}" = WD SmartWare
"{3145731D-C578-70ED-899F-7A670D2A6662}" = AMD Fuel
"{4975DE61-6BF6-B9BC-1FDE-C04C5EC78E4C}" = AMD Media Foundation Decoders
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5E03A267-415E-5383-FA8F-3CE4145663B9}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{82EE86D9-60B9-1025-9960-97E9B7C7B4B4}" = AMD Drag and Drop Transcoding
"{89EE4A30-080F-2C95-6F78-C98D18FBD74D}" = AMD Accelerated Video Transcoding
"{9CF11D16-ECEB-90A5-A028-CA9E068D848B}" = ccc-utility64
"{9F0D08A0-5623-4EF6-A513-40048E20C4E0}" = AVG 2013
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{D9B7744C-1C39-49B8-86B3-F930631B4FE2}" = AVG 2013
"{DEACDFFA-D424-416F-B849-FA282F55B2CE}" = Cortona3D Viewer
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2013
"EPSON BX305 Plus Series" = EPSON BX305 Plus Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{017F8447-2A1D-0DDB-B5D7-CA2BFACE2886}" = CCC Help French
"{054E9A1C-3EA2-C657-E787-FD8DCF5C3D3B}" = CCC Help Czech
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR
"{1DE2BD51-0300-772D-5E18-F337D95D5687}" = CCC Help German
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{224E8FEB-5C1F-077F-6FC5-602AC1AE644D}" = CCC Help Danish
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{275E9C49-C72F-D754-DEB7-77F10A9C00D8}" = CCC Help Japanese
"{30049739-BE95-6591-B504-E6D7057D49CC}" = CCC Help Spanish
"{3F1EB155-F96E-EB7B-2EF2-7375490E0FA9}" = CCC Help English
"{402F6F2E-5683-491C-977D-0CA599A07CAF}" = Adobe CS6 Design and Web Premium
"{483A865C-A74A-12BF-1276-D0111A488F50}" = Adobe® Content Viewer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B023D7B-9E67-795D-FB31-B5E1F6DCA451}" = CCC Help Italian
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{55F6C486-8C75-2A72-DAFE-CE78A624C9F7}" = CCC Help Russian
"{5AF23993-7152-1620-E43F-1B4542FB4F84}" = CCC Help Thai
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63326924-3CAF-C858-3A8F-8598C87019D7}" = AMD VISION Engine Control Center
"{63822E89-11AA-F8EC-D433-F72A85799EC0}" = CCC Help Greek
"{66361420-4905-AEB8-17AE-172FDD164A7E}" = CCC Help Polish
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72E40002-8CEC-47C1-A099-83AC8E173BF0}" = WD Drive Utilities
"{769F2A4B-84A3-9486-ADD2-9E5AB4B4E1E3}" = Catalyst Control Center InstallProxy
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{83270912-15C7-4336-822E-E8F1B1BBCA60}" = WD Security
"{8773DD1C-5FB2-95B5-5A93-0EFEAC900A4D}" = CCC Help Norwegian
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{893B3B44-0A1E-404B-8FE8-0A74509102A9}" = Adobe Creative Cloud Connection
"{8CCBB0BF-9CC1-1A65-BB93-56012A460EE6}" = CCC Help Portuguese
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0A3CE05-96CB-52E9-434E-074F3BB7807E}" = CCC Help Turkish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9C64319-932F-D02B-B14C-FFFC3EC49E77}" = CCC Help Chinese Standard
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.01) - Deutsch
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C09DB932-7619-7B56-30E3-C0454811D6D7}" = CCC Help Korean
"{C22A4697-BD77-ACB1-744F-1FD0A0BFF798}" = CCC Help Swedish
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{D4B457B2-260F-C561-CA87-703BD3B724CA}" = Catalyst Control Center Graphics Previews Common
"{D6CDB506-297D-AE70-0EF6-DE5185F961BE}" = CCC Help Chinese Traditional
"{DA239F09-06CE-4A54-9C03-C8F743E6BC4C}" = TEC-IT Barcode Studio 14.0
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{ECFD508E-68A2-91B2-46DD-1D03D783D94B}" = Catalyst Control Center Localization All
"{EDE361D5-35A5-DA7D-3462-C3DABD24029B}" = CCC Help Hungarian
"{EFBE6DD5-B224-96E5-72B9-68D328CB12A6}" = Adobe Widget Browser
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E7DD6A-AE2D-D706-BEB3-937F76CA6AE9}" = CCC Help Finnish
"{F56F54DD-BCB2-1221-2CB7-E983A5CF9D15}" = CCC Help Dutch
"1&1 SmartFax" = 1&1 SmartFax
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"com.adobe.dmp.contentviewer" = Adobe® Content Viewer
"com.adobe.WidgetBrowser" = Adobe Widget Browser
"EasyCash&Tax_is1" = EasyCash&Tax 1.58
"ECTPlugAnlagenverzeichnis_is1" = ECTPlugAnlagenverzeichnis 1.5
"Elster-Export Plugin für EasyCash&Tax_is1" = Elster-Export 1.13
"EPSON Scanner" = EPSON Scan
"FileZilla Client" = FileZilla Client 3.6.0.2
"Google Chrome" = Google Chrome
"Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de)
"Mozilla Thunderbird 17.0.3 (x86 de)" = Mozilla Thunderbird 17.0.3 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PowerStrip 3 (remove only)" = PowerStrip 3 (remove only)
"WonderWebWare CSS Menu Generator_is1" = WonderWebWare CSS Menu Generator 4.1
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 28.02.2013 05:29:45 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: setup.exe_unknown, Version: 0.0.0.0,
 Zeitstempel: 0x3847c867  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b8f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0002e3be  ID des fehlerhaften
 Prozesses: 0x73c  Startzeit der fehlerhaften Anwendung: 0x01ce159624144a09  Pfad der
 fehlerhaften Anwendung: C:\Users\User\AppData\Local\Temp\IXP000.TMP\setup.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: 62b86405-8189-11e2-90b2-902b349d699f
 
[ System Events ]
Error - 28.02.2013 06:08:10 | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "sppsvc" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
 
< End of report >
         
Achja, Delta Search ist jetzt weg!
__________________

Alt 28.02.2013, 13:21   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Delta Search - Standard

Delta Search



Da fehlt aber ein Log
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 28.02.2013, 14:47   #5
Lonovis
 
Delta Search - Standard

Delta Search



sorry, muss alles neben der Arbeit gehn.

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.6 (02.27.2013:1)
OS: Windows 7 Home Premium x64
Ran by User on 28.02.2013 at 10:04:16,05
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\User\AppData\Roaming\babylon"



~~~ FireFox

Successfully deleted: [File] C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\idyrcqcy.default\user.js
Successfully deleted: [File] C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\idyrcqcy.default\searchplugins\delta.xml
Successfully deleted the following from C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\idyrcqcy.default\prefs.js

user_pref("avg.install.userHPSettings", "hxxp://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=ec8393f4000000000000902b349d699f");
user_pref("avg.install.userSPSettings", "Delta Search");
user_pref("browser.newtabpage.blocked", "{\"LxgkjKnitUDzcmKwDvyBVA==\":1,\"J/NlMxjRcBTW5KKg48+nZw==\":1,\"y9NWm9nOQ8rOooASv8fTzw==\":1,\"B4RvgN2vG+dDzLHeSHyA2g==\":1,\"VLTGzXw
user_pref("browser.search.selectedEngine", "Delta Search");
user_pref("browser.startup.homepage", "hxxp://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=ec8393f4000000000000902b349d699f");
user_pref("extensions.BabylonToolbar_i.newTab", true);
user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.delta-search.com/?affID=119816&babsrc=NT_ss&mntrId=ec8393f4000000000000902b349d699f");
user_pref("extensions.delta.admin", false);
user_pref("extensions.delta.aflt", "babsst");
user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
user_pref("extensions.delta.autoRvrt", "false");
user_pref("extensions.delta.dfltLng", "en");
user_pref("extensions.delta.excTlbr", false);
user_pref("extensions.delta.id", "ec8393f4000000000000902b349d699f");
user_pref("extensions.delta.instlDay", "15763");
user_pref("extensions.delta.instlRef", "sst");
user_pref("extensions.delta.newTab", false);
user_pref("extensions.delta.prdct", "delta");
user_pref("extensions.delta.prtnrId", "delta");
user_pref("extensions.delta.rvrt", "false");
user_pref("extensions.delta.smplGrp", "none");
user_pref("extensions.delta.tlbrId", "base");
user_pref("extensions.delta.tlbrSrchUrl", "");
user_pref("extensions.delta.vrsn", "1.8.10.0");
user_pref("extensions.delta.vrsnTs", "1.8.10.012:32:43");
user_pref("extensions.delta.vrsni", "1.8.10.0");
Emptied folder: C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\idyrcqcy.default\minidumps [65 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28.02.2013 at 10:08:17,83
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         


Alt 28.02.2013, 15:36   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Delta Search - Standard

Delta Search



Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:OTL
@Alternate Data Stream - 924 bytes -> C:\Users\User\AppData\Local\zfDI8hNP:9jzsu3MeVO8lP629eoZidm
@Alternate Data Stream - 893 bytes -> C:\Users\User\AppData\Local\Fl47LNO6B03h:d5ncCKnuEqBWo3ERSZIZSZman
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread
__________________
--> Delta Search

Alt 28.02.2013, 15:49   #7
Lonovis
 
Delta Search - Standard

Delta Search



Hi,

Code:
ATTFilter
All processes killed
========== OTL ==========
ADS C:\Users\User\AppData\Local\zfDI8hNP:9jzsu3MeVO8lP629eoZidm deleted successfully.
ADS C:\Users\User\AppData\Local\Fl47LNO6B03h:d5ncCKnuEqBWo3ERSZIZSZman deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\User\Desktop\cmd.bat deleted successfully.
C:\Users\User\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: User
->Temp folder emptied: 59699843 bytes
->Temporary Internet Files folder emptied: 33364 bytes
->Java cache emptied: 3133371 bytes
->FireFox cache emptied: 58005669 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 3407 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 84 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 6063167 bytes
 
Total Files Cleaned = 121,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 02282013_154220

Files\Folders moved on Reboot...
C:\Users\User\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\User\AppData\Local\Temp\PDApp.log moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         

Alt 28.02.2013, 15:53   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Delta Search - Standard

Delta Search



edit (hab mich verklickt )

Bitte nun Logs mit GMER (<<< klick für Anleitung) und MBAR (Anleitung etwas weiter unten) erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur MBAR aus.

Anleitung MBAR:

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 28.02.2013, 16:17   #9
Lonovis
 
Delta Search - Standard

Delta Search



GMER;

Code:
ATTFilter
GMER 2.1.19115 - hxxp://www.gmer.net
Rootkit scan 2013-02-28 16:16:00
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000005c Hitachi_ rev.MS2O 931,51GB
Running: gmer_2.1.19115.exe; Driver: C:\Users\User\AppData\Local\Temp\kxldapob.sys


---- User code sections - GMER 2.1 ----

.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1520] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000075231465 2 bytes [23, 75]
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1520] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000752314bb 2 bytes [23, 75]
.text  ...                                                                                                                            * 2
.text  C:\Program Files (x86)\AVG\AVG2013\avgui.exe[3036] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                     0000000075231465 2 bytes [23, 75]
.text  C:\Program Files (x86)\AVG\AVG2013\avgui.exe[3036] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                    00000000752314bb 2 bytes [23, 75]
.text  ...                                                                                                                            * 2
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69      0000000075231465 2 bytes [23, 75]
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155     00000000752314bb 2 bytes [23, 75]
.text  ...                                                                                                                            * 2

---- EOF - GMER 2.1 ----
         
MBAR kommt gleich!

So hier ist er:

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1020
www.malwarebytes.org

Database version: v2013.02.28.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
User :: USER-PC [administrator]

28.02.2013 16:23:24
mbar-log-2013-02-28 (16-23-24).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 29081
Time elapsed: 4 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         
Scheint ja alles in Ordung zu sein?!

Alt 01.03.2013, 09:23   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Delta Search - Standard

Delta Search



aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).




TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 01.03.2013, 10:32   #11
Lonovis
 
Delta Search - Standard

Delta Search



Hi,

aswMBR:
Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-01 10:09:50
-----------------------------
10:09:50.123    OS Version: Windows x64 6.1.7601 Service Pack 1
10:09:50.123    Number of processors: 4 586 0x403
10:09:50.123    ComputerName: USER-PC  UserName: User
10:09:51.122    Initialize success
10:11:51.618    AVAST engine defs: 13022801
10:11:55.144    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005c
10:11:55.159    Disk 0 Vendor: Hitachi_ MS2O Size: 953869MB BusType: 11
10:11:55.206    Disk 0 MBR read successfully
10:11:55.206    Disk 0 MBR scan
10:11:55.222    Disk 0 Windows 7 default MBR code
10:11:55.222    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
10:11:55.237    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       953767 MB offset 206848
10:11:55.253    Disk 0 scanning C:\Windows\system32\drivers
10:12:02.226    Service scanning
10:12:18.481    Modules scanning
10:12:18.497    Disk 0 trace - called modules:
10:12:18.513    ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys ACPI.sys storport.sys hal.dll amdsata.sys 
10:12:18.528    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007a9b060]
10:12:18.544    3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa8006b45b80]
10:12:18.544    5 amdxata.sys[fffff880010a47a8] -> nt!IofCallDriver -> [0xfffffa8006af7740]
10:12:18.559    7 ACPI.sys[fffff88000fa97a1] -> nt!IofCallDriver -> \Device\0000005c[0xfffffa8006af7060]
10:12:19.651    AVAST engine scan C:\Windows
10:12:21.508    AVAST engine scan C:\Windows\system32
10:14:47.867    AVAST engine scan C:\Windows\system32\drivers
10:14:54.872    AVAST engine scan C:\Users\User
10:19:12.818    AVAST engine scan C:\ProgramData
10:20:36.434    Scan finished successfully
10:24:13.041    Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
10:24:13.041    The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR.txt"
         
TDSSKiller
Code:
ATTFilter
10:28:25.0937 2412  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
10:28:26.0171 2412  ============================================================
10:28:26.0171 2412  Current date / time: 2013/03/01 10:28:26.0171
10:28:26.0171 2412  SystemInfo:
10:28:26.0171 2412  
10:28:26.0171 2412  OS Version: 6.1.7601 ServicePack: 1.0
10:28:26.0171 2412  Product type: Workstation
10:28:26.0171 2412  ComputerName: USER-PC
10:28:26.0171 2412  UserName: User
10:28:26.0171 2412  Windows directory: C:\Windows
10:28:26.0171 2412  System windows directory: C:\Windows
10:28:26.0171 2412  Running under WOW64
10:28:26.0171 2412  Processor architecture: Intel x64
10:28:26.0171 2412  Number of processors: 4
10:28:26.0171 2412  Page size: 0x1000
10:28:26.0171 2412  Boot type: Normal boot
10:28:26.0171 2412  ============================================================
10:28:27.0091 2412  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:28:27.0091 2412  Drive \Device\Harddisk1\DR1 - Size: 0xE8DED00000 (931.48 Gb), SectorSize: 0x200, Cylinders: 0x1DAFD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:28:27.0107 2412  ============================================================
10:28:27.0107 2412  \Device\Harddisk0\DR0:
10:28:27.0107 2412  MBR partitions:
10:28:27.0107 2412  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
10:28:27.0107 2412  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
10:28:27.0107 2412  \Device\Harddisk1\DR1:
10:28:27.0107 2412  MBR partitions:
10:28:27.0107 2412  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x746F6000
10:28:27.0107 2412  ============================================================
10:28:27.0123 2412  C: <-> \Device\Harddisk0\DR0\Partition2
10:28:27.0435 2412  J: <-> \Device\Harddisk1\DR1\Partition1
10:28:27.0435 2412  ============================================================
10:28:27.0435 2412  Initialize success
10:28:27.0435 2412  ============================================================
10:28:36.0483 4500  ============================================================
10:28:36.0483 4500  Scan started
10:28:36.0483 4500  Mode: Manual; SigCheck; TDLFS; 
10:28:36.0483 4500  ============================================================
10:28:37.0263 4500  ================ Scan system memory ========================
10:28:37.0263 4500  System memory - ok
10:28:37.0263 4500  ================ Scan services =============================
10:28:37.0356 4500  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
10:28:37.0450 4500  1394ohci - ok
10:28:37.0465 4500  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
10:28:37.0465 4500  ACPI - ok
10:28:37.0481 4500  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
10:28:37.0481 4500  AcpiPmi - ok
10:28:37.0590 4500  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:28:37.0621 4500  AdobeARMservice - ok
10:28:37.0684 4500  [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:28:37.0731 4500  AdobeFlashPlayerUpdateSvc - ok
10:28:37.0746 4500  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
10:28:37.0762 4500  adp94xx - ok
10:28:37.0777 4500  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
10:28:37.0793 4500  adpahci - ok
10:28:37.0809 4500  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
10:28:37.0809 4500  adpu320 - ok
10:28:37.0840 4500  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
10:28:37.0855 4500  AeLookupSvc - ok
10:28:37.0887 4500  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
10:28:37.0902 4500  AFD - ok
10:28:37.0918 4500  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
10:28:37.0933 4500  agp440 - ok
10:28:37.0933 4500  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
10:28:37.0949 4500  ALG - ok
10:28:37.0965 4500  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
10:28:37.0980 4500  aliide - ok
10:28:38.0027 4500  [ 4EAAAAB8759644D572522FBCDD196A13 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
10:28:38.0074 4500  AMD External Events Utility - ok
10:28:38.0152 4500  AMD FUEL Service - ok
10:28:38.0167 4500  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
10:28:38.0183 4500  amdide - ok
10:28:38.0230 4500  [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64        C:\Windows\system32\DRIVERS\amdiox64.sys
10:28:38.0277 4500  amdiox64 - ok
10:28:38.0292 4500  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
10:28:38.0308 4500  AmdK8 - ok
10:28:38.0464 4500  [ 22A14DF59FB8D0BE918C597988AF4296 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
10:28:38.0542 4500  amdkmdag - ok
10:28:38.0604 4500  [ EE22D3ED6D55A855E709F811CCCA97ED ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
10:28:38.0635 4500  amdkmdap - ok
10:28:38.0651 4500  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
10:28:38.0667 4500  AmdPPM - ok
10:28:38.0682 4500  [ 53D8D46D51D390ABDB54ECA623165CB7 ] amdsata         C:\Windows\system32\DRIVERS\amdsata.sys
10:28:38.0682 4500  amdsata - ok
10:28:38.0713 4500  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
10:28:38.0729 4500  amdsbs - ok
10:28:38.0729 4500  [ 75C51148154E34EB3D7BB84749A758D5 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
10:28:38.0745 4500  amdxata - ok
10:28:38.0791 4500  [ 5A528A540B1AEE8B1C77ED65094E8CDF ] AODDriver4.2    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
10:28:38.0823 4500  AODDriver4.2 - ok
10:28:38.0854 4500  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
10:28:38.0901 4500  AppID - ok
10:28:38.0916 4500  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
10:28:38.0932 4500  AppIDSvc - ok
10:28:38.0947 4500  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
10:28:38.0963 4500  Appinfo - ok
10:28:38.0979 4500  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
10:28:38.0994 4500  arc - ok
10:28:38.0994 4500  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
10:28:39.0010 4500  arcsas - ok
10:28:39.0025 4500  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
10:28:39.0057 4500  AsyncMac - ok
10:28:39.0072 4500  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
10:28:39.0088 4500  atapi - ok
10:28:39.0135 4500  [ 437F55435623D4D54D36197F5AD8B435 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
10:28:39.0150 4500  AtiHDAudioService - ok
10:28:39.0181 4500  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:28:39.0228 4500  AudioEndpointBuilder - ok
10:28:39.0244 4500  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
10:28:39.0259 4500  AudioSrv - ok
10:28:39.0447 4500  [ 4AFC14AFA58878FAA1D249E7E90EA54B ] AVGIDSAgent     C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
10:28:39.0509 4500  AVGIDSAgent - ok
10:28:39.0556 4500  [ 388056EBD5FE6718FE669078DBE37897 ] AVGIDSDriver    C:\Windows\system32\DRIVERS\avgidsdrivera.sys
10:28:39.0587 4500  AVGIDSDriver - ok
10:28:39.0603 4500  [ 550E981747D6A6C55078C77346FFC2C6 ] AVGIDSHA        C:\Windows\system32\DRIVERS\avgidsha.sys
10:28:39.0618 4500  AVGIDSHA - ok
10:28:39.0634 4500  [ 5989592A91A17587799792A81E1541D4 ] Avgldx64        C:\Windows\system32\DRIVERS\avgldx64.sys
10:28:39.0649 4500  Avgldx64 - ok
10:28:39.0665 4500  [ 3FC43AA02545FCDDC22817829114DEC8 ] Avgloga         C:\Windows\system32\DRIVERS\avgloga.sys
10:28:39.0681 4500  Avgloga - ok
10:28:39.0712 4500  [ 841C40C193889730848849AC220D9242 ] Avgmfx64        C:\Windows\system32\DRIVERS\avgmfx64.sys
10:28:39.0727 4500  Avgmfx64 - ok
10:28:39.0759 4500  [ FE4F444DBE4BBBDFD8FECF49398DEFC7 ] Avgrkx64        C:\Windows\system32\DRIVERS\avgrkx64.sys
10:28:39.0774 4500  Avgrkx64 - ok
10:28:39.0790 4500  [ 6E634525613D48A1D1657FB21F21F3B2 ] Avgtdia         C:\Windows\system32\DRIVERS\avgtdia.sys
10:28:39.0790 4500  Avgtdia - ok
10:28:39.0837 4500  [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd           C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
10:28:39.0868 4500  avgwd - ok
10:28:39.0899 4500  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
10:28:39.0930 4500  AxInstSV - ok
10:28:39.0961 4500  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
10:28:39.0977 4500  b06bdrv - ok
10:28:40.0008 4500  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
10:28:40.0008 4500  b57nd60a - ok
10:28:40.0039 4500  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
10:28:40.0055 4500  BDESVC - ok
10:28:40.0055 4500  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
10:28:40.0086 4500  Beep - ok
10:28:40.0117 4500  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
10:28:40.0133 4500  BFE - ok
10:28:40.0164 4500  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
10:28:40.0180 4500  BITS - ok
10:28:40.0195 4500  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
10:28:40.0195 4500  blbdrive - ok
10:28:40.0227 4500  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
10:28:40.0227 4500  bowser - ok
10:28:40.0258 4500  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
10:28:40.0273 4500  BrFiltLo - ok
10:28:40.0273 4500  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
10:28:40.0289 4500  BrFiltUp - ok
10:28:40.0305 4500  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
10:28:40.0351 4500  Browser - ok
10:28:40.0351 4500  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
10:28:40.0367 4500  Brserid - ok
10:28:40.0367 4500  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
10:28:40.0383 4500  BrSerWdm - ok
10:28:40.0383 4500  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
10:28:40.0398 4500  BrUsbMdm - ok
10:28:40.0398 4500  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
10:28:40.0398 4500  BrUsbSer - ok
10:28:40.0398 4500  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
10:28:40.0414 4500  BTHMODEM - ok
10:28:40.0445 4500  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
10:28:40.0461 4500  bthserv - ok
10:28:40.0492 4500  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
10:28:40.0507 4500  cdfs - ok
10:28:40.0539 4500  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
10:28:40.0570 4500  cdrom - ok
10:28:40.0601 4500  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
10:28:40.0663 4500  CertPropSvc - ok
10:28:40.0695 4500  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
10:28:40.0695 4500  circlass - ok
10:28:40.0710 4500  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
10:28:40.0726 4500  CLFS - ok
10:28:40.0773 4500  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:28:40.0804 4500  clr_optimization_v2.0.50727_32 - ok
10:28:40.0835 4500  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:28:40.0851 4500  clr_optimization_v2.0.50727_64 - ok
10:28:40.0897 4500  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:28:40.0929 4500  clr_optimization_v4.0.30319_32 - ok
10:28:40.0944 4500  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:28:40.0960 4500  clr_optimization_v4.0.30319_64 - ok
10:28:40.0975 4500  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
10:28:40.0991 4500  CmBatt - ok
10:28:41.0007 4500  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
10:28:41.0022 4500  cmdide - ok
10:28:41.0053 4500  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
10:28:41.0069 4500  CNG - ok
10:28:41.0085 4500  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
10:28:41.0100 4500  Compbatt - ok
10:28:41.0116 4500  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
10:28:41.0163 4500  CompositeBus - ok
10:28:41.0163 4500  COMSysApp - ok
10:28:41.0178 4500  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
10:28:41.0194 4500  crcdisk - ok
10:28:41.0209 4500  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
10:28:41.0225 4500  CryptSvc - ok
10:28:41.0256 4500  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
10:28:41.0287 4500  DcomLaunch - ok
10:28:41.0303 4500  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
10:28:41.0334 4500  defragsvc - ok
10:28:41.0350 4500  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
10:28:41.0365 4500  DfsC - ok
10:28:41.0381 4500  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
10:28:41.0397 4500  Dhcp - ok
10:28:41.0412 4500  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
10:28:41.0428 4500  discache - ok
10:28:41.0443 4500  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
10:28:41.0459 4500  Disk - ok
10:28:41.0475 4500  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
10:28:41.0490 4500  Dnscache - ok
10:28:41.0506 4500  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
10:28:41.0537 4500  dot3svc - ok
10:28:41.0537 4500  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
10:28:41.0553 4500  DPS - ok
10:28:41.0584 4500  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
10:28:41.0584 4500  drmkaud - ok
10:28:41.0615 4500  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
10:28:41.0631 4500  DXGKrnl - ok
10:28:41.0646 4500  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
10:28:41.0677 4500  EapHost - ok
10:28:41.0724 4500  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
10:28:41.0740 4500  ebdrv - ok
10:28:41.0771 4500  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
10:28:41.0771 4500  EFS - ok
10:28:41.0833 4500  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
10:28:41.0849 4500  ehRecvr - ok
10:28:41.0880 4500  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
10:28:41.0896 4500  ehSched - ok
10:28:41.0958 4500  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
10:28:42.0005 4500  elxstor - ok
10:28:42.0005 4500  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
10:28:42.0021 4500  ErrDev - ok
10:28:42.0052 4500  [ DB6AEC32FAF5BD002D9ED6C38692D42B ] EtronHub3       C:\Windows\system32\Drivers\EtronHub3.sys
10:28:42.0067 4500  EtronHub3 - ok
10:28:42.0067 4500  [ 9CC2F24274741E12F9DF92125EA6D6D8 ] EtronXHCI       C:\Windows\system32\Drivers\EtronXHCI.sys
10:28:42.0083 4500  EtronXHCI - ok
10:28:42.0099 4500  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
10:28:42.0145 4500  EventSystem - ok
10:28:42.0161 4500  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
10:28:42.0177 4500  exfat - ok
10:28:42.0192 4500  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
10:28:42.0223 4500  fastfat - ok
10:28:42.0239 4500  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
10:28:42.0255 4500  Fax - ok
10:28:42.0270 4500  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
10:28:42.0270 4500  fdc - ok
10:28:42.0286 4500  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
10:28:42.0301 4500  fdPHost - ok
10:28:42.0317 4500  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
10:28:42.0348 4500  FDResPub - ok
10:28:42.0364 4500  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
10:28:42.0364 4500  FileInfo - ok
10:28:42.0379 4500  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
10:28:42.0395 4500  Filetrace - ok
10:28:42.0411 4500  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
10:28:42.0426 4500  flpydisk - ok
10:28:42.0442 4500  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
10:28:42.0442 4500  FltMgr - ok
10:28:42.0473 4500  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
10:28:42.0489 4500  FontCache - ok
10:28:42.0520 4500  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:28:42.0520 4500  FontCache3.0.0.0 - ok
10:28:42.0535 4500  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
10:28:42.0535 4500  FsDepends - ok
10:28:42.0567 4500  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
10:28:42.0567 4500  Fs_Rec - ok
10:28:42.0598 4500  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
10:28:42.0613 4500  fvevol - ok
10:28:42.0629 4500  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
10:28:42.0629 4500  gagp30kx - ok
10:28:42.0645 4500  gdrv - ok
10:28:42.0660 4500  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
10:28:42.0691 4500  gpsvc - ok
10:28:42.0723 4500  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:28:42.0754 4500  gupdate - ok
10:28:42.0754 4500  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:28:42.0769 4500  gupdatem - ok
10:28:42.0785 4500  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
10:28:42.0801 4500  hcw85cir - ok
10:28:42.0816 4500  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:28:42.0832 4500  HdAudAddService - ok
10:28:42.0863 4500  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
10:28:42.0879 4500  HDAudBus - ok
10:28:42.0879 4500  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
10:28:42.0894 4500  HidBatt - ok
10:28:42.0894 4500  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
10:28:42.0894 4500  HidBth - ok
10:28:42.0910 4500  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
10:28:42.0910 4500  HidIr - ok
10:28:42.0925 4500  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
10:28:42.0941 4500  hidserv - ok
10:28:42.0957 4500  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
10:28:42.0972 4500  HidUsb - ok
10:28:42.0988 4500  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
10:28:43.0003 4500  hkmsvc - ok
10:28:43.0035 4500  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:28:43.0035 4500  HomeGroupListener - ok
10:28:43.0050 4500  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:28:43.0066 4500  HomeGroupProvider - ok
10:28:43.0081 4500  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
10:28:43.0081 4500  HpSAMD - ok
10:28:43.0097 4500  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
10:28:43.0128 4500  HTTP - ok
10:28:43.0144 4500  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
10:28:43.0144 4500  hwpolicy - ok
10:28:43.0159 4500  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
10:28:43.0175 4500  i8042prt - ok
10:28:43.0191 4500  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
10:28:43.0191 4500  iaStorV - ok
10:28:43.0222 4500  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:28:43.0237 4500  idsvc - ok
10:28:43.0269 4500  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
10:28:43.0269 4500  iirsp - ok
10:28:43.0300 4500  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
10:28:43.0331 4500  IKEEXT - ok
10:28:43.0409 4500  [ F2744FD54BE1580BE05916D1C755C92A ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
10:28:43.0456 4500  IntcAzAudAddService - ok
10:28:43.0456 4500  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
10:28:43.0471 4500  intelide - ok
10:28:43.0487 4500  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
10:28:43.0503 4500  intelppm - ok
10:28:43.0518 4500  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
10:28:43.0534 4500  IPBusEnum - ok
10:28:43.0549 4500  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:28:43.0565 4500  IpFilterDriver - ok
10:28:43.0596 4500  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
10:28:43.0612 4500  iphlpsvc - ok
10:28:43.0612 4500  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
10:28:43.0612 4500  IPMIDRV - ok
10:28:43.0612 4500  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
10:28:43.0643 4500  IPNAT - ok
10:28:43.0659 4500  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
10:28:43.0674 4500  IRENUM - ok
10:28:43.0674 4500  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
10:28:43.0674 4500  isapnp - ok
10:28:43.0705 4500  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
10:28:43.0705 4500  iScsiPrt - ok
10:28:43.0721 4500  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
10:28:43.0737 4500  kbdclass - ok
10:28:43.0768 4500  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
10:28:43.0768 4500  kbdhid - ok
10:28:43.0783 4500  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
10:28:43.0783 4500  KeyIso - ok
10:28:43.0815 4500  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
10:28:43.0815 4500  KSecDD - ok
10:28:43.0830 4500  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
10:28:43.0846 4500  KSecPkg - ok
10:28:43.0846 4500  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
10:28:43.0877 4500  ksthunk - ok
10:28:43.0893 4500  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
10:28:43.0924 4500  KtmRm - ok
10:28:43.0939 4500  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
10:28:43.0955 4500  LanmanServer - ok
10:28:43.0971 4500  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:28:44.0002 4500  LanmanWorkstation - ok
10:28:44.0017 4500  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
10:28:44.0049 4500  lltdio - ok
10:28:44.0049 4500  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
10:28:44.0080 4500  lltdsvc - ok
10:28:44.0095 4500  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
10:28:44.0111 4500  lmhosts - ok
10:28:44.0127 4500  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
10:28:44.0142 4500  LSI_FC - ok
10:28:44.0158 4500  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
10:28:44.0173 4500  LSI_SAS - ok
10:28:44.0189 4500  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
10:28:44.0189 4500  LSI_SAS2 - ok
10:28:44.0205 4500  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
10:28:44.0220 4500  LSI_SCSI - ok
10:28:44.0220 4500  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
10:28:44.0251 4500  luafv - ok
10:28:44.0267 4500  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
10:28:44.0283 4500  Mcx2Svc - ok
10:28:44.0283 4500  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
10:28:44.0298 4500  megasas - ok
10:28:44.0314 4500  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
10:28:44.0314 4500  MegaSR - ok
10:28:44.0345 4500  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
10:28:44.0376 4500  MMCSS - ok
10:28:44.0376 4500  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
10:28:44.0407 4500  Modem - ok
10:28:44.0439 4500  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
10:28:44.0454 4500  monitor - ok
10:28:44.0454 4500  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
10:28:44.0470 4500  mouclass - ok
10:28:44.0485 4500  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
10:28:44.0501 4500  mouhid - ok
10:28:44.0517 4500  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
10:28:44.0532 4500  mountmgr - ok
10:28:44.0563 4500  [ 5C5E45DDABEFBC9F564F1D5C83258B8F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:28:44.0595 4500  MozillaMaintenance - ok
10:28:44.0626 4500  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
10:28:44.0626 4500  mpio - ok
10:28:44.0641 4500  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
10:28:44.0673 4500  mpsdrv - ok
10:28:44.0688 4500  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
10:28:44.0719 4500  MpsSvc - ok
10:28:44.0735 4500  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
10:28:44.0735 4500  MRxDAV - ok
10:28:44.0766 4500  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
10:28:44.0766 4500  mrxsmb - ok
10:28:44.0782 4500  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:28:44.0797 4500  mrxsmb10 - ok
10:28:44.0797 4500  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:28:44.0813 4500  mrxsmb20 - ok
10:28:44.0813 4500  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
10:28:44.0829 4500  msahci - ok
10:28:44.0844 4500  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
10:28:44.0844 4500  msdsm - ok
10:28:44.0860 4500  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
10:28:44.0875 4500  MSDTC - ok
10:28:44.0891 4500  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
10:28:44.0907 4500  Msfs - ok
10:28:44.0922 4500  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
10:28:44.0938 4500  mshidkmdf - ok
10:28:44.0938 4500  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
10:28:44.0953 4500  msisadrv - ok
10:28:44.0969 4500  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
10:28:45.0000 4500  MSiSCSI - ok
10:28:45.0000 4500  msiserver - ok
10:28:45.0031 4500  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
10:28:45.0047 4500  MSKSSRV - ok
10:28:45.0047 4500  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
10:28:45.0078 4500  MSPCLOCK - ok
10:28:45.0078 4500  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
10:28:45.0109 4500  MSPQM - ok
10:28:45.0125 4500  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
10:28:45.0125 4500  MsRPC - ok
10:28:45.0141 4500  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
10:28:45.0156 4500  mssmbios - ok
10:28:45.0156 4500  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
10:28:45.0187 4500  MSTEE - ok
10:28:45.0187 4500  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
10:28:45.0203 4500  MTConfig - ok
10:28:45.0219 4500  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
10:28:45.0219 4500  Mup - ok
10:28:45.0234 4500  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
10:28:45.0265 4500  napagent - ok
10:28:45.0281 4500  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
10:28:45.0297 4500  NativeWifiP - ok
10:28:45.0328 4500  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
10:28:45.0343 4500  NDIS - ok
10:28:45.0359 4500  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
10:28:45.0375 4500  NdisCap - ok
10:28:45.0406 4500  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
10:28:45.0421 4500  NdisTapi - ok
10:28:45.0437 4500  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
10:28:45.0453 4500  Ndisuio - ok
10:28:45.0468 4500  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
10:28:45.0484 4500  NdisWan - ok
10:28:45.0484 4500  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
10:28:45.0515 4500  NDProxy - ok
10:28:45.0531 4500  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
10:28:45.0546 4500  NetBIOS - ok
10:28:45.0562 4500  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
10:28:45.0593 4500  NetBT - ok
10:28:45.0593 4500  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
10:28:45.0609 4500  Netlogon - ok
10:28:45.0655 4500  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
10:28:45.0702 4500  Netman - ok
10:28:45.0718 4500  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
10:28:45.0749 4500  netprofm - ok
10:28:45.0765 4500  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:28:45.0780 4500  NetTcpPortSharing - ok
10:28:45.0780 4500  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
10:28:45.0796 4500  nfrd960 - ok
10:28:45.0811 4500  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
10:28:45.0827 4500  NlaSvc - ok
10:28:45.0827 4500  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
10:28:45.0858 4500  Npfs - ok
10:28:45.0858 4500  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
10:28:45.0889 4500  nsi - ok
10:28:45.0905 4500  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
10:28:45.0936 4500  nsiproxy - ok
10:28:45.0967 4500  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
10:28:45.0983 4500  Ntfs - ok
10:28:45.0999 4500  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
10:28:46.0014 4500  Null - ok
10:28:46.0045 4500  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
10:28:46.0045 4500  nvraid - ok
10:28:46.0061 4500  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
10:28:46.0077 4500  nvstor - ok
10:28:46.0092 4500  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
10:28:46.0108 4500  nv_agp - ok
10:28:46.0108 4500  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
10:28:46.0108 4500  ohci1394 - ok
10:28:46.0139 4500  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
10:28:46.0139 4500  p2pimsvc - ok
10:28:46.0155 4500  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
10:28:46.0170 4500  p2psvc - ok
10:28:46.0186 4500  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
10:28:46.0186 4500  Parport - ok
10:28:46.0201 4500  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
10:28:46.0217 4500  partmgr - ok
10:28:46.0217 4500  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
10:28:46.0233 4500  PcaSvc - ok
10:28:46.0248 4500  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
10:28:46.0248 4500  pci - ok
10:28:46.0264 4500  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
10:28:46.0279 4500  pciide - ok
10:28:46.0279 4500  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
10:28:46.0295 4500  pcmcia - ok
10:28:46.0311 4500  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
10:28:46.0311 4500  pcw - ok
10:28:46.0342 4500  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
10:28:46.0357 4500  PEAUTH - ok
10:28:46.0404 4500  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
10:28:46.0435 4500  PerfHost - ok
10:28:46.0467 4500  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
10:28:46.0498 4500  pla - ok
10:28:46.0545 4500  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
10:28:46.0545 4500  PlugPlay - ok
10:28:46.0560 4500  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
10:28:46.0576 4500  PNRPAutoReg - ok
10:28:46.0591 4500  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
10:28:46.0591 4500  PNRPsvc - ok
10:28:46.0623 4500  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
10:28:46.0638 4500  PolicyAgent - ok
10:28:46.0669 4500  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
10:28:46.0685 4500  Power - ok
10:28:46.0716 4500  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
10:28:46.0779 4500  PptpMiniport - ok
10:28:46.0779 4500  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
10:28:46.0794 4500  Processor - ok
10:28:46.0825 4500  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
10:28:46.0841 4500  ProfSvc - ok
10:28:46.0857 4500  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:28:46.0857 4500  ProtectedStorage - ok
10:28:46.0872 4500  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
10:28:46.0888 4500  Psched - ok
10:28:46.0950 4500  [ 23EED24B0A780863DF35B500C4EA0733 ] PStrip64        C:\Windows\system32\drivers\pstrip64.sys
10:28:46.0981 4500  PStrip64 - ok
10:28:46.0997 4500  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
10:28:47.0028 4500  ql2300 - ok
10:28:47.0059 4500  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
10:28:47.0075 4500  ql40xx - ok
10:28:47.0091 4500  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
10:28:47.0106 4500  QWAVE - ok
10:28:47.0106 4500  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
10:28:47.0122 4500  QWAVEdrv - ok
10:28:47.0137 4500  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
10:28:47.0153 4500  RasAcd - ok
10:28:47.0184 4500  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
10:28:47.0215 4500  RasAgileVpn - ok
10:28:47.0215 4500  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
10:28:47.0247 4500  RasAuto - ok
10:28:47.0247 4500  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
10:28:47.0278 4500  Rasl2tp - ok
10:28:47.0293 4500  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
10:28:47.0325 4500  RasMan - ok
10:28:47.0325 4500  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
10:28:47.0356 4500  RasPppoe - ok
10:28:47.0356 4500  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
10:28:47.0387 4500  RasSstp - ok
10:28:47.0403 4500  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
10:28:47.0418 4500  rdbss - ok
10:28:47.0434 4500  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
10:28:47.0434 4500  rdpbus - ok
10:28:47.0449 4500  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
10:28:47.0465 4500  RDPCDD - ok
10:28:47.0496 4500  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
10:28:47.0512 4500  RDPENCDD - ok
10:28:47.0527 4500  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
10:28:47.0543 4500  RDPREFMP - ok
10:28:47.0559 4500  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
10:28:47.0574 4500  RdpVideoMiniport - ok
10:28:47.0590 4500  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
10:28:47.0605 4500  RDPWD - ok
10:28:47.0637 4500  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
10:28:47.0668 4500  rdyboost - ok
10:28:47.0683 4500  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
10:28:47.0715 4500  RemoteAccess - ok
10:28:47.0730 4500  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
10:28:47.0746 4500  RemoteRegistry - ok
10:28:47.0761 4500  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
10:28:47.0777 4500  RpcEptMapper - ok
10:28:47.0793 4500  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
10:28:47.0793 4500  RpcLocator - ok
10:28:47.0808 4500  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
10:28:47.0839 4500  RpcSs - ok
10:28:47.0855 4500  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
10:28:47.0871 4500  rspndr - ok
10:28:47.0886 4500  [ 2E7D1CA91D62501713C9D6E6704395C6 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
10:28:47.0902 4500  RTHDMIAzAudService - ok
10:28:47.0933 4500  [ 9140DB0911DE035FED0A9A77A2D156EA ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
10:28:47.0949 4500  RTL8167 - ok
10:28:47.0964 4500  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
10:28:47.0964 4500  SamSs - ok
10:28:47.0980 4500  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
10:28:47.0980 4500  sbp2port - ok
10:28:47.0995 4500  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
10:28:48.0027 4500  SCardSvr - ok
10:28:48.0027 4500  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
10:28:48.0058 4500  scfilter - ok
10:28:48.0073 4500  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
10:28:48.0105 4500  Schedule - ok
10:28:48.0120 4500  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
10:28:48.0136 4500  SCPolicySvc - ok
10:28:48.0151 4500  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
10:28:48.0167 4500  SDRSVC - ok
10:28:48.0198 4500  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
10:28:48.0229 4500  secdrv - ok
10:28:48.0229 4500  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
10:28:48.0245 4500  seclogon - ok
10:28:48.0261 4500  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
10:28:48.0276 4500  SENS - ok
10:28:48.0292 4500  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
10:28:48.0307 4500  SensrSvc - ok
10:28:48.0323 4500  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
10:28:48.0339 4500  Serenum - ok
10:28:48.0354 4500  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
10:28:48.0354 4500  Serial - ok
10:28:48.0370 4500  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
10:28:48.0370 4500  sermouse - ok
10:28:48.0385 4500  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
10:28:48.0417 4500  SessionEnv - ok
10:28:48.0417 4500  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
10:28:48.0417 4500  sffdisk - ok
10:28:48.0432 4500  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
10:28:48.0432 4500  sffp_mmc - ok
10:28:48.0432 4500  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
10:28:48.0448 4500  sffp_sd - ok
10:28:48.0448 4500  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
10:28:48.0463 4500  sfloppy - ok
10:28:48.0479 4500  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
10:28:48.0510 4500  SharedAccess - ok
10:28:48.0526 4500  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:28:48.0541 4500  ShellHWDetection - ok
10:28:48.0557 4500  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
10:28:48.0557 4500  SiSRaid2 - ok
10:28:48.0573 4500  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
10:28:48.0573 4500  SiSRaid4 - ok
10:28:48.0604 4500  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
10:28:48.0619 4500  Smb - ok
10:28:48.0635 4500  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
10:28:48.0651 4500  SNMPTRAP - ok
10:28:48.0666 4500  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
10:28:48.0666 4500  spldr - ok
10:28:48.0682 4500  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
10:28:48.0697 4500  Spooler - ok
10:28:48.0697 4500  sppsvc - ok
10:28:48.0713 4500  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
10:28:48.0744 4500  sppuinotify - ok
10:28:48.0760 4500  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
10:28:48.0775 4500  srv - ok
10:28:48.0791 4500  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
10:28:48.0791 4500  srv2 - ok
10:28:48.0807 4500  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
10:28:48.0822 4500  srvnet - ok
10:28:48.0838 4500  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
10:28:48.0869 4500  SSDPSRV - ok
10:28:48.0885 4500  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
10:28:48.0900 4500  SstpSvc - ok
10:28:48.0931 4500  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
10:28:48.0931 4500  stexstor - ok
10:28:48.0963 4500  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
10:28:48.0978 4500  stisvc - ok
10:28:48.0994 4500  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
10:28:48.0994 4500  swenum - ok
10:28:49.0119 4500  [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard     C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
10:28:49.0134 4500  SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
10:28:49.0134 4500  SwitchBoard - detected UnsignedFile.Multi.Generic (1)
10:28:49.0165 4500  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
10:28:49.0197 4500  swprv - ok
10:28:49.0228 4500  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
10:28:49.0259 4500  SysMain - ok
10:28:49.0259 4500  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:28:49.0275 4500  TabletInputService - ok
10:28:49.0290 4500  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
10:28:49.0306 4500  TapiSrv - ok
10:28:49.0321 4500  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
10:28:49.0353 4500  TBS - ok
10:28:49.0399 4500  [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
10:28:49.0431 4500  Tcpip - ok
10:28:49.0462 4500  [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
10:28:49.0493 4500  TCPIP6 - ok
10:28:49.0509 4500  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
10:28:49.0509 4500  tcpipreg - ok
10:28:49.0540 4500  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
10:28:49.0540 4500  TDPIPE - ok
10:28:49.0571 4500  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
10:28:49.0571 4500  TDTCP - ok
10:28:49.0602 4500  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
10:28:49.0618 4500  tdx - ok
10:28:49.0633 4500  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
10:28:49.0633 4500  TermDD - ok
10:28:49.0665 4500  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
10:28:49.0696 4500  TermService - ok
10:28:49.0696 4500  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
10:28:49.0711 4500  Themes - ok
10:28:49.0727 4500  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
10:28:49.0743 4500  THREADORDER - ok
10:28:49.0758 4500  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
10:28:49.0789 4500  TrkWks - ok
10:28:49.0821 4500  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:28:49.0867 4500  TrustedInstaller - ok
10:28:49.0867 4500  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
10:28:49.0899 4500  tssecsrv - ok
10:28:49.0930 4500  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
10:28:49.0930 4500  TsUsbFlt - ok
10:28:49.0977 4500  [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
10:28:50.0008 4500  TsUsbGD - ok
10:28:50.0039 4500  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
10:28:50.0070 4500  tunnel - ok
10:28:50.0070 4500  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
10:28:50.0086 4500  uagp35 - ok
10:28:50.0101 4500  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
10:28:50.0117 4500  udfs - ok
10:28:50.0148 4500  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
10:28:50.0148 4500  UI0Detect - ok
10:28:50.0164 4500  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
10:28:50.0179 4500  uliagpkx - ok
10:28:50.0195 4500  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
10:28:50.0211 4500  umbus - ok
10:28:50.0211 4500  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
10:28:50.0211 4500  UmPass - ok
10:28:50.0226 4500  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
10:28:50.0257 4500  upnphost - ok
10:28:50.0273 4500  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
10:28:50.0289 4500  usbccgp - ok
10:28:50.0304 4500  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
10:28:50.0304 4500  usbcir - ok
10:28:50.0320 4500  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
10:28:50.0320 4500  usbehci - ok
10:28:50.0351 4500  [ 2C780746DC44A28FE67004DC58173F05 ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
10:28:50.0382 4500  usbfilter - ok
10:28:50.0398 4500  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
10:28:50.0413 4500  usbhub - ok
10:28:50.0429 4500  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
10:28:50.0429 4500  usbohci - ok
10:28:50.0460 4500  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
10:28:50.0476 4500  usbprint - ok
10:28:50.0507 4500  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
10:28:50.0538 4500  usbscan - ok
10:28:50.0554 4500  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:28:50.0569 4500  USBSTOR - ok
10:28:50.0585 4500  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
10:28:50.0585 4500  usbuhci - ok
10:28:50.0616 4500  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
10:28:50.0632 4500  UxSms - ok
10:28:50.0632 4500  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
10:28:50.0647 4500  VaultSvc - ok
10:28:50.0647 4500  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
10:28:50.0663 4500  vdrvroot - ok
10:28:50.0679 4500  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
10:28:50.0710 4500  vds - ok
10:28:50.0710 4500  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
10:28:50.0725 4500  vga - ok
10:28:50.0725 4500  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
10:28:50.0757 4500  VgaSave - ok
10:28:50.0757 4500  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
10:28:50.0772 4500  vhdmp - ok
10:28:50.0772 4500  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
10:28:50.0788 4500  viaide - ok
10:28:50.0788 4500  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
10:28:50.0803 4500  volmgr - ok
10:28:50.0819 4500  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
10:28:50.0835 4500  volmgrx - ok
10:28:50.0835 4500  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
10:28:50.0850 4500  volsnap - ok
10:28:50.0866 4500  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
10:28:50.0881 4500  vsmraid - ok
10:28:50.0913 4500  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
10:28:50.0944 4500  VSS - ok
10:28:50.0959 4500  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
10:28:50.0959 4500  vwifibus - ok
10:28:50.0959 4500  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
10:28:50.0991 4500  W32Time - ok
10:28:51.0006 4500  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
10:28:51.0022 4500  WacomPen - ok
10:28:51.0037 4500  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
10:28:51.0069 4500  WANARP - ok
10:28:51.0069 4500  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
10:28:51.0084 4500  Wanarpv6 - ok
10:28:51.0131 4500  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
10:28:51.0147 4500  wbengine - ok
10:28:51.0147 4500  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
10:28:51.0162 4500  WbioSrvc - ok
10:28:51.0162 4500  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
10:28:51.0178 4500  wcncsvc - ok
10:28:51.0193 4500  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:28:51.0193 4500  WcsPlugInService - ok
10:28:51.0209 4500  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
10:28:51.0225 4500  Wd - ok
10:28:51.0287 4500  [ D634CFE93E0CD001499D0D6D68890C9E ] WDBackup        C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
10:28:51.0334 4500  WDBackup - ok
10:28:51.0349 4500  [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM         C:\Windows\system32\DRIVERS\wdcsam64.sys
10:28:51.0365 4500  WDC_SAM - ok
10:28:51.0381 4500  [ B5B84712111414DD1B14C2346E9868BE ] WDDriveService  C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
10:28:51.0381 4500  WDDriveService - ok
10:28:51.0412 4500  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
10:28:51.0427 4500  Wdf01000 - ok
10:28:51.0427 4500  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
10:28:51.0443 4500  WdiServiceHost - ok
10:28:51.0443 4500  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
10:28:51.0459 4500  WdiSystemHost - ok
10:28:51.0490 4500  [ A578AE45097ACAD346C86C96F1C0D5A7 ] WDRulesService  C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
10:28:51.0505 4500  WDRulesService - ok
10:28:51.0521 4500  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
10:28:51.0537 4500  WebClient - ok
10:28:51.0552 4500  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
10:28:51.0568 4500  Wecsvc - ok
10:28:51.0583 4500  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
10:28:51.0615 4500  wercplsupport - ok
10:28:51.0630 4500  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
10:28:51.0646 4500  WerSvc - ok
10:28:51.0677 4500  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
10:28:51.0693 4500  WfpLwf - ok
10:28:51.0708 4500  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
10:28:51.0724 4500  WIMMount - ok
10:28:51.0739 4500  WinDefend - ok
10:28:51.0739 4500  WinHttpAutoProxySvc - ok
10:28:51.0786 4500  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
10:28:51.0849 4500  Winmgmt - ok
10:28:51.0880 4500  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
10:28:51.0911 4500  WinRM - ok
10:28:51.0958 4500  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
10:28:52.0020 4500  Wlansvc - ok
10:28:52.0036 4500  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
10:28:52.0036 4500  WmiAcpi - ok
10:28:52.0051 4500  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
10:28:52.0067 4500  wmiApSrv - ok
10:28:52.0083 4500  WMPNetworkSvc - ok
10:28:52.0083 4500  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
10:28:52.0098 4500  WPCSvc - ok
10:28:52.0114 4500  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
10:28:52.0114 4500  WPDBusEnum - ok
10:28:52.0129 4500  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
10:28:52.0145 4500  ws2ifsl - ok
10:28:52.0176 4500  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
10:28:52.0176 4500  wscsvc - ok
10:28:52.0176 4500  WSearch - ok
10:28:52.0240 4500  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
10:28:52.0271 4500  wuauserv - ok
10:28:52.0286 4500  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
10:28:52.0286 4500  WudfPf - ok
10:28:52.0318 4500  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
10:28:52.0318 4500  WUDFRd - ok
10:28:52.0333 4500  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
10:28:52.0349 4500  wudfsvc - ok
10:28:52.0364 4500  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
10:28:52.0380 4500  WwanSvc - ok
10:28:52.0396 4500  ================ Scan global ===============================
10:28:52.0427 4500  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
10:28:52.0458 4500  [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
10:28:52.0458 4500  [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
10:28:52.0489 4500  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
10:28:52.0520 4500  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
10:28:52.0520 4500  [Global] - ok
10:28:52.0520 4500  ================ Scan MBR ==================================
10:28:52.0536 4500  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
10:28:52.0786 4500  \Device\Harddisk0\DR0 - ok
10:28:52.0786 4500  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
10:28:52.0832 4500  \Device\Harddisk1\DR1 - ok
10:28:52.0832 4500  ================ Scan VBR ==================================
10:28:52.0832 4500  [ 78BBAC7D3B26FDE52F96864D5C199C70 ] \Device\Harddisk0\DR0\Partition1
10:28:52.0832 4500  \Device\Harddisk0\DR0\Partition1 - ok
10:28:52.0879 4500  [ DD33BDF17276E705C69E574D3C4E8E8A ] \Device\Harddisk0\DR0\Partition2
10:28:52.0879 4500  \Device\Harddisk0\DR0\Partition2 - ok
10:28:52.0879 4500  [ 32F0E07EB87F997ADEA21812D53CFF53 ] \Device\Harddisk1\DR1\Partition1
10:28:52.0879 4500  \Device\Harddisk1\DR1\Partition1 - ok
10:28:52.0879 4500  ============================================================
10:28:52.0879 4500  Scan finished
10:28:52.0879 4500  ============================================================
10:28:52.0895 4940  Detected object count: 1
10:28:52.0895 4940  Actual detected object count: 1
10:29:06.0685 4940  SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
10:29:06.0685 4940  SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:29:11.0053 4792  Deinitialize success
         

Alt 01.03.2013, 11:28   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Delta Search - Standard

Delta Search



Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 01.03.2013, 11:57   #13
Lonovis
 
Delta Search - Standard

Delta Search



Hi,

das es das gelöscht hat finde ich nicht so gut:

c:\programdata\1&1
c:\programdata\1&1\1&1 SmartFax\Settings.xml
c:\users\User\AppData\Roaming\1&1
c:\users\User\AppData\Roaming\1&1\1&1 SmartFax\FaxNumberHistory.xml
c:\users\User\AppData\Roaming\1&1\1&1 SmartFax\Settings.xml

Das ist ein Druckertreiber.

Der Cobofix log.
Code:
ATTFilter
ComboFix 13-02-26.01 - User 01.03.2013  11:49:18.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8189.6060 [GMT 1:00]
ausgeführt von:: c:\users\User\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1&1
c:\programdata\1&1\1&1 SmartFax\Settings.xml
c:\users\User\AppData\Roaming\1&1
c:\users\User\AppData\Roaming\1&1\1&1 SmartFax\FaxNumberHistory.xml
c:\users\User\AppData\Roaming\1&1\1&1 SmartFax\Settings.xml
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-02-01 bis 2013-03-01  ))))))))))))))))))))))))))))))
.
.
2013-03-01 10:52 . 2013-03-01 10:52	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-02-28 15:17 . 2013-02-28 15:17	--------	d-----w-	c:\programdata\Malwarebytes
2013-02-28 14:42 . 2013-02-28 14:42	--------	d-----w-	C:\_OTL
2013-02-28 14:12 . 2013-02-28 14:12	--------	d-----w-	c:\windows\Sun
2013-02-28 09:04 . 2013-02-28 09:04	--------	d-----w-	c:\windows\ERUNT
2013-02-28 09:04 . 2013-02-28 09:04	--------	d-----w-	C:\JRT
2013-02-28 06:31 . 2013-02-28 06:31	--------	d-----w-	c:\program files (x86)\Common Files\Java
2013-02-28 06:30 . 2013-02-28 06:30	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-28 06:30 . 2013-02-28 06:30	--------	d-----w-	c:\program files (x86)\Java
2013-02-27 11:37 . 2013-02-27 11:38	--------	d-----w-	c:\users\User\AppData\Roaming\GetRightToGo
2013-02-22 12:55 . 2013-02-22 12:55	--------	d-----w-	c:\users\User\AppData\Local\Apple Computer
2013-02-22 12:55 . 2013-02-22 12:55	--------	d-----w-	c:\users\User\AppData\Roaming\Apple Computer
2013-02-22 12:54 . 2013-02-22 12:54	--------	d-----w-	c:\program files (x86)\Safari
2013-02-22 12:54 . 2013-02-22 12:54	--------	d-----w-	c:\programdata\Apple Computer
2013-02-22 12:53 . 2013-02-22 12:53	--------	d-----w-	c:\users\User\AppData\Local\Apple
2013-02-22 12:53 . 2013-02-22 12:53	--------	d-----w-	c:\program files (x86)\Apple Software Update
2013-02-22 12:53 . 2013-02-22 12:53	--------	d-----w-	c:\programdata\Apple
2013-02-08 07:39 . 2013-02-08 07:39	--------	d-----w-	c:\programdata\ATI
2013-02-08 07:39 . 2013-02-08 07:39	--------	d-----w-	c:\program files (x86)\AMD AVT
2013-02-08 07:39 . 2013-02-08 07:39	--------	d-----w-	c:\program files (x86)\AMD APP
2013-02-06 15:03 . 2013-02-06 15:03	--------	d-----w-	c:\program files (x86)\7-Zip
2013-02-04 08:47 . 2006-09-30 09:36	13008	----a-w-	c:\windows\system32\drivers\pstrip64.sys
2013-02-04 08:47 . 2013-02-04 08:48	--------	d-----w-	c:\program files (x86)\PowerStrip
2013-02-01 12:01 . 2013-02-24 21:26	--------	d-----w-	c:\users\User\AppData\Roaming\FileZilla
2013-02-01 12:01 . 2013-02-01 12:01	--------	d-----w-	c:\program files (x86)\FileZilla FTP Client
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-28 06:30 . 2012-12-27 09:47	861088	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2013-02-28 06:30 . 2012-12-27 09:47	782240	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-02-27 08:06 . 2012-12-13 17:12	71024	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-27 08:06 . 2012-12-13 17:12	691568	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-09 21:20 . 2012-12-12 17:57	67599240	----a-w-	c:\windows\system32\MRT.exe
2013-01-03 15:27 . 2013-01-03 15:29	10752	----a-w-	c:\windows\system32\E_GCINST.DLL
2013-01-03 15:27 . 2013-01-03 15:29	83968	----a-w-	c:\windows\system32\E_ID4BHRE.DLL
2013-01-03 15:27 . 2013-01-03 15:29	120320	----a-w-	c:\windows\system32\E_ILMHRE.DLL
2012-12-19 20:50 . 2012-12-19 20:50	5630200	----a-w-	c:\windows\SysWow64\atiumdag.dll
2012-12-19 20:48 . 2012-12-19 20:48	11278336	----a-w-	c:\windows\system32\drivers\atikmdag.sys
2012-12-19 20:29 . 2012-12-19 20:29	23461376	----a-w-	c:\windows\system32\atio6axx.dll
2012-12-19 20:22 . 2012-12-19 20:22	70144	----a-w-	c:\windows\system32\coinst_9.012.dll
2012-12-19 20:19 . 2012-12-19 20:19	163840	----a-w-	c:\windows\system32\atiapfxx.exe
2012-12-19 20:18 . 2012-12-19 20:18	51200	----a-w-	c:\windows\system32\aticalrt64.dll
2012-12-19 20:18 . 2012-12-19 20:18	46080	----a-w-	c:\windows\SysWow64\aticalrt.dll
2012-12-19 20:17 . 2012-12-19 20:17	44544	----a-w-	c:\windows\system32\aticalcl64.dll
2012-12-19 20:17 . 2012-12-19 20:17	44032	----a-w-	c:\windows\SysWow64\aticalcl.dll
2012-12-19 20:17 . 2012-12-19 20:17	16082944	----a-w-	c:\windows\system32\aticaldd64.dll
2012-12-19 20:13 . 2012-12-19 20:13	13703168	----a-w-	c:\windows\SysWow64\aticaldd.dll
2012-12-19 20:12 . 2012-12-19 20:12	18982400	----a-w-	c:\windows\SysWow64\atioglxx.dll
2012-12-19 20:09 . 2012-12-19 20:09	960512	----a-w-	c:\windows\SysWow64\aticfx32.dll
2012-12-19 20:08 . 2012-06-11 17:23	1151488	----a-w-	c:\windows\system32\aticfx64.dll
2012-12-19 20:06 . 2012-12-19 20:06	6681088	----a-w-	c:\windows\SysWow64\atidxx32.dll
2012-12-19 19:59 . 2012-12-19 19:59	5087744	----a-w-	c:\windows\system32\atiumd6a.dll
2012-12-19 19:57 . 2012-12-19 19:57	442368	----a-w-	c:\windows\system32\atidemgy.dll
2012-12-19 19:56 . 2012-12-19 19:56	550912	----a-w-	c:\windows\system32\atieclxx.exe
2012-12-19 19:56 . 2012-12-19 19:56	240640	----a-w-	c:\windows\system32\atiesrxx.exe
2012-12-19 19:54 . 2012-12-19 19:54	120320	----a-w-	c:\windows\system32\atitmm64.dll
2012-12-19 19:54 . 2012-12-19 19:54	21504	----a-w-	c:\windows\system32\atimuixx.dll
2012-12-19 19:54 . 2012-12-19 19:54	59392	----a-w-	c:\windows\system32\atiedu64.dll
2012-12-19 19:54 . 2012-12-19 19:54	43520	----a-w-	c:\windows\SysWow64\ati2edxx.dll
2012-12-19 19:49 . 2012-06-11 17:01	7370752	----a-w-	c:\windows\system32\atidxx64.dll
2012-12-19 19:44 . 2012-12-19 19:44	4162048	----a-w-	c:\windows\SysWow64\atiumdva.dll
2012-12-19 19:44 . 2012-12-19 19:44	6786560	----a-w-	c:\windows\system32\atiumd64.dll
2012-12-19 19:33 . 2012-12-19 19:33	56320	----a-w-	c:\windows\system32\atimpc64.dll
2012-12-19 19:33 . 2012-12-19 19:33	56320	----a-w-	c:\windows\system32\amdpcom64.dll
2012-12-19 19:33 . 2012-12-19 19:33	619008	----a-w-	c:\windows\system32\atiadlxx.dll
2012-12-19 19:33 . 2012-12-19 19:33	56832	----a-w-	c:\windows\SysWow64\atimpc32.dll
2012-12-19 19:33 . 2012-12-19 19:33	56832	----a-w-	c:\windows\SysWow64\amdpcom32.dll
2012-12-19 19:33 . 2012-12-19 19:33	421888	----a-w-	c:\windows\SysWow64\atiadlxy.dll
2012-12-19 19:33 . 2012-12-19 19:33	17920	----a-w-	c:\windows\system32\atig6pxx.dll
2012-12-19 19:33 . 2012-12-19 19:33	14848	----a-w-	c:\windows\SysWow64\atiglpxx.dll
2012-12-19 19:33 . 2012-12-19 19:33	14848	----a-w-	c:\windows\system32\atiglpxx.dll
2012-12-19 19:33 . 2012-12-19 19:33	41984	----a-w-	c:\windows\system32\atig6txx.dll
2012-12-19 19:33 . 2012-12-19 19:33	33280	----a-w-	c:\windows\SysWow64\atigktxx.dll
2012-12-19 19:32 . 2012-12-19 19:32	552960	----a-w-	c:\windows\system32\drivers\atikmpag.sys
2012-12-19 19:31 . 2012-06-11 16:25	130048	----a-w-	c:\windows\system32\atiuxp64.dll
2012-12-19 19:31 . 2012-12-19 19:31	109568	----a-w-	c:\windows\SysWow64\atiuxpag.dll
2012-12-19 19:31 . 2012-12-19 19:31	104448	----a-w-	c:\windows\system32\atiu9p64.dll
2012-12-19 19:30 . 2012-12-19 19:30	83968	----a-w-	c:\windows\SysWow64\atiu9pag.dll
2012-12-19 19:30 . 2012-12-19 19:30	53248	----a-w-	c:\windows\system32\drivers\ati2erec.dll
2012-12-19 14:45 . 2012-12-19 14:45	222720	----a-w-	c:\windows\system32\clinfo.exe
2012-12-19 14:44 . 2012-12-19 14:44	76288	----a-w-	c:\windows\system32\OpenVideo64.dll
2012-12-19 14:44 . 2012-12-19 14:44	65536	----a-w-	c:\windows\SysWow64\OpenVideo.dll
2012-12-19 14:44 . 2012-12-19 14:44	64000	----a-w-	c:\windows\system32\OVDecode64.dll
2012-12-19 14:44 . 2012-12-19 14:44	56320	----a-w-	c:\windows\SysWow64\OVDecode.dll
2012-12-19 14:44 . 2012-12-19 14:44	34518016	----a-w-	c:\windows\system32\amdocl64.dll
2012-12-19 14:38 . 2012-12-19 14:38	28732928	----a-w-	c:\windows\SysWow64\amdocl.dll
2012-12-19 14:34 . 2012-12-19 14:34	54784	----a-w-	c:\windows\system32\OpenCL.dll
2012-12-19 14:34 . 2012-12-19 14:34	50176	----a-w-	c:\windows\SysWow64\OpenCL.dll
2012-12-16 17:11 . 2012-12-22 02:00	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-22 02:00	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-22 02:00	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-22 02:00	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-12 17:51 . 2012-12-12 17:51	91648	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2012-12-12 17:51 . 2012-12-12 17:51	89088	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2012-12-12 17:51 . 2012-12-12 17:51	89088	----a-w-	c:\windows\system32\ie4uinit.exe
2012-12-12 17:51 . 2012-12-12 17:51	86528	----a-w-	c:\windows\SysWow64\iesysprep.dll
2012-12-12 17:51 . 2012-12-12 17:51	85504	----a-w-	c:\windows\system32\iesetup.dll
2012-12-12 17:51 . 2012-12-12 17:51	82432	----a-w-	c:\windows\system32\icardie.dll
2012-12-12 17:51 . 2012-12-12 17:51	76800	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2012-12-12 17:51 . 2012-12-12 17:51	76800	----a-w-	c:\windows\system32\tdc.ocx
2012-12-12 17:51 . 2012-12-12 17:51	74752	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-12-12 17:51 . 2012-12-12 17:51	74752	----a-w-	c:\windows\SysWow64\iesetup.dll
2012-12-12 17:51 . 2012-12-12 17:51	65024	----a-w-	c:\windows\system32\pngfilt.dll
2012-12-12 17:51 . 2012-12-12 17:51	63488	----a-w-	c:\windows\SysWow64\tdc.ocx
2012-12-12 17:51 . 2012-12-12 17:51	55296	----a-w-	c:\windows\system32\msfeedsbs.dll
2012-12-12 17:51 . 2012-12-12 17:51	534528	----a-w-	c:\windows\system32\ieapfltr.dll
2012-12-12 17:51 . 2012-12-12 17:51	49664	----a-w-	c:\windows\system32\imgutil.dll
2012-12-12 17:51 . 2012-12-12 17:51	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2012-12-12 17:51 . 2012-12-12 17:51	48640	----a-w-	c:\windows\system32\mshtmler.dll
2012-12-12 17:51 . 2012-12-12 17:51	452608	----a-w-	c:\windows\system32\dxtmsft.dll
2012-12-12 17:51 . 2012-12-12 17:51	448512	----a-w-	c:\windows\system32\html.iec
2012-12-12 17:51 . 2012-12-12 17:51	403248	----a-w-	c:\windows\system32\iedkcs32.dll
2012-12-12 17:51 . 2012-12-12 17:51	39936	----a-w-	c:\windows\system32\iernonce.dll
2012-12-12 17:51 . 2012-12-12 17:51	3695416	----a-w-	c:\windows\system32\ieapfltr.dat
2012-12-12 17:51 . 2012-12-12 17:51	367104	----a-w-	c:\windows\SysWow64\html.iec
2012-12-12 17:51 . 2012-12-12 17:51	35840	----a-w-	c:\windows\SysWow64\imgutil.dll
2012-12-12 17:51 . 2012-12-12 17:51	30720	----a-w-	c:\windows\system32\licmgr10.dll
2012-12-12 17:51 . 2012-12-12 17:51	282112	----a-w-	c:\windows\system32\dxtrans.dll
2012-12-12 17:51 . 2012-12-12 17:51	267776	----a-w-	c:\windows\system32\ieaksie.dll
2012-12-12 17:51 . 2012-12-12 17:51	249344	----a-w-	c:\windows\system32\webcheck.dll
2012-12-12 17:51 . 2012-12-12 17:51	23552	----a-w-	c:\windows\SysWow64\licmgr10.dll
2012-12-12 17:51 . 2012-12-12 17:51	222208	----a-w-	c:\windows\system32\msls31.dll
2012-12-12 17:51 . 2012-12-12 17:51	197120	----a-w-	c:\windows\system32\msrating.dll
2012-12-12 17:51 . 2012-12-12 17:51	165888	----a-w-	c:\windows\system32\iexpress.exe
2012-12-12 17:51 . 2012-12-12 17:51	163840	----a-w-	c:\windows\system32\ieakui.dll
2012-12-12 17:51 . 2012-12-12 17:51	161792	----a-w-	c:\windows\SysWow64\msls31.dll
2012-12-12 17:51 . 2012-12-12 17:51	160256	----a-w-	c:\windows\system32\wextract.exe
2012-12-12 17:51 . 2012-12-12 17:51	160256	----a-w-	c:\windows\system32\ieakeng.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CloudSync"="c:\program files\Adobe\Adobe Creative Cloud Connection (64 Bit)\Creative Cloud Connection.exe" [2012-11-13 5515440]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
"WD Quick View"="c:\program files (x86)\Western Digital\WD Quick View\WDDMStatus.exe" [2012-06-14 5235128]
"WD Drive Unlocker"="c:\program files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe" [2012-06-13 1688008]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-06-25 1073352]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-12-18 39136]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-12-18 825560]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
PowerStrip.lnk - c:\program files (x86)\PowerStrip\PStrip.exe [2011-4-27 742944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-11-15 111968]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
S1 PStrip64;PStrip64;c:\windows\system32\drivers\pstrip64.sys [2006-09-30 13008]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-19 240640]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984]
S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
S2 WDBackup;WD Backup;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [2012-06-14 1151424]
S2 WDDriveService;WD Drive Manager;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2012-09-06 248248]
S2 WDRulesService;WD Rules;c:\program files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [2012-06-14 1177536]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-11-06 96256]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-07-29 56960]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-07-29 79104]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-23 565352]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2012-06-14 14464]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 40728475
*NewlyCreated* - 78996167
*NewlyCreated* - ASWMBR
*Deregistered* - 40728475
*Deregistered* - 78996167
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-23 10:39	1629648	----a-w-	c:\program files (x86)\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-13 08:06]
.
2013-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-02 19:24]
.
2013-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-02 19:24]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AccExtIco1]
@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
2012-11-13 10:32	4004528	----a-w-	c:\program files\Adobe\Adobe Creative Cloud Connection (64 Bit)\CloudSyncExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AccExtIco2]
@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
2012-11-13 10:32	4004528	----a-w-	c:\program files\Adobe\Adobe Creative Cloud Connection (64 Bit)\CloudSyncExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AccExtIco3]
@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
2012-11-13 10:32	4004528	----a-w-	c:\program files\Adobe\Adobe Creative Cloud Connection (64 Bit)\CloudSyncExt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-17 13307496]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-12-15 478984]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\idyrcqcy.default\
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-01-08 13:44; ich@maltegoetz.de; c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\idyrcqcy.default\extensions\ich@maltegoetz.de
FF - ExtSQL: 2013-01-22 14:33; web2pdfextension@web2pdf.adobedotcom; c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-01  11:53:52
ComboFix-quarantined-files.txt  2013-03-01 10:53
.
Vor Suchlauf: 11 Verzeichnis(se), 755.132.276.736 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 754.904.158.208 Bytes frei
.
- - End Of File - - B12356E04B54F16062FF20EFA2959363
         

Alt 01.03.2013, 15:18   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Delta Search - Standard

Delta Search



Combofix-Skript
WARNUNG für die MITLESER:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

  • Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von folgenden Download-Spiegel neu herunter: Link
  • Speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!
  • Drücke die Windows + R Taste --> notepad (hinein schreiben) --> OK
  • Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
    Code:
    ATTFilter
    DeQuarantine::
    C:\Qoobox\Quarantine\C\programdata\1&1
    C:\Qoobox\Quarantine\C\users\User\AppData\Roaming\1&1
    Quit::
             
  • Speichere dies als CFScript.txt auf deinem Desktop.
  • Wichtig: Stelle deine Anti Viren Software temporär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Schließe alle laufenden Programme damit ComboFix ungehindert arbeiten kann.
  • Ziehe CFScript.txt in die ComboFix.exe wie in diesem Bild:
  • Mache nichts am Computer, bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Wenn ComboFix fertig ist wird es ein Log erstellen: C:\ComboFix.txt
    Bitte füge es hier als Antwort (in CODE-Tags mit dem #-Button des Editors) ein.

Hinweis:
Suspect:: und Collect::
Falls im Skript diese Anweisungen enthalten sind, sollen Dateien zur Analyse eingeschickt werden. Es erscheint eine Message-Box, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen. Teile mir unbedingt mit, ob der Upload geklappt hat!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 02.03.2013, 16:59   #15
Lonovis
 
Delta Search - Standard

Delta Search



Hi cosinus,

hat etwas gedauert, es gibt ja noch ein Leben außerhalb des Computers.

Nachdem ich das Cobofix habe laufen lassen hat mein Rechner das Netzwek nicht mehr erkannt. Konnte ich aber selber wieder in gang bringen.

Leider habe ich das CoboFix.txt nicht gespeichert, so dass ich es nicht posten kann. Ich will es aber auch nicht nocheinmal durchlaufen lassen. Der 1&1 Treiber ist aber wieder da.

Danke.

Lonovis

Antwort

Themen zu Delta Search
adobe, avg, browser, cloud, defender, desktop, explorer, firefox, flash player, frage, generic, helper, home, internet, internet browser, internet explorer, löschen, mozilla, ordner, pdf, realtek, registrierungsdatenbank, security, software, suche, svchost.exe, usb, windows



Ähnliche Themen: Delta Search


  1. babylon search und delta search als startseite im browser
    Plagegeister aller Art und deren Bekämpfung - 07.06.2014 (9)
  2. Search d.p Engine. Ist das Delta-Search? Wenn nein, egal ich werde es nicht mehr los
    Log-Analyse und Auswertung - 27.01.2014 (11)
  3. Delta Search
    Log-Analyse und Auswertung - 10.08.2013 (20)
  4. Delta Search und Babylon search - Malware durch Freeware, Windows Vista
    Plagegeister aller Art und deren Bekämpfung - 16.07.2013 (37)
  5. Delta Search
    Plagegeister aller Art und deren Bekämpfung - 26.06.2013 (9)
  6. delta-search.com
    Plagegeister aller Art und deren Bekämpfung - 05.06.2013 (37)
  7. Delta-Search
    Plagegeister aller Art und deren Bekämpfung - 09.05.2013 (10)
  8. Delta Search die 2te
    Log-Analyse und Auswertung - 03.05.2013 (7)
  9. Delta Search
    Plagegeister aller Art und deren Bekämpfung - 20.04.2013 (7)
  10. Delta Search mit Spybot entfernt; Delta Search taucht jedoch in neuen Tab trotzdem auf
    Plagegeister aller Art und deren Bekämpfung - 17.04.2013 (10)
  11. Delta Search
    Plagegeister aller Art und deren Bekämpfung - 03.04.2013 (6)
  12. Delta Search
    Plagegeister aller Art und deren Bekämpfung - 02.04.2013 (10)
  13. Delta Search
    Plagegeister aller Art und deren Bekämpfung - 28.03.2013 (51)
  14. Delta Search
    Plagegeister aller Art und deren Bekämpfung - 22.03.2013 (9)
  15. Delta Search und Babylon Search entfernt - Ist nun alles weg?
    Log-Analyse und Auswertung - 16.03.2013 (18)
  16. Delta Search Tab
    Plagegeister aller Art und deren Bekämpfung - 21.02.2013 (24)
  17. Delta Search
    Log-Analyse und Auswertung - 21.02.2013 (1)

Zum Thema Delta Search - Hallo, auf der Suche nach einem Treiber für meinen alten Drucker habe ich mir auf dieser Seite www.driverplatform.com/file_cf2001.html ein Tool zur Suche von Treibern (unbeabsichtigt) heruntergeladen. Das funktionierte natürlich nicht, - Delta Search...
Archiv
Du betrachtest: Delta Search auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.