Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: TR/Matsnu.A.85 TR/PSW.Zbot.1970

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 09.03.2013, 19:50   #1
Karre
 
TR/Matsnu.A.85    TR/PSW.Zbot.1970 - Standard

TR/Matsnu.A.85 TR/PSW.Zbot.1970



Guten Abend.

Ich kenne mich leider sehr schlecht mit Computerdingen aus und habe heute zum Glück von diesem Forum erfahren.
Mein Avira zeigt mir seit einigen Tagen immer wieder Sicherheitswarnungen, nach denen ich bisher jeweils auf "entfernen" geklickt habe. Allerdings nehmen die Warnungen kein Ende. Aktuell ist von 2 Sicherheitsproblemen die Rede, "TR/Matsnu.A.85" und "TR/PSW.Zbot.1970". Zudem stürzen sämtliche Programme ständig ab.
Handelt es sich bei meinem Problem um einen Virus?
Defogger und OTL habe ich mir nun runtergeladen, hier die OLT-Daten:

Zitat:
OTL logfile created on: 09.03.2013 19:28:40 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = E:\defogger
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,86 Gb Total Physical Memory | 2,70 Gb Available Physical Memory | 69,95% Memory free
7,73 Gb Paging File | 6,29 Gb Available in Paging File | 81,48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,97 Gb Total Space | 397,84 Gb Free Space | 87,83% Space Free | Partition Type: NTFS
Drive E: | 1,96 Gb Total Space | 1,86 Gb Free Space | 94,76% Space Free | Partition Type: FAT

Computer Name: KARRE-PC | User Name: Karre | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.03.09 19:22:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\defogger\OTL.exe
PRC - [2013.03.09 10:17:13 | 000,097,792 | ---- | M] (Exiland Software) -- C:\Users\Karre\AppData\Roaming\KB00845595.exe
PRC - [2013.03.08 11:54:02 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.03.08 11:53:35 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.03.08 11:53:35 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.02.13 19:38:18 | 000,310,128 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2013.02.13 19:38:14 | 001,509,232 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
PRC - [2013.02.05 16:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.05.04 14:43:20 | 001,561,768 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2012.02.10 10:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
PRC - [2012.01.26 13:53:59 | 000,241,492 | ---- | M] () -- C:\Users\Karre\AppData\Roaming\Iczuwy\isob.exe
PRC - [2010.08.11 02:06:16 | 000,975,952 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010.08.11 02:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010.08.11 02:06:16 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010.07.15 16:05:48 | 000,600,688 | ---- | M] (Chicony) -- C:\Program Files (x86)\Video Web Camera\traybar.exe
PRC - [2010.06.28 23:23:24 | 000,263,936 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
PRC - [2010.06.28 23:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
PRC - [2010.06.10 03:54:04 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2010.03.03 14:42:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.03.03 14:41:58 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.01.29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe
PRC - [2010.01.08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe


========== Modules (No Company Name) ==========

MOD - [2013.03.08 12:17:39 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7d8f6866864f78cf83d3701641c46178\System.ServiceProcess.ni.dll
MOD - [2013.03.08 12:15:47 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll
MOD - [2013.02.26 10:58:19 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b8e60f81fd56934c9f9da7b15bee3376\PresentationFramework.ni.dll
MOD - [2013.02.26 10:58:05 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\932901ff0ad5e365ffbe705d7459a37e\PresentationCore.ni.dll
MOD - [2013.02.26 10:57:57 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b519f42484e1d488662a9a8a87cb8849\System.Core.ni.dll
MOD - [2013.02.26 10:57:56 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll
MOD - [2013.02.26 10:57:50 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8abaedf6aecb073b22f8801aa0b8babf\WindowsBase.ni.dll
MOD - [2013.02.26 10:57:50 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7cd4aa51f6e6b9330b8f50bba8bb62c6\System.Configuration.ni.dll
MOD - [2013.02.26 10:57:45 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll
MOD - [2013.02.26 10:57:39 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll
MOD - [2012.01.26 13:53:59 | 000,241,492 | ---- | M] () -- C:\Users\Karre\AppData\Roaming\Iczuwy\isob.exe
MOD - [2010.06.28 23:20:54 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\sqlite3.dll
MOD - [2010.06.10 03:54:04 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2009.05.20 23:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll


========== Services (SafeList) ==========

SRV:64bit: - [2010.01.22 18:01:12 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2013.03.08 11:54:02 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.03.08 11:53:35 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.02.05 16:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.02.10 10:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe -- (BBUpdate)
SRV - [2012.02.10 10:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe -- (BBSvc)
SRV - [2010.11.11 06:56:54 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.08.11 02:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010.06.28 23:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010.06.11 14:27:26 | 000,868,896 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010.06.01 23:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010.04.04 00:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.03 14:42:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.03.03 14:41:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.01.29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010.01.15 22:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010.01.08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009.10.09 05:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009.09.20 11:55:20 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013.03.08 11:54:18 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.03.08 11:54:18 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.03.08 11:54:18 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.06.10 21:57:20 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2010.06.08 04:36:18 | 000,406,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2010.05.12 03:11:38 | 002,229,608 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.03.04 03:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.01.22 18:13:24 | 006,233,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.01.22 17:07:56 | 000,161,280 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2009.09.30 18:34:32 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.09.18 05:12:06 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.09.17 12:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.20 03:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E)
DRV:64bit: - [2009.06.10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 21:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.06 00:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009.05.06 00:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2008.06.16 03:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{A274D0D4-A1C7-454A-AEF1-9352095BFCE3}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=EACA685B-237A-4173-AFA4-36B9AA892EC9&apn_sauid=A9EDEF40-7D81-4281-B212-3B5C59253A60
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: toolbar%40gmx.net:2.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100127023632
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=EACA685B-237A-4173-AFA4-36B9AA892EC9&apn_ptnrs=&apn_sauid=A9EDEF40-7D81-4281-B212-3B5C59253A60&apn_dtid=OSJ000&&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_168.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.01.08 18:23:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.09 11:14:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.01.08 18:23:23 | 000,000,000 | ---D | M]

[2011.01.08 17:46:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karre\AppData\Roaming\mozilla\Extensions
[2013.01.19 10:32:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karre\AppData\Roaming\mozilla\Firefox\Profiles\sy8aeltw.default\extensions
[2011.06.05 20:08:42 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Karre\AppData\Roaming\mozilla\Firefox\Profiles\sy8aeltw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012.07.17 10:01:08 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Karre\AppData\Roaming\mozilla\Firefox\Profiles\sy8aeltw.default\extensions\toolbar@ask.com
[2013.01.19 10:32:15 | 000,492,222 | ---- | M] () (No name found) -- C:\Users\Karre\AppData\Roaming\mozilla\firefox\profiles\sy8aeltw.default\extensions\toolbar@gmx.net.xpi
[2012.06.02 15:57:57 | 000,000,933 | ---- | M] () -- C:\Users\Karre\AppData\Roaming\mozilla\firefox\profiles\sy8aeltw.default\searchplugins\11-suche.xml
[2012.07.17 10:01:08 | 000,002,299 | ---- | M] () -- C:\Users\Karre\AppData\Roaming\mozilla\firefox\profiles\sy8aeltw.default\searchplugins\askcom.xml
[2012.06.02 15:57:58 | 000,002,419 | ---- | M] () -- C:\Users\Karre\AppData\Roaming\mozilla\firefox\profiles\sy8aeltw.default\searchplugins\englische-ergebnisse.xml
[2012.06.02 15:57:57 | 000,010,525 | ---- | M] () -- C:\Users\Karre\AppData\Roaming\mozilla\firefox\profiles\sy8aeltw.default\searchplugins\gmx-suche.xml
[2012.06.02 15:57:58 | 000,002,457 | ---- | M] () -- C:\Users\Karre\AppData\Roaming\mozilla\firefox\profiles\sy8aeltw.default\searchplugins\lastminute.xml
[2013.03.09 11:14:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.03.07 15:30:04 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.03.07 16:45:15 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.03.07 16:45:15 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.03.07 16:45:15 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.03.07 16:45:15 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.03.07 16:45:15 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.03.07 16:45:15 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:se archFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParam eter}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U15 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: McAfee Security Scanner + (Enabled) = C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll
CHR - plugin: Java Deployment Toolkit 7.0.150.3 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files (x86)\Video Web Camera\traybar.exe (Chicony)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKCU..\Run: [Iduqirvi] C:\Users\Karre\AppData\Roaming\Hiamib\zufa.exe File not found
O4 - HKCU..\Run: [KB00845595.exe] C:\Users\Karre\AppData\Roaming\KB00845595.exe (Exiland Software)
O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup File not found
O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKCU..\Run: [logonqu] C:\Users\Karre\AppData\Roaming\logonqu.exe ()
O4 - HKCU..\Run: [mxexclme] C:\Users\Karre\AppData\Local\Temp\Plnqrurx\npcipclme.exe ()
O4 - HKCU..\Run: [Pouka] C:\Users\Karre\AppData\Roaming\Iczuwy\isob.exe ()
O4 - HKCU..\Run: [winva] "C:\Users\Karre\AppData\Roaming\winva.exe" -autorun File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0174DE3D-ABB3-4E46-964D-0A27755B40E5}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013.03.09 11:22:07 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.03.09 11:21:56 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.03.09 11:21:56 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.03.09 11:21:56 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.03.09 11:21:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.03.09 10:57:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013.03.09 10:57:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.03.08 12:40:24 | 000,097,792 | ---- | C] (Exiland Software) -- C:\Users\Karre\AppData\Roaming\KB00845595.exe
[2013.03.08 12:40:24 | 000,000,000 | -H-D | C] -- C:\Users\Karre\AppData\Roaming\9D65552A
[2013.03.08 12:20:03 | 000,000,000 | ---D | C] -- C:\Users\Karre\AppData\Roaming\Iczuwy
[2013.03.08 12:20:03 | 000,000,000 | ---D | C] -- C:\Users\Karre\AppData\Roaming\Feulat
[2013.03.08 12:20:03 | 000,000,000 | ---D | C] -- C:\Users\Karre\AppData\Roaming\Duray
[2013.03.08 12:07:26 | 000,000,000 | ---D | C] -- C:\Users\Karre\AppData\Roaming\Avira
[2013.03.08 12:01:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.03.08 12:01:41 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.03.08 12:01:41 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.03.08 12:01:41 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.03.08 12:01:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.03.08 12:01:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2013.03.08 10:07:52 | 000,000,000 | ---D | C] -- C:\Users\Karre\AppData\Roaming\Ysoh
[2013.03.08 10:07:52 | 000,000,000 | ---D | C] -- C:\Users\Karre\AppData\Roaming\Vyacbo
[2013.03.08 10:07:51 | 000,000,000 | ---D | C] -- C:\Users\Karre\AppData\Roaming\Ubha
[2013.03.07 10:17:58 | 000,000,000 | ---D | C] -- C:\Users\Karre\AppData\Roaming\Woxu
[2013.03.07 10:17:58 | 000,000,000 | ---D | C] -- C:\Users\Karre\AppData\Roaming\Unsy
[2013.03.07 10:17:58 | 000,000,000 | ---D | C] -- C:\Users\Karre\AppData\Roaming\Exfe
[2013.03.07 10:06:12 | 000,000,000 | ---D | C] -- C:\Users\Karre\AppData\Roaming\Veyr
[2013.03.07 10:06:12 | 000,000,000 | ---D | C] -- C:\Users\Karre\AppData\Roaming\Lyfy
[2013.03.07 10:06:12 | 000,000,000 | ---D | C] -- C:\Users\Karre\AppData\Roaming\Lavih
[2013.03.06 09:51:01 | 000,000,000 | ---D | C] -- C:\Users\Karre\AppData\Roaming\Inbumu
[2013.03.06 09:51:01 | 000,000,000 | ---D | C] -- C:\Users\Karre\AppData\Roaming\Igycva
[2013.03.06 09:51:01 | 000,000,000 | ---D | C] -- C:\Users\Karre\AppData\Roaming\Eqfe
[2013.02.26 11:08:25 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\NativeFus_Log
[2013.02.26 11:08:25 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2013.02.26 11:08:22 | 000,000,000 | ---D | C] -- C:\Users\Karre\AppData\Local\Samsung
[2013.02.26 11:08:21 | 000,000,000 | ---D | C] -- C:\Users\Karre\AppData\Roaming\Samsung
[2013.02.26 11:08:17 | 000,000,000 | ---D | C] -- C:\Users\Karre\Documents\samsung
[2013.02.26 11:00:31 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\SysWow64\Redemption.dll
[2013.02.26 11:00:20 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\SysWow64\dgderapi.dll
[2013.02.26 10:59:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2013.02.26 10:59:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung
[2013.02.26 10:51:15 | 000,000,000 | ---D | C] -- C:\Users\Karre\AppData\Local\Downloaded Installations
[2013.02.26 10:04:11 | 000,000,000 | ---D | C] -- C:\Users\Karre\AppData\Roaming\Hiamib
[2013.02.26 10:04:11 | 000,000,000 | ---D | C] -- C:\Users\Karre\AppData\Roaming\Hapun
[2013.02.26 10:04:11 | 000,000,000 | ---D | C] -- C:\Users\Karre\AppData\Roaming\Cesi
[2013.02.25 19:13:26 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2013.02.14 11:13:15 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.02.14 11:13:15 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.02.14 11:13:14 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.02.14 11:13:14 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.02.14 11:13:13 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.02.14 11:13:13 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.02.14 11:13:13 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.02.14 11:13:13 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.02.14 11:13:12 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.02.14 11:13:12 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.02.14 11:13:12 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.02.14 11:13:12 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.02.14 11:13:09 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.02.14 11:13:09 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.02.14 11:13:09 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.02.14 10:33:47 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.02.14 10:33:44 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.02.14 10:33:43 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.02.14 10:33:38 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.02.14 10:33:38 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013.02.14 10:33:37 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013.02.14 10:33:37 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013.02.14 10:33:37 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013.02.14 10:33:37 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013.02.14 10:33:34 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS

========== Files - Modified Within 30 Days ==========

[2013.03.09 19:27:47 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.09 19:27:47 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.09 19:27:47 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.09 19:27:47 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.09 19:27:47 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.09 19:27:26 | 000,000,000 | ---- | M] () -- C:\Users\Karre\defogger_reenable
[2013.03.09 19:25:16 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.09 19:25:16 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.09 19:17:37 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.09 19:17:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.09 19:17:10 | 3111,514,112 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.09 11:21:42 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.03.09 11:21:40 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013.03.09 11:21:40 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.03.09 11:21:40 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.03.09 11:21:40 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.03.09 11:21:40 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.03.09 11:14:49 | 000,001,163 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.03.09 10:41:05 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.09 10:17:13 | 000,097,792 | ---- | M] (Exiland Software) -- C:\Users\Karre\AppData\Roaming\KB00845595.exe
[2013.03.08 12:01:56 | 000,002,006 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.03.08 11:54:18 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.03.08 11:54:18 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.03.08 11:54:18 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.03.05 10:44:48 | 000,002,195 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.02.24 11:05:42 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.02.24 11:05:42 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.02.15 15:47:36 | 000,367,248 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.10 10:11:14 | 000,002,058 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

========== Files Created - No Company Name ==========

[2013.03.09 19:27:26 | 000,000,000 | ---- | C] () -- C:\Users\Karre\defogger_reenable
[2013.03.09 10:57:08 | 000,001,175 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.03.09 10:57:08 | 000,001,163 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.03.08 12:01:56 | 000,002,006 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.02.05 17:52:54 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013.02.05 17:52:50 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2013.02.05 17:52:50 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2013.02.05 17:52:50 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2013.02.05 17:52:50 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.06.14 10:56:01 | 000,000,000 | ---- | C] () -- C:\Users\Karre\AppData\Local\{AC5F19E7-7C65-421B-BF8F-7871B408C58C}
[1601.01.01 01:00:00 | 000,248,832 | ---- | C] () -- C:\Users\Karre\AppData\Roaming\logonqu.exe

========== ZeroAccess Check ==========

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
Vielen Dank für Eure Hilfe!
Karre

Alt 09.03.2013, 20:53   #2
ryder
/// TB-Ausbilder
 
TR/Matsnu.A.85    TR/PSW.Zbot.1970 - Standard

TR/Matsnu.A.85 TR/PSW.Zbot.1970



Lesestoff:
Banking-Trojaner
Wenn du mit diesem Computer beispielsweise Onlinebanking machst, dann solltest du zumindest dein Passwort von deiner Bank ändern lassen, wenn du ein ansonsten sicheres Verfahren wie beispielsweise "chip-TAN-comfort" nutzt. Hast du noch alte TAN-Bögen auf Papierbasis? Dann ist es höchste Zeit dich bei deiner Bank zu melden und notfalls das Konto temporär sperren zu lassen. Der Sperrnotruf 116 116 von www.sperr-notruf.de kann Tag und Nacht dafür benutzt werden.




Ich werde dir bei deinem Problem helfen. Eine Bereinigung ist mitunter mit viel Arbeit für Dich (und mich) verbunden. Bevor es los geht, habe ich etwas Lesestoff für dich.

Bitte Lesen:
Regeln für die Bereinigung
Damit die Bereinigung funktioniert bitte ich dich, die folgenden Punkte aufmerksam zu lesen:
  • Bitte arbeite alle Schritte der Reihe nach ab. Gib mir bitte zu jedem Schritt Rückmeldung (Logfile oder Antwort) und zwar gesammelt, wenn du alles erledigt hast, in einer Antwort.
  • Nur Scanns durchführen zu denen Du aufgefordert wirst.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software, ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread (möglichst in Code-Tags - #-Symbol im Editor anklicken). Nicht anhängen oder zippen, außer ich fordere Dich dazu auf, oder das Logfile wäre zu gross. Erschwert mir nämlich das Auswerten.
  • Mache deinen Namen nur dann unkenntlich, wenn es unbedingt sein muss.
  • Beim ersten Anzeichen illegal genutzer Software (Cracks, Patches und Co) wird der Support ohne Diskussion eingestellt.
  • Sollte ich nicht nach 3 Tagen geantwortet haben, dann (und nur dann) schicke mir bitte eine PM.
  • Ich werde dir ganz deutlich mitteilen, dass du "sauber" bist. Bis dahin arbeite bitte gut mit.
  • Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.


Gelesen und verstanden?


Schritt 1: (Erinnerung: Antworte mir erst, wenn du alle Schritte abgearbeitet hast!)

Laufwerksemulationen abschalten mit Defogger
Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop und starte es:
  • Klicke nun auf den Disable Button, um die Treiber gewisser Emulatoren zu deaktivieren.
  • Defogger wird dich fragen "Defogger will forcefully ... Continue?" bestätige dies mit Ja.
  • Wenn der Scan beendet wurde (Finished), klicke auf OK.
  • Defogger fordert gegebenfalls zum Neustart auf. Bestätige dies mit OK.
Poste bitte die defogger_disable.txt von deinem Desktop.
Klicke den Re-enable Button nicht ohne Anweisung.
Schritt 2:
Scan mit aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. ( Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Schritt 3:
Scan mit dem TDSS-Killer

Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.

Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe
  • Klicke auf Change parameters, setze einen Haken bei Detect TDLFS file system und bestätige mit OK.
  • Drücke Start Scan
  • Warnung:
    Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ )
    Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt
Poste den Inhalt bitte hier in deinen Thread (bitte dringend in CODE-Tags mit dem #-Symbol im Editor).

Schritt 4:
Scan mit DDS+ (mit attach)
Downloade dir bitte DDS (von sUBs) und speichere die Datei auf deinem Desktop.

dds.com
  • Schließe alle laufenden Programme und starte DDS mit Doppelklick.
  • Der Desktop wird verschwinden, das ist normal.
  • Stelle folgendes ein:

    [X] dds.txt
    [X] attach.txt
    [ ] options for dds.txt

  • Ändere keine Einstellung ohne Anweisung.
  • Klicke auf Start.
  • Es werden 2 Logfiles auf deinem Desktop erstellt.
    • dds.txt
    • attach.txt
  • Poste die beiden Logfile hier, möglichst in CODE-Tags.
__________________

__________________

Alt 09.03.2013, 21:30   #3
Karre
 
TR/Matsnu.A.85    TR/PSW.Zbot.1970 - Standard

TR/Matsnu.A.85 TR/PSW.Zbot.1970



Hallo Ryder!
Vielen Dank, dass Du mir hilfst.

Hier von aswmbr:

Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-09 21:16:50
-----------------------------
21:16:50.849    OS Version: Windows x64 6.1.7601 Service Pack 1
21:16:50.849    Number of processors: 4 586 0x2505
21:16:50.849    ComputerName: KARRE-PC  UserName: Karre
21:16:52.487    Initialize success
21:17:09.507    AVAST engine download error: 0
21:18:11.673    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:18:11.673    Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
21:18:11.689    Disk 0 MBR read successfully
21:18:11.704    Disk 0 MBR scan
21:18:11.704    Disk 0 Windows VISTA default MBR code
21:18:11.720    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        13000 MB offset 2048
21:18:11.735    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 26626048
21:18:11.751    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       463838 MB offset 26830848
21:18:11.767    Disk 0 scanning C:\Windows\system32\drivers
21:18:23.326    Service scanning
21:19:06.694    Modules scanning
21:19:06.694    Disk 0 trace - called modules:
21:19:06.726    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
21:19:06.741    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c02060]
21:19:06.741    3 CLASSPNP.SYS[fffff880019cd43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004908050]
21:19:06.741    Scan finished successfully
21:19:53.440    Disk 0 MBR has been saved successfully to "E:\defogger\MBR.dat"
21:19:53.658    The log file has been saved successfully to "E:\defogger\aswMBR.txt"
         
hier von tdss:

Code:
ATTFilter
21:20:46.0070 4068  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
21:20:48.0082 4068  ============================================================
21:20:48.0082 4068  Current date / time: 2013/03/09 21:20:48.0082
21:20:48.0082 4068  SystemInfo:
21:20:48.0082 4068  
21:20:48.0082 4068  OS Version: 6.1.7601 ServicePack: 1.0
21:20:48.0082 4068  Product type: Workstation
21:20:48.0082 4068  ComputerName: KARRE-PC
21:20:48.0082 4068  UserName: Karre
21:20:48.0082 4068  Windows directory: C:\Windows
21:20:48.0082 4068  System windows directory: C:\Windows
21:20:48.0082 4068  Running under WOW64
21:20:48.0082 4068  Processor architecture: Intel x64
21:20:48.0082 4068  Number of processors: 4
21:20:48.0082 4068  Page size: 0x1000
21:20:48.0082 4068  Boot type: Normal boot
21:20:48.0082 4068  ============================================================
21:20:48.0769 4068  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:20:48.0784 4068  Drive \Device\Harddisk1\DR1 - Size: 0x7D680000 (1.96 Gb), SectorSize: 0x200, Cylinders: 0xFF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:20:48.0784 4068  ============================================================
21:20:48.0784 4068  \Device\Harddisk0\DR0:
21:20:48.0784 4068  MBR partitions:
21:20:48.0784 4068  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1964800, BlocksNum 0x32000
21:20:48.0784 4068  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1996800, BlocksNum 0x389EF030
21:20:48.0784 4068  \Device\Harddisk1\DR1:
21:20:48.0784 4068  MBR partitions:
21:20:48.0784 4068  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x3EB3E0
21:20:48.0784 4068  ============================================================
21:20:48.0815 4068  C: <-> \Device\Harddisk0\DR0\Partition2
21:20:48.0815 4068  ============================================================
21:20:48.0815 4068  Initialize success
21:20:48.0815 4068  ============================================================
21:21:08.0019 3440  ============================================================
21:21:08.0019 3440  Scan started
21:21:08.0019 3440  Mode: Manual; TDLFS; 
21:21:08.0019 3440  ============================================================
21:21:08.0159 3440  ================ Scan system memory ========================
21:21:08.0159 3440  System memory - ok
21:21:08.0159 3440  ================ Scan services =============================
21:21:08.0315 3440  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
21:21:08.0315 3440  1394ohci - ok
21:21:08.0362 3440  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
21:21:08.0378 3440  ACPI - ok
21:21:08.0425 3440  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
21:21:08.0425 3440  AcpiPmi - ok
21:21:08.0518 3440  [ 34400005DE52842C4D6D4EE978B4D7CE ] AdobeActiveFileMonitor8.0 c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
21:21:08.0534 3440  AdobeActiveFileMonitor8.0 - ok
21:21:08.0705 3440  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:21:08.0705 3440  AdobeARMservice - ok
21:21:08.0768 3440  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
21:21:08.0768 3440  adp94xx - ok
21:21:08.0815 3440  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
21:21:08.0815 3440  adpahci - ok
21:21:08.0830 3440  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
21:21:08.0830 3440  adpu320 - ok
21:21:08.0861 3440  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
21:21:08.0877 3440  AeLookupSvc - ok
21:21:08.0924 3440  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
21:21:08.0924 3440  AFD - ok
21:21:08.0955 3440  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
21:21:08.0955 3440  agp440 - ok
21:21:09.0002 3440  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
21:21:09.0017 3440  ALG - ok
21:21:09.0064 3440  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
21:21:09.0064 3440  aliide - ok
21:21:09.0111 3440  [ 3D90CF67DB75823A8480E56BBCD2E028 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
21:21:09.0111 3440  AMD External Events Utility - ok
21:21:09.0158 3440  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
21:21:09.0158 3440  amdide - ok
21:21:09.0189 3440  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
21:21:09.0189 3440  AmdK8 - ok
21:21:09.0361 3440  [ 52679612D742BF74CA1BA6AB86DDF431 ] amdkmdag        C:\Windows\system32\DRIVERS\atipmdag.sys
21:21:09.0485 3440  amdkmdag - ok
21:21:09.0548 3440  [ 414E0788920A8C856032BE2CBF29F984 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
21:21:09.0548 3440  amdkmdap - ok
21:21:09.0595 3440  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
21:21:09.0595 3440  AmdPPM - ok
21:21:09.0641 3440  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
21:21:09.0641 3440  amdsata - ok
21:21:09.0673 3440  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
21:21:09.0673 3440  amdsbs - ok
21:21:09.0688 3440  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
21:21:09.0688 3440  amdxata - ok
21:21:09.0751 3440  [ 391887990CDAA83DE5C56C3FDE966DA1 ] AmUStor         C:\Windows\system32\drivers\AmUStor.SYS
21:21:09.0751 3440  AmUStor - ok
21:21:09.0844 3440  [ 459465DA28E49B358ECFE0D788F328F4 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
21:21:09.0844 3440  AntiVirSchedulerService - ok
21:21:09.0891 3440  [ BCDD17E8469D647A71B347C4B6F86685 ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
21:21:09.0891 3440  AntiVirService - ok
21:21:09.0938 3440  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
21:21:09.0938 3440  AppID - ok
21:21:09.0985 3440  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
21:21:09.0985 3440  AppIDSvc - ok
21:21:10.0031 3440  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
21:21:10.0047 3440  Appinfo - ok
21:21:10.0094 3440  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
21:21:10.0094 3440  arc - ok
21:21:10.0109 3440  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
21:21:10.0109 3440  arcsas - ok
21:21:10.0141 3440  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
21:21:10.0141 3440  AsyncMac - ok
21:21:10.0172 3440  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
21:21:10.0172 3440  atapi - ok
21:21:10.0281 3440  [ E642491F64E58CD5BC8FB8B347DCF65F ] athr            C:\Windows\system32\DRIVERS\athrx.sys
21:21:10.0297 3440  athr - ok
21:21:10.0359 3440  [ FB7602C5C508BE281368AAE0B61B51C6 ] AtiHdmiService  C:\Windows\system32\drivers\AtiHdmi.sys
21:21:10.0359 3440  AtiHdmiService - ok
21:21:10.0406 3440  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:21:10.0453 3440  AudioEndpointBuilder - ok
21:21:10.0468 3440  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
21:21:10.0468 3440  AudioSrv - ok
21:21:10.0531 3440  [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
21:21:10.0531 3440  avgntflt - ok
21:21:10.0562 3440  [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
21:21:10.0562 3440  avipbb - ok
21:21:10.0593 3440  [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
21:21:10.0593 3440  avkmgr - ok
21:21:10.0655 3440  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
21:21:10.0671 3440  AxInstSV - ok
21:21:10.0718 3440  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
21:21:10.0718 3440  b06bdrv - ok
21:21:10.0765 3440  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
21:21:10.0780 3440  b57nd60a - ok
21:21:10.0889 3440  [ A2494901E7226B356B8C1005C45F1C5F ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
21:21:10.0889 3440  BBSvc - ok
21:21:10.0936 3440  [ 63B1CBBAE4790B5BAC98F01BF9449722 ] BBUpdate        C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
21:21:10.0952 3440  BBUpdate - ok
21:21:11.0030 3440  [ 9E84A931DBEE0292E38ED672F6293A99 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
21:21:11.0061 3440  BCM43XX - ok
21:21:11.0139 3440  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
21:21:11.0155 3440  BDESVC - ok
21:21:11.0170 3440  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
21:21:11.0170 3440  Beep - ok
21:21:11.0264 3440  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
21:21:11.0311 3440  BFE - ok
21:21:11.0373 3440  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
21:21:11.0435 3440  BITS - ok
21:21:11.0467 3440  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
21:21:11.0467 3440  blbdrive - ok
21:21:11.0513 3440  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
21:21:11.0529 3440  bowser - ok
21:21:11.0560 3440  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:21:11.0560 3440  BrFiltLo - ok
21:21:11.0560 3440  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:21:11.0560 3440  BrFiltUp - ok
21:21:11.0607 3440  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
21:21:11.0607 3440  Browser - ok
21:21:11.0638 3440  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
21:21:11.0638 3440  Brserid - ok
21:21:11.0638 3440  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
21:21:11.0638 3440  BrSerWdm - ok
21:21:11.0654 3440  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
21:21:11.0654 3440  BrUsbMdm - ok
21:21:11.0654 3440  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
21:21:11.0654 3440  BrUsbSer - ok
21:21:11.0669 3440  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
21:21:11.0669 3440  BTHMODEM - ok
21:21:11.0716 3440  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
21:21:11.0716 3440  bthserv - ok
21:21:11.0732 3440  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
21:21:11.0747 3440  cdfs - ok
21:21:11.0794 3440  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
21:21:11.0794 3440  cdrom - ok
21:21:11.0857 3440  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
21:21:11.0872 3440  CertPropSvc - ok
21:21:11.0903 3440  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
21:21:11.0903 3440  circlass - ok
21:21:11.0950 3440  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
21:21:11.0950 3440  CLFS - ok
21:21:12.0059 3440  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:21:12.0075 3440  clr_optimization_v2.0.50727_32 - ok
21:21:12.0122 3440  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:21:12.0137 3440  clr_optimization_v2.0.50727_64 - ok
21:21:12.0262 3440  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:21:12.0325 3440  clr_optimization_v4.0.30319_32 - ok
21:21:12.0356 3440  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:21:12.0356 3440  clr_optimization_v4.0.30319_64 - ok
21:21:12.0387 3440  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
21:21:12.0387 3440  CmBatt - ok
21:21:12.0418 3440  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
21:21:12.0418 3440  cmdide - ok
21:21:12.0465 3440  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
21:21:12.0481 3440  CNG - ok
21:21:12.0527 3440  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
21:21:12.0527 3440  Compbatt - ok
21:21:12.0559 3440  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
21:21:12.0559 3440  CompositeBus - ok
21:21:12.0574 3440  COMSysApp - ok
21:21:12.0605 3440  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
21:21:12.0605 3440  crcdisk - ok
21:21:12.0652 3440  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
21:21:12.0652 3440  CryptSvc - ok
21:21:12.0699 3440  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
21:21:12.0699 3440  DcomLaunch - ok
21:21:12.0761 3440  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
21:21:12.0793 3440  defragsvc - ok
21:21:12.0824 3440  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
21:21:12.0824 3440  DfsC - ok
21:21:12.0886 3440  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
21:21:12.0886 3440  Dhcp - ok
21:21:12.0917 3440  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
21:21:12.0917 3440  discache - ok
21:21:12.0933 3440  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
21:21:12.0949 3440  Disk - ok
21:21:12.0995 3440  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
21:21:13.0011 3440  Dnscache - ok
21:21:13.0073 3440  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
21:21:13.0073 3440  dot3svc - ok
21:21:13.0136 3440  [ B42ED0320C6E41102FDE0005154849BB ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
21:21:13.0136 3440  Dot4 - ok
21:21:13.0198 3440  [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print       C:\Windows\system32\drivers\Dot4Prt.sys
21:21:13.0198 3440  Dot4Print - ok
21:21:13.0229 3440  [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
21:21:13.0229 3440  dot4usb - ok
21:21:13.0276 3440  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
21:21:13.0276 3440  DPS - ok
21:21:13.0323 3440  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
21:21:13.0323 3440  drmkaud - ok
21:21:13.0385 3440  [ 9CF46FDF163E06B83D03FF929EF2296C ] DsiWMIService   C:\Program Files (x86)\Launch Manager\dsiwmis.exe
21:21:13.0385 3440  DsiWMIService - ok
21:21:13.0448 3440  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
21:21:13.0463 3440  DXGKrnl - ok
21:21:13.0510 3440  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
21:21:13.0510 3440  EapHost - ok
21:21:13.0651 3440  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
21:21:13.0744 3440  ebdrv - ok
21:21:13.0775 3440  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
21:21:13.0775 3440  EFS - ok
21:21:13.0853 3440  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
21:21:13.0900 3440  ehRecvr - ok
21:21:13.0931 3440  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
21:21:13.0931 3440  ehSched - ok
21:21:13.0994 3440  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
21:21:13.0994 3440  elxstor - ok
21:21:14.0165 3440  [ 3EA2C4F68A782839D97B3C83595575B6 ] ePowerSvc       C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
21:21:14.0181 3440  ePowerSvc - ok
21:21:14.0197 3440  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
21:21:14.0197 3440  ErrDev - ok
21:21:14.0259 3440  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
21:21:14.0290 3440  EventSystem - ok
21:21:14.0306 3440  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
21:21:14.0306 3440  exfat - ok
21:21:14.0337 3440  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
21:21:14.0337 3440  fastfat - ok
21:21:14.0399 3440  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
21:21:14.0431 3440  Fax - ok
21:21:14.0446 3440  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
21:21:14.0446 3440  fdc - ok
21:21:14.0493 3440  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
21:21:14.0493 3440  fdPHost - ok
21:21:14.0509 3440  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
21:21:14.0524 3440  FDResPub - ok
21:21:14.0540 3440  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
21:21:14.0540 3440  FileInfo - ok
21:21:14.0555 3440  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
21:21:14.0555 3440  Filetrace - ok
21:21:14.0696 3440  [ ABEDFD48AC042C6AAAD32452E77217A1 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
21:21:14.0743 3440  FLEXnet Licensing Service - ok
21:21:14.0758 3440  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
21:21:14.0758 3440  flpydisk - ok
21:21:14.0805 3440  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
21:21:14.0805 3440  FltMgr - ok
21:21:14.0867 3440  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
21:21:14.0899 3440  FontCache - ok
21:21:15.0039 3440  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:21:15.0055 3440  FontCache3.0.0.0 - ok
21:21:15.0117 3440  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
21:21:15.0117 3440  FsDepends - ok
21:21:15.0148 3440  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
21:21:15.0148 3440  Fs_Rec - ok
21:21:15.0195 3440  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
21:21:15.0195 3440  fvevol - ok
21:21:15.0226 3440  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
21:21:15.0226 3440  gagp30kx - ok
21:21:15.0320 3440  [ CE16683CFD11FE70BDE435DDA5EA1FCA ] GameConsoleService C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe
21:21:15.0367 3440  GameConsoleService - ok
21:21:15.0429 3440  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
21:21:15.0476 3440  gpsvc - ok
21:21:15.0538 3440  [ 0191DEE9B9EB7902AF2CF4F67301095D ] GREGService     C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
21:21:15.0538 3440  GREGService - ok
21:21:15.0647 3440  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:21:15.0647 3440  gupdate - ok
21:21:15.0741 3440  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:21:15.0741 3440  gupdatem - ok
21:21:15.0772 3440  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
21:21:15.0772 3440  hcw85cir - ok
21:21:15.0850 3440  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:21:15.0850 3440  HdAudAddService - ok
21:21:15.0881 3440  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
21:21:15.0881 3440  HDAudBus - ok
21:21:15.0913 3440  [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
21:21:15.0913 3440  HECIx64 - ok
21:21:15.0944 3440  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
21:21:15.0959 3440  HidBatt - ok
21:21:15.0959 3440  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
21:21:15.0959 3440  HidBth - ok
21:21:15.0975 3440  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
21:21:15.0975 3440  HidIr - ok
21:21:16.0006 3440  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
21:21:16.0006 3440  hidserv - ok
21:21:16.0053 3440  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
21:21:16.0053 3440  HidUsb - ok
21:21:16.0100 3440  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
21:21:16.0100 3440  hkmsvc - ok
21:21:16.0162 3440  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:21:16.0178 3440  HomeGroupListener - ok
21:21:16.0225 3440  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:21:16.0240 3440  HomeGroupProvider - ok
21:21:16.0396 3440  [ 1DAE5C46D42B02A6D5862E1482EFB390 ] hpqcxs08        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
21:21:16.0396 3440  hpqcxs08 - ok
21:21:16.0474 3440  [ 99E8EEF42FE2F4AF29B08C3355DD7685 ] hpqddsvc        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
21:21:16.0474 3440  hpqddsvc - ok
21:21:16.0537 3440  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
21:21:16.0537 3440  HpSAMD - ok
21:21:16.0646 3440  [ 7F57926169C1B8ABA9274EA7D4B70F18 ] HPSLPSVC        C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
21:21:16.0677 3440  HPSLPSVC - ok
21:21:16.0724 3440  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
21:21:16.0739 3440  HTTP - ok
21:21:16.0786 3440  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
21:21:16.0786 3440  hwpolicy - ok
21:21:16.0833 3440  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
21:21:16.0833 3440  i8042prt - ok
21:21:16.0880 3440  [ ABBF174CB394F5C437410A788B7E404A ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
21:21:16.0880 3440  iaStor - ok
21:21:16.0927 3440  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
21:21:16.0942 3440  iaStorV - ok
21:21:17.0129 3440  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:21:17.0176 3440  idsvc - ok
21:21:17.0426 3440  [ A87261EF1546325B559374F5689CF5BC ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
21:21:17.0566 3440  igfx - ok
21:21:17.0597 3440  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
21:21:17.0597 3440  iirsp - ok
21:21:17.0769 3440  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
21:21:17.0800 3440  IKEEXT - ok
21:21:17.0987 3440  [ E8017F1662D9142F45CEAB694D013C00 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
21:21:18.0003 3440  IntcAzAudAddService - ok
21:21:18.0019 3440  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
21:21:18.0019 3440  intelide - ok
21:21:18.0065 3440  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
21:21:18.0065 3440  intelppm - ok
21:21:18.0112 3440  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
21:21:18.0128 3440  IPBusEnum - ok
21:21:18.0159 3440  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:21:18.0159 3440  IpFilterDriver - ok
21:21:18.0221 3440  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
21:21:18.0253 3440  iphlpsvc - ok
21:21:18.0284 3440  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
21:21:18.0284 3440  IPMIDRV - ok
21:21:18.0331 3440  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
21:21:18.0331 3440  IPNAT - ok
21:21:18.0362 3440  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
21:21:18.0362 3440  IRENUM - ok
21:21:18.0377 3440  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
21:21:18.0377 3440  isapnp - ok
21:21:18.0611 3440  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
21:21:18.0611 3440  iScsiPrt - ok
21:21:18.0674 3440  [ 12E27942DBB7C91880163634B0D8A776 ] k57nd60a        C:\Windows\system32\DRIVERS\k57nd60a.sys
21:21:18.0689 3440  k57nd60a - ok
21:21:18.0705 3440  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
21:21:18.0705 3440  kbdclass - ok
21:21:18.0721 3440  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
21:21:18.0721 3440  kbdhid - ok
21:21:18.0752 3440  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
21:21:18.0752 3440  KeyIso - ok
21:21:18.0783 3440  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
21:21:18.0783 3440  KSecDD - ok
21:21:18.0892 3440  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
21:21:18.0892 3440  KSecPkg - ok
21:21:18.0939 3440  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
21:21:18.0939 3440  ksthunk - ok
21:21:19.0033 3440  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
21:21:19.0079 3440  KtmRm - ok
21:21:19.0111 3440  [ 2AC603C3188C704CFCE353659AA7AD71 ] L1E             C:\Windows\system32\DRIVERS\L1E62x64.sys
21:21:19.0111 3440  L1E - ok
21:21:19.0157 3440  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
21:21:19.0220 3440  LanmanServer - ok
21:21:19.0267 3440  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:21:19.0298 3440  LanmanWorkstation - ok
21:21:19.0345 3440  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
21:21:19.0360 3440  lltdio - ok
21:21:19.0485 3440  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
21:21:19.0501 3440  lltdsvc - ok
21:21:19.0532 3440  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
21:21:19.0547 3440  lmhosts - ok
21:21:19.0672 3440  [ 23DE5B62B0445A6F874BE633C95B483E ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
21:21:19.0672 3440  LMS - ok
21:21:19.0719 3440  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
21:21:19.0719 3440  LSI_FC - ok
21:21:19.0735 3440  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
21:21:19.0735 3440  LSI_SAS - ok
21:21:19.0750 3440  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:21:19.0750 3440  LSI_SAS2 - ok
21:21:19.0781 3440  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:21:19.0781 3440  LSI_SCSI - ok
21:21:19.0813 3440  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
21:21:19.0813 3440  luafv - ok
21:21:19.0922 3440  [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe
21:21:19.0969 3440  McComponentHostService - ok
21:21:20.0015 3440  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
21:21:20.0031 3440  Mcx2Svc - ok
21:21:20.0062 3440  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
21:21:20.0062 3440  megasas - ok
21:21:20.0234 3440  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
21:21:20.0234 3440  MegaSR - ok
21:21:20.0249 3440  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
21:21:20.0249 3440  MMCSS - ok
21:21:20.0281 3440  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
21:21:20.0281 3440  Modem - ok
21:21:20.0312 3440  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
21:21:20.0312 3440  monitor - ok
21:21:20.0359 3440  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
21:21:20.0359 3440  mouclass - ok
21:21:20.0374 3440  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
21:21:20.0374 3440  mouhid - ok
21:21:20.0421 3440  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
21:21:20.0421 3440  mountmgr - ok
21:21:20.0468 3440  MozillaMaintenance - ok
21:21:20.0530 3440  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
21:21:20.0530 3440  mpio - ok
21:21:20.0593 3440  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
21:21:20.0593 3440  mpsdrv - ok
21:21:20.0639 3440  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
21:21:20.0686 3440  MpsSvc - ok
21:21:20.0733 3440  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
21:21:20.0733 3440  MRxDAV - ok
21:21:20.0764 3440  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
21:21:20.0764 3440  mrxsmb - ok
21:21:20.0842 3440  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:21:20.0858 3440  mrxsmb10 - ok
21:21:20.0920 3440  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:21:20.0920 3440  mrxsmb20 - ok
21:21:20.0967 3440  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
21:21:20.0967 3440  msahci - ok
21:21:21.0045 3440  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
21:21:21.0045 3440  msdsm - ok
21:21:21.0061 3440  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
21:21:21.0076 3440  MSDTC - ok
21:21:21.0107 3440  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
21:21:21.0123 3440  Msfs - ok
21:21:21.0139 3440  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
21:21:21.0139 3440  mshidkmdf - ok
21:21:21.0185 3440  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
21:21:21.0185 3440  msisadrv - ok
21:21:21.0263 3440  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
21:21:21.0373 3440  MSiSCSI - ok
21:21:21.0388 3440  msiserver - ok
21:21:21.0435 3440  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
21:21:21.0451 3440  MSKSSRV - ok
21:21:21.0513 3440  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
21:21:21.0513 3440  MSPCLOCK - ok
21:21:21.0513 3440  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
21:21:21.0513 3440  MSPQM - ok
21:21:21.0544 3440  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
21:21:21.0560 3440  MsRPC - ok
21:21:21.0591 3440  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
21:21:21.0591 3440  mssmbios - ok
21:21:21.0591 3440  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
21:21:21.0607 3440  MSTEE - ok
21:21:21.0607 3440  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
21:21:21.0607 3440  MTConfig - ok
21:21:21.0638 3440  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
21:21:21.0638 3440  Mup - ok
21:21:21.0747 3440  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
21:21:21.0763 3440  napagent - ok
21:21:21.0841 3440  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
21:21:21.0841 3440  NativeWifiP - ok
21:21:21.0965 3440  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
21:21:21.0997 3440  NDIS - ok
21:21:22.0059 3440  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
21:21:22.0059 3440  NdisCap - ok
21:21:22.0090 3440  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
21:21:22.0090 3440  NdisTapi - ok
21:21:22.0121 3440  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
21:21:22.0121 3440  Ndisuio - ok
21:21:22.0168 3440  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
21:21:22.0184 3440  NdisWan - ok
21:21:22.0231 3440  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
21:21:22.0231 3440  NDProxy - ok
21:21:22.0449 3440  [ 7D2633295EB6FF2B938185874884059D ] Nero BackItUp Scheduler 4.0 c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
21:21:22.0480 3440  Nero BackItUp Scheduler 4.0 - ok
21:21:22.0543 3440  [ D5AC41AE382738483FAFFBD7E373D49A ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
21:21:22.0543 3440  Net Driver HPZ12 - ok
21:21:22.0574 3440  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
21:21:22.0574 3440  NetBIOS - ok
21:21:22.0605 3440  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
21:21:22.0621 3440  NetBT - ok
21:21:22.0636 3440  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
21:21:22.0636 3440  Netlogon - ok
21:21:22.0683 3440  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
21:21:22.0683 3440  Netman - ok
21:21:22.0714 3440  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
21:21:22.0714 3440  netprofm - ok
21:21:22.0761 3440  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:21:22.0761 3440  NetTcpPortSharing - ok
21:21:22.0808 3440  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
21:21:22.0808 3440  nfrd960 - ok
21:21:22.0870 3440  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
21:21:22.0886 3440  NlaSvc - ok
21:21:23.0089 3440  [ 5839A8027D6D324A7CD494051A96628C ] NOBU            C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
21:21:23.0151 3440  NOBU - ok
21:21:23.0198 3440  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
21:21:23.0198 3440  Npfs - ok
21:21:23.0245 3440  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
21:21:23.0245 3440  nsi - ok
21:21:23.0276 3440  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
21:21:23.0276 3440  nsiproxy - ok
21:21:23.0354 3440  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
21:21:23.0401 3440  Ntfs - ok
21:21:23.0463 3440  [ 9A308FCDCCA98A15B6F62D36A272160E ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
21:21:23.0479 3440  NTI IScheduleSvc - ok
21:21:23.0494 3440  [ 64DDD0DEE976302F4BD93E5EFCC2F013 ] NTIDrvr         C:\Windows\system32\drivers\NTIDrvr.sys
21:21:23.0494 3440  NTIDrvr - ok
21:21:23.0572 3440  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
21:21:23.0572 3440  Null - ok
21:21:23.0635 3440  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
21:21:23.0635 3440  nvraid - ok
21:21:23.0681 3440  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
21:21:23.0697 3440  nvstor - ok
21:21:23.0744 3440  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
21:21:23.0744 3440  nv_agp - ok
21:21:23.0806 3440  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
21:21:23.0806 3440  ohci1394 - ok
21:21:23.0915 3440  [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:21:23.0915 3440  ose - ok
21:21:23.0978 3440  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
21:21:23.0978 3440  p2pimsvc - ok
21:21:24.0009 3440  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
21:21:24.0025 3440  p2psvc - ok
21:21:24.0040 3440  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
21:21:24.0040 3440  Parport - ok
21:21:24.0103 3440  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
21:21:24.0103 3440  partmgr - ok
21:21:24.0149 3440  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
21:21:24.0165 3440  PcaSvc - ok
21:21:24.0181 3440  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
21:21:24.0181 3440  pci - ok
21:21:24.0227 3440  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
21:21:24.0227 3440  pciide - ok
21:21:24.0243 3440  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
21:21:24.0259 3440  pcmcia - ok
21:21:24.0290 3440  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
21:21:24.0305 3440  pcw - ok
21:21:24.0399 3440  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
21:21:24.0399 3440  PEAUTH - ok
21:21:24.0508 3440  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
21:21:24.0524 3440  PerfHost - ok
21:21:24.0602 3440  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
21:21:24.0664 3440  pla - ok
21:21:24.0711 3440  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
21:21:24.0742 3440  PlugPlay - ok
21:21:24.0789 3440  [ 37F6046CDC630442D7DC087501FF6FC6 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
21:21:24.0789 3440  Pml Driver HPZ12 - ok
21:21:24.0805 3440  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
21:21:24.0820 3440  PNRPAutoReg - ok
21:21:24.0836 3440  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
21:21:24.0851 3440  PNRPsvc - ok
21:21:24.0976 3440  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
21:21:24.0992 3440  PolicyAgent - ok
21:21:25.0023 3440  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
21:21:25.0039 3440  Power - ok
21:21:25.0101 3440  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
21:21:25.0101 3440  PptpMiniport - ok
21:21:25.0132 3440  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
21:21:25.0132 3440  Processor - ok
21:21:25.0195 3440  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
21:21:25.0210 3440  ProfSvc - ok
21:21:25.0226 3440  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:21:25.0226 3440  ProtectedStorage - ok
21:21:25.0273 3440  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
21:21:25.0273 3440  Psched - ok
21:21:25.0335 3440  [ FBF4DB6D53585437E41A113300002A2B ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
21:21:25.0335 3440  PxHlpa64 - ok
21:21:25.0382 3440  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
21:21:25.0429 3440  ql2300 - ok
21:21:25.0491 3440  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
21:21:25.0491 3440  ql40xx - ok
21:21:25.0553 3440  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
21:21:25.0569 3440  QWAVE - ok
21:21:25.0585 3440  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
21:21:25.0585 3440  QWAVEdrv - ok
21:21:25.0600 3440  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
21:21:25.0600 3440  RasAcd - ok
21:21:25.0631 3440  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
21:21:25.0631 3440  RasAgileVpn - ok
21:21:25.0663 3440  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
21:21:25.0709 3440  RasAuto - ok
21:21:25.0741 3440  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
21:21:25.0741 3440  Rasl2tp - ok
21:21:25.0787 3440  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
21:21:25.0803 3440  RasMan - ok
21:21:25.0834 3440  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
21:21:25.0834 3440  RasPppoe - ok
21:21:25.0850 3440  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
21:21:25.0850 3440  RasSstp - ok
21:21:25.0897 3440  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
21:21:25.0912 3440  rdbss - ok
21:21:25.0959 3440  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
21:21:25.0959 3440  rdpbus - ok
21:21:25.0975 3440  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
21:21:25.0990 3440  RDPCDD - ok
21:21:26.0006 3440  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
21:21:26.0021 3440  RDPENCDD - ok
21:21:26.0037 3440  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
21:21:26.0037 3440  RDPREFMP - ok
21:21:26.0099 3440  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
21:21:26.0099 3440  RDPWD - ok
21:21:26.0193 3440  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
21:21:26.0193 3440  rdyboost - ok
21:21:26.0255 3440  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
21:21:26.0349 3440  RemoteAccess - ok
21:21:26.0411 3440  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
21:21:26.0474 3440  RemoteRegistry - ok
21:21:26.0489 3440  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
21:21:26.0505 3440  RpcEptMapper - ok
21:21:26.0583 3440  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
21:21:26.0599 3440  RpcLocator - ok
21:21:26.0630 3440  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
21:21:26.0630 3440  RpcSs - ok
21:21:26.0661 3440  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
21:21:26.0661 3440  rspndr - ok
21:21:26.0677 3440  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
21:21:26.0692 3440  SamSs - ok
21:21:26.0739 3440  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
21:21:26.0739 3440  sbp2port - ok
21:21:26.0786 3440  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
21:21:26.0895 3440  SCardSvr - ok
21:21:26.0957 3440  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
21:21:26.0957 3440  scfilter - ok
21:21:27.0035 3440  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
21:21:27.0160 3440  Schedule - ok
21:21:27.0223 3440  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
21:21:27.0223 3440  SCPolicySvc - ok
21:21:27.0269 3440  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
21:21:27.0332 3440  SDRSVC - ok
21:21:27.0363 3440  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
21:21:27.0363 3440  secdrv - ok
21:21:27.0379 3440  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
21:21:27.0425 3440  seclogon - ok
21:21:27.0472 3440  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
21:21:27.0488 3440  SENS - ok
21:21:27.0488 3440  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
21:21:27.0503 3440  SensrSvc - ok
21:21:27.0519 3440  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
21:21:27.0519 3440  Serenum - ok
21:21:27.0550 3440  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
21:21:27.0566 3440  Serial - ok
21:21:27.0597 3440  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
21:21:27.0597 3440  sermouse - ok
21:21:27.0659 3440  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
21:21:27.0675 3440  SessionEnv - ok
21:21:27.0722 3440  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
21:21:27.0722 3440  sffdisk - ok
21:21:27.0753 3440  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
21:21:27.0753 3440  sffp_mmc - ok
21:21:27.0784 3440  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
21:21:27.0784 3440  sffp_sd - ok
21:21:27.0815 3440  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
21:21:27.0815 3440  sfloppy - ok
21:21:27.0893 3440  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
21:21:27.0987 3440  SharedAccess - ok
21:21:28.0065 3440  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:21:28.0127 3440  ShellHWDetection - ok
21:21:28.0159 3440  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:21:28.0159 3440  SiSRaid2 - ok
21:21:28.0205 3440  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
21:21:28.0205 3440  SiSRaid4 - ok
21:21:28.0268 3440  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
21:21:28.0268 3440  Smb - ok
21:21:28.0330 3440  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
21:21:28.0346 3440  SNMPTRAP - ok
21:21:28.0377 3440  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
21:21:28.0377 3440  spldr - ok
21:21:28.0424 3440  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
21:21:28.0439 3440  Spooler - ok
21:21:28.0705 3440  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
21:21:28.0767 3440  sppsvc - ok
21:21:28.0783 3440  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
21:21:28.0798 3440  sppuinotify - ok
21:21:28.0845 3440  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
21:21:28.0845 3440  srv - ok
21:21:28.0892 3440  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
21:21:28.0892 3440  srv2 - ok
21:21:28.0907 3440  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
21:21:28.0907 3440  srvnet - ok
21:21:28.0970 3440  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
21:21:29.0188 3440  SSDPSRV - ok
21:21:29.0204 3440  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
21:21:29.0251 3440  SstpSvc - ok
21:21:29.0266 3440  ssudmdm - ok
21:21:29.0297 3440  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
21:21:29.0297 3440  stexstor - ok
21:21:29.0375 3440  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
21:21:29.0469 3440  stisvc - ok
21:21:29.0531 3440  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
21:21:29.0531 3440  swenum - ok
21:21:29.0578 3440  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
21:21:29.0656 3440  swprv - ok
21:21:29.0734 3440  [ ED6D1424E5B0C21A57B28DD8508D6843 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
21:21:29.0734 3440  SynTP - ok
21:21:29.0828 3440  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
21:21:29.0859 3440  SysMain - ok
21:21:29.0906 3440  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:21:29.0921 3440  TabletInputService - ok
21:21:29.0953 3440  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
21:21:29.0968 3440  TapiSrv - ok
21:21:30.0015 3440  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
21:21:30.0015 3440  TBS - ok
21:21:30.0171 3440  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
21:21:30.0249 3440  Tcpip - ok
21:21:30.0296 3440  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
21:21:30.0311 3440  TCPIP6 - ok
21:21:30.0374 3440  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
21:21:30.0374 3440  tcpipreg - ok
21:21:30.0436 3440  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
21:21:30.0436 3440  TDPIPE - ok
21:21:30.0483 3440  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
21:21:30.0483 3440  TDTCP - ok
21:21:30.0545 3440  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
21:21:30.0545 3440  tdx - ok
21:21:30.0592 3440  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
21:21:30.0592 3440  TermDD - ok
21:21:30.0655 3440  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
21:21:30.0717 3440  TermService - ok
21:21:30.0733 3440  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
21:21:30.0748 3440  Themes - ok
21:21:30.0764 3440  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
21:21:30.0764 3440  THREADORDER - ok
21:21:30.0779 3440  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
21:21:30.0779 3440  TrkWks - ok
21:21:30.0873 3440  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:21:30.0889 3440  TrustedInstaller - ok
21:21:30.0920 3440  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
21:21:30.0920 3440  tssecsrv - ok
21:21:30.0967 3440  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
21:21:30.0967 3440  TsUsbFlt - ok
21:21:31.0029 3440  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
21:21:31.0045 3440  tunnel - ok
21:21:31.0076 3440  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
21:21:31.0076 3440  uagp35 - ok
21:21:31.0123 3440  [ 2E22C1FD397A5A9FFEF55E9D1FC96C00 ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
21:21:31.0123 3440  UBHelper - ok
21:21:31.0247 3440  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
21:21:31.0310 3440  udfs - ok
21:21:31.0341 3440  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
21:21:31.0357 3440  UI0Detect - ok
21:21:31.0388 3440  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
21:21:31.0388 3440  uliagpkx - ok
21:21:31.0466 3440  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
21:21:31.0466 3440  umbus - ok
21:21:31.0497 3440  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
21:21:31.0497 3440  UmPass - ok
21:21:31.0700 3440  [ CC3775100ABA633984F73DFAE1F55CAE ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
21:21:31.0731 3440  UNS - ok
21:21:31.0871 3440  [ F9EC9ACD504D823D9B9CA98A4F8D3CA2 ] Updater Service C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
21:21:31.0871 3440  Updater Service - ok
21:21:31.0934 3440  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
21:21:31.0965 3440  upnphost - ok
21:21:32.0027 3440  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
21:21:32.0027 3440  usbccgp - ok
21:21:32.0074 3440  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
21:21:32.0074 3440  usbcir - ok
21:21:32.0105 3440  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
21:21:32.0105 3440  usbehci - ok
21:21:32.0137 3440  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
21:21:32.0137 3440  usbhub - ok
21:21:32.0168 3440  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
21:21:32.0168 3440  usbohci - ok
21:21:32.0215 3440  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
21:21:32.0215 3440  usbprint - ok
21:21:32.0246 3440  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
21:21:32.0246 3440  usbscan - ok
21:21:32.0261 3440  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:21:32.0261 3440  USBSTOR - ok
21:21:32.0308 3440  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
21:21:32.0308 3440  usbuhci - ok
21:21:32.0371 3440  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
21:21:32.0371 3440  usbvideo - ok
21:21:32.0402 3440  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
21:21:32.0417 3440  UxSms - ok
21:21:32.0433 3440  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
21:21:32.0449 3440  VaultSvc - ok
21:21:32.0480 3440  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
21:21:32.0480 3440  vdrvroot - ok
21:21:32.0527 3440  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
21:21:32.0558 3440  vds - ok
21:21:32.0573 3440  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
21:21:32.0573 3440  vga - ok
21:21:32.0605 3440  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
21:21:32.0605 3440  VgaSave - ok
21:21:32.0683 3440  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
21:21:32.0683 3440  vhdmp - ok
21:21:32.0776 3440  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
21:21:32.0776 3440  viaide - ok
21:21:32.0792 3440  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
21:21:32.0792 3440  volmgr - ok
21:21:32.0839 3440  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
21:21:32.0839 3440  volmgrx - ok
21:21:32.0885 3440  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
21:21:32.0885 3440  volsnap - ok
21:21:32.0917 3440  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
21:21:32.0932 3440  vsmraid - ok
21:21:33.0010 3440  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
21:21:33.0057 3440  VSS - ok
21:21:33.0088 3440  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
21:21:33.0088 3440  vwifibus - ok
21:21:33.0104 3440  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
21:21:33.0104 3440  vwififlt - ok
21:21:33.0151 3440  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
21:21:33.0182 3440  W32Time - ok
21:21:33.0213 3440  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
21:21:33.0213 3440  WacomPen - ok
21:21:33.0275 3440  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
21:21:33.0275 3440  WANARP - ok
21:21:33.0291 3440  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
21:21:33.0291 3440  Wanarpv6 - ok
21:21:33.0369 3440  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
21:21:33.0416 3440  wbengine - ok
21:21:33.0447 3440  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
21:21:33.0447 3440  WbioSrvc - ok
21:21:33.0494 3440  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
21:21:33.0509 3440  wcncsvc - ok
21:21:33.0525 3440  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:21:33.0572 3440  WcsPlugInService - ok
21:21:33.0634 3440  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
21:21:33.0634 3440  Wd - ok
21:21:33.0697 3440  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
21:21:33.0712 3440  Wdf01000 - ok
21:21:33.0728 3440  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
21:21:33.0806 3440  WdiServiceHost - ok
21:21:33.0806 3440  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
21:21:33.0806 3440  WdiSystemHost - ok
21:21:33.0853 3440  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
21:21:33.0868 3440  WebClient - ok
21:21:33.0899 3440  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
21:21:33.0915 3440  Wecsvc - ok
21:21:33.0931 3440  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
21:21:33.0931 3440  wercplsupport - ok
21:21:33.0962 3440  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
21:21:33.0977 3440  WerSvc - ok
21:21:34.0024 3440  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
21:21:34.0024 3440  WfpLwf - ok
21:21:34.0040 3440  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
21:21:34.0040 3440  WIMMount - ok
21:21:34.0071 3440  WinDefend - ok
21:21:34.0087 3440  WinHttpAutoProxySvc - ok
21:21:34.0180 3440  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
21:21:34.0211 3440  Winmgmt - ok
21:21:34.0321 3440  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
21:21:34.0383 3440  WinRM - ok
21:21:34.0445 3440  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
21:21:34.0445 3440  WinUsb - ok
21:21:34.0523 3440  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
21:21:34.0539 3440  Wlansvc - ok
21:21:34.0586 3440  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
21:21:34.0586 3440  WmiAcpi - ok
21:21:34.0617 3440  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
21:21:34.0633 3440  wmiApSrv - ok
21:21:34.0664 3440  WMPNetworkSvc - ok
21:21:34.0711 3440  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
21:21:34.0773 3440  WPCSvc - ok
21:21:34.0820 3440  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
21:21:34.0882 3440  WPDBusEnum - ok
21:21:34.0960 3440  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
21:21:34.0960 3440  ws2ifsl - ok
21:21:34.0991 3440  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
21:21:35.0054 3440  wscsvc - ok
21:21:35.0069 3440  WSearch - ok
21:21:35.0194 3440  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
21:21:35.0241 3440  wuauserv - ok
21:21:35.0272 3440  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
21:21:35.0272 3440  WudfPf - ok
21:21:35.0366 3440  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
21:21:35.0366 3440  WUDFRd - ok
21:21:35.0444 3440  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
21:21:35.0444 3440  wudfsvc - ok
21:21:35.0475 3440  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
21:21:35.0491 3440  WwanSvc - ok
21:21:35.0506 3440  ================ Scan global ===============================
21:21:35.0537 3440  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:21:35.0600 3440  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
21:21:35.0615 3440  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
21:21:35.0662 3440  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:21:35.0709 3440  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
21:21:35.0740 3440  [Global] - ok
21:21:35.0740 3440  ================ Scan MBR ==================================
21:21:35.0771 3440  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
21:21:36.0380 3440  \Device\Harddisk0\DR0 - ok
21:21:36.0380 3440  [ E5FA06ACA0D60BA9C870D0EF3D9898C9 ] \Device\Harddisk1\DR1
21:21:38.0314 3440  \Device\Harddisk1\DR1 - ok
21:21:38.0314 3440  ================ Scan VBR ==================================
21:21:38.0314 3440  [ EBE9BE87BFD9D6474AEADD5D4E977EAD ] \Device\Harddisk0\DR0\Partition1
21:21:38.0330 3440  \Device\Harddisk0\DR0\Partition1 - ok
21:21:38.0345 3440  [ B17DB1DA77E82DEB12AC8E5A355F2C3C ] \Device\Harddisk0\DR0\Partition2
21:21:38.0345 3440  \Device\Harddisk0\DR0\Partition2 - ok
21:21:38.0345 3440  [ 33555DD44ED748DF3C2CDE891A90AFBA ] \Device\Harddisk1\DR1\Partition1
21:21:38.0345 3440  \Device\Harddisk1\DR1\Partition1 - ok
21:21:38.0361 3440  ============================================================
21:21:38.0361 3440  Scan finished
21:21:38.0361 3440  ============================================================
21:21:38.0377 3784  Detected object count: 0
21:21:38.0377 3784  Actual detected object count: 0
         
Hier DDS:

DDS Logfile:
Code:
ATTFilter
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16464  BrowserJavaVersion: 10.17.2
Run by Karre at 21:23:11 on 2013-03-09
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3956.2687 [GMT 1:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Users\Karre\AppData\Roaming\KB00845595.exe
C:\Users\Karre\AppData\Roaming\Iczuwy\isob.exe
svchost.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Video Web Camera\traybar.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://packardbell.msn.com
uDefault_Page_URL = hxxp://packardbell.msn.com
mStart Page = hxxp://packardbell.msn.com
mDefault_Page_URL = hxxp://packardbell.msn.com
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live Anmelde-Hilfsprogramm: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - 
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [mxexclme] C:\Users\Karre\AppData\Local\Temp\Plnqrurx\npcipclme.exe
uRun: [Iduqirvi] C:\Users\Karre\AppData\Roaming\Hiamib\zufa.exe
uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
uRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
uRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
uRun: [winva] "C:\Users\Karre\AppData\Roaming\winva.exe" -autorun
uRun: [logonqu] "C:\Users\Karre\AppData\Roaming\logonqu.exe" -autorun
uRun: [Pouka] C:\Users\Karre\AppData\Roaming\Iczuwy\isob.exe
uRun: [KB00845595.exe] "C:\Users\Karre\AppData\Roaming\KB00845595.exe"
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" -h -k
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [Camera Assistant Software] "C:\Program Files (x86)\Video Web Camera\traybar.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\OFFICE11\ONENOTEM.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Nach Microsoft &Excel exportieren - C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TCP: NameServer = 192.168.178.1
TCP: Interfaces\{0174DE3D-ABB3-4E46-964D-0A27755B40E5} : DHCPNameServer = 192.168.178.1
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://packardbell.msn.com
x64-mDefault_Page_URL = hxxp://packardbell.msn.com
x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [PLFSetI] C:\Windows\PLFSetI.exe
x64-Run: [Acer ePower Management] C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Karre\AppData\Roaming\Mozilla\Firefox\Profiles\sy8aeltw.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=EACA685B-237A-4173-AFA4-36B9AA892EC9&apn_ptnrs=&apn_sauid=A9EDEF40-7D81-4281-B212-3B5C59253A60&apn_dtid=OSJ000&&q=
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - component: C:\Users\Karre\AppData\Roaming\Mozilla\Firefox\Profiles\sy8aeltw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: C:\Users\Karre\AppData\Roaming\Mozilla\Firefox\Profiles\sy8aeltw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: !HIDDEN! 2011-01-08 18:23; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-11-11 55024]
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-3-8 27800]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-11-11 202752]
R2 AntiVirSchedulerService;Avira Planer;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-3-8 86752]
R2 AntiVirService;Avira Echtzeit-Scanner;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-3-8 110816]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-3-8 99912]
R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-11-11 321104]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2010-11-11 868896]
R2 GREGService;GREGService;C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [2010-1-8 23584]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [2010-6-28 255744]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-11-11 2320920]
R2 Updater Service;Updater Service;C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2010-9-8 243232]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-11-11 56344]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-6-8 406056]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-9 169312]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2010-6-10 40448]
S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-2-5 235216]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-2 59392]
.
=============== Created Last 30 ================
.
2013-03-09 10:21:56	95648	----a-w-	C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-09 10:14:41	263064	----a-w-	C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2013-03-09 09:23:55	9162192	----a-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E6B1B255-B273-4A25-94C7-766BE6499D1E}\mpengine.dll
2013-03-08 11:40:24	97792	----a-w-	C:\Users\Karre\AppData\Roaming\KB00845595.exe
2013-03-08 11:40:24	--------	d--h--w-	C:\Users\Karre\AppData\Roaming\9D65552A
2013-03-08 11:20:03	--------	d-----w-	C:\Users\Karre\AppData\Roaming\Iczuwy
2013-03-08 11:20:03	--------	d-----w-	C:\Users\Karre\AppData\Roaming\Feulat
2013-03-08 11:20:03	--------	d-----w-	C:\Users\Karre\AppData\Roaming\Duray
2013-03-08 11:07:26	--------	d-----w-	C:\Users\Karre\AppData\Roaming\Avira
2013-03-08 11:01:41	99912	----a-w-	C:\Windows\System32\drivers\avgntflt.sys
2013-03-08 11:01:41	27800	----a-w-	C:\Windows\System32\drivers\avkmgr.sys
2013-03-08 11:01:02	--------	d-----w-	C:\ProgramData\Avira
2013-03-08 11:01:02	--------	d-----w-	C:\Program Files (x86)\Avira
2013-03-08 09:07:52	--------	d-----w-	C:\Users\Karre\AppData\Roaming\Ysoh
2013-03-08 09:07:52	--------	d-----w-	C:\Users\Karre\AppData\Roaming\Vyacbo
2013-03-08 09:07:51	--------	d-----w-	C:\Users\Karre\AppData\Roaming\Ubha
2013-03-07 09:17:58	--------	d-----w-	C:\Users\Karre\AppData\Roaming\Woxu
2013-03-07 09:17:58	--------	d-----w-	C:\Users\Karre\AppData\Roaming\Unsy
2013-03-07 09:17:58	--------	d-----w-	C:\Users\Karre\AppData\Roaming\Exfe
2013-03-07 09:06:12	--------	d-----w-	C:\Users\Karre\AppData\Roaming\Veyr
2013-03-07 09:06:12	--------	d-----w-	C:\Users\Karre\AppData\Roaming\Lyfy
2013-03-07 09:06:12	--------	d-----w-	C:\Users\Karre\AppData\Roaming\Lavih
2013-03-06 08:51:01	--------	d-----w-	C:\Users\Karre\AppData\Roaming\Inbumu
2013-03-06 08:51:01	--------	d-----w-	C:\Users\Karre\AppData\Roaming\Igycva
2013-03-06 08:51:01	--------	d-----w-	C:\Users\Karre\AppData\Roaming\Eqfe
2013-02-26 10:08:22	--------	d-----w-	C:\Users\Karre\AppData\Local\Samsung
2013-02-26 10:08:21	--------	d-----w-	C:\Users\Karre\AppData\Roaming\Samsung
2013-02-26 10:00:31	4659712	----a-w-	C:\Windows\SysWow64\Redemption.dll
2013-02-26 10:00:20	821824	----a-w-	C:\Windows\SysWow64\dgderapi.dll
2013-02-26 09:59:47	--------	d-----w-	C:\ProgramData\Samsung
2013-02-26 09:59:47	--------	d-----w-	C:\Program Files (x86)\Samsung
2013-02-26 09:51:15	--------	d-----w-	C:\Users\Karre\AppData\Local\Downloaded Installations
2013-02-26 09:04:11	--------	d-----w-	C:\Users\Karre\AppData\Roaming\Hiamib
2013-02-26 09:04:11	--------	d-----w-	C:\Users\Karre\AppData\Roaming\Hapun
2013-02-26 09:04:11	--------	d-----w-	C:\Users\Karre\AppData\Roaming\Cesi
2013-02-14 10:14:41	768000	----a-w-	C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 10:14:40	996352	----a-w-	C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 09:33:47	5553512	----a-w-	C:\Windows\System32\ntoskrnl.exe
2013-02-14 09:33:44	3967848	----a-w-	C:\Windows\SysWow64\ntkrnlpa.exe
2013-02-14 09:33:43	3913064	----a-w-	C:\Windows\SysWow64\ntoskrnl.exe
2013-02-14 09:33:39	3153408	----a-w-	C:\Windows\System32\win32k.sys
2013-02-14 09:33:38	25600	----a-w-	C:\Windows\SysWow64\setup16.exe
2013-02-14 09:33:38	215040	----a-w-	C:\Windows\System32\winsrv.dll
2013-02-14 09:33:37	7680	----a-w-	C:\Windows\SysWow64\instnm.exe
2013-02-14 09:33:37	5120	----a-w-	C:\Windows\SysWow64\wow32.dll
2013-02-14 09:33:37	2048	----a-w-	C:\Windows\SysWow64\user.exe
2013-02-14 09:33:37	14336	----a-w-	C:\Windows\SysWow64\ntvdm64.dll
2013-02-14 09:33:34	288088	----a-w-	C:\Windows\System32\drivers\FWPKCLNT.SYS
2013-02-14 09:33:34	1913192	----a-w-	C:\Windows\System32\drivers\tcpip.sys
.
==================== Find3M  ====================
.
2013-03-09 10:21:40	861088	----a-w-	C:\Windows\SysWow64\npDeployJava1.dll
2013-03-09 10:21:40	782240	----a-w-	C:\Windows\SysWow64\deployJava1.dll
2013-02-24 10:05:42	71024	----a-w-	C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-24 10:05:42	691568	----a-w-	C:\Windows\SysWow64\FlashPlayerApp.exe
2013-01-17 00:28:58	273840	------w-	C:\Windows\System32\MpSigStub.exe
2013-01-09 01:19:09	2312704	----a-w-	C:\Windows\System32\jscript9.dll
2013-01-09 01:12:03	1392128	----a-w-	C:\Windows\System32\wininet.dll
2013-01-09 01:11:06	1494528	----a-w-	C:\Windows\System32\inetcpl.cpl
2013-01-09 01:07:51	173056	----a-w-	C:\Windows\System32\ieUnatt.exe
2013-01-09 01:07:47	599040	----a-w-	C:\Windows\System32\vbscript.dll
2013-01-09 01:04:42	2382848	----a-w-	C:\Windows\System32\mshtml.tlb
2013-01-08 22:11:21	1800704	----a-w-	C:\Windows\SysWow64\jscript9.dll
2013-01-08 22:03:20	1129472	----a-w-	C:\Windows\SysWow64\wininet.dll
2013-01-08 22:03:12	1427968	----a-w-	C:\Windows\SysWow64\inetcpl.cpl
2013-01-08 21:59:02	142848	----a-w-	C:\Windows\SysWow64\ieUnatt.exe
2013-01-08 21:58:29	420864	----a-w-	C:\Windows\SysWow64\vbscript.dll
2013-01-08 21:56:23	2382848	----a-w-	C:\Windows\SysWow64\mshtml.tlb
2013-01-04 04:43:21	44032	----a-w-	C:\Windows\apppatch\acwow64.dll
2012-12-16 17:11:22	46080	----a-w-	C:\Windows\System32\atmlib.dll
2012-12-16 14:45:03	367616	----a-w-	C:\Windows\System32\atmfd.dll
2012-12-16 14:13:28	295424	----a-w-	C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:13:20	34304	----a-w-	C:\Windows\SysWow64\atmlib.dll
.
============= FINISH: 21:23:38,43 ===============
         
--- --- ---


und DDS Attach:

Code:
ATTFilter
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume2
Install Date: 07.01.2011 13:07:02
System Uptime: 09.03.2013 21:14:56 (0 hours ago)
.
Motherboard: Packard Bell |  | SJV71_CP
Processor: Intel(R) Core(TM) i3 CPU       M 380  @ 2.53GHz | CPU 1 | 1975/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 453 GiB total, 394,997 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP229: 05.02.2013 10:02:31 - Windows Update
RP230: 08.02.2013 10:34:50 - Windows Update
RP231: 12.02.2013 09:58:32 - Windows Update
RP232: 14.02.2013 11:12:39 - Windows Update
RP233: 19.02.2013 10:11:55 - Windows Update
RP234: 25.02.2013 15:21:06 - Installed Java 7 Update 15
RP235: 26.02.2013 09:55:48 - Windows Update
RP236: 26.02.2013 10:59:19 - Installed Samsung Kies
RP237: 02.03.2013 10:31:44 - Windows Update
RP238: 05.03.2013 10:45:00 - Windows Update
RP239: 09.03.2013 10:22:55 - Windows Update
RP240: 09.03.2013 11:20:51 - Installed Java 7 Update 17
.
==== Installed Programs ======================
.
1310
1310_Help
1310Trb
64 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop Elements 8.0
Adobe Reader X (10.1.6) - Deutsch
Advertising Center
Agatha Christie - Death on the Nile
AIO_CDB_ProductContext
AIO_CDB_Software
AIO_Scan
Alcor Micro USB Card Reader
Ask Toolbar
Ask Toolbar Updater
ATI Catalyst Install Manager
Avira Free Antivirus
Backup Manager Basic
Bejeweled 2 Deluxe
Bing Bar
Broadcom Gigabit NetLink Controller
BufferChm
Build-a-lot 2
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
Compatibility Pack für 2007 Office System
Copy
CVE-2012-4969
Destinations
DeviceDiscovery
Diner Dash 2 Restaurant Rescue
DocProc
eBay Worldwide
Farm Frenzy
FATE
Fax
Final Drive Nitro
GMX MailCheck für Mozilla Firefox
GMX Softwareaktualisierung
Google Chrome
Google Earth
Google Update Helper
GPBaseService2
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
HP Customer Participation Program 13.0
HP Imaging Device Functions 13.0
HP Photosmart Essential 3.5
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
HP Smart Web Printing 4.51
HP Solution Center 13.0
HP Update
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
Identity Card
ImagXpress
Insaniquarium Deluxe
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Java 7 Update 17
Java Auto Updater
JavaFX 2.1.1
Jewel Quest Solitaire 2
John Deere Drive Green
Junk Mail filter update
Launch Manager
MarketResearch
McAfee Security Scan Plus
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2010
Microsoft Office File Validation Add-In
Microsoft Office FrontPage 2003
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote 2003
Microsoft Office Professional Edition 2003
Microsoft Office Project Professional 2003
Microsoft Office Visio Professional 2003
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Mozilla Firefox 19.0.2 (x86 de)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 9 Essentials
Nero ControlCenter
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart Help
Nero StartSmart OEM
NeroExpress
neroxml
Network64
Norton Online Backup
OCR Software by I.R.I.S. 13.0
Packard Bell Game Console
Packard Bell Games
Packard Bell InfoCentre
Packard Bell MyBackup
Packard Bell Power Management
Packard Bell Recovery Management
Packard Bell Registration
Packard Bell ScreenSaver
Packard Bell Social Networks
Packard Bell Updater
Penguins!
Plants vs. Zombies
Polar Bowler
Polar Golfer
Realtek High Definition Audio Driver
Samsung Kies
SAMSUNG USB Driver for Mobile Phones
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
Shop for HP Supplies
SmartWebPrinting
SolutionCenter
Status
Synaptics Pointing Device Driver
Toolbox
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Video Web Camera
Virtual Villagers 4 - The Tree of Life
WebReg
Welcome Center
Windows Live-Uploadtool
Windows Live Anmelde-Assistent
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotogalerie
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Sync
Windows Live Writer
Zuma's Revenge
Zuma Deluxe
.
==== End Of File ===========================
         
Eine Frage noch: ich benutze zur Zeit einen USB-Stick, um die Programme auf meinen Laptop und die Log-Files auf den Laptop meines Freundes zu kopieren, da mein Gerät oft keinen Internetzugriff hat. Kann es durch das Hin- und Herkopieren passieren, dass ich den Laptop meines Freundes auch noch mit den Viren infiziere?

Viele Grüße
Karre
__________________

Alt 09.03.2013, 23:15   #4
ryder
/// TB-Ausbilder
 
TR/Matsnu.A.85    TR/PSW.Zbot.1970 - Standard

TR/Matsnu.A.85 TR/PSW.Zbot.1970



Prinzipiell ist das denkbar, aber eher unwahrscheinlich, wenn du nur Daten kopierst.


Schritt 1: (Erinnerung: Antworte mir erst, wenn du alle Schritte abgearbeitet hast!)
Deinstallation von Programmen
  • Windows XP: Start > Systemsteuerung > Software > [Programmname] > Deinstallieren
  • Windows Vista / 7: Start > Systemsteuerung > Programme und Funktionen > [Programmname] > Deinstallieren
  • ggf. Neustart zulassen
Deinstalliere - falls du es nicht absichtlich installiert hast - alles was den Zusatz "Toolbar" enthält, sowie Downloader-Anwendungen

Gehe bitte die folgende Liste durch und deinstalliere die genannten Programme, falls vorhanden:
CCleaner oder andere Registry-Cleaner, TuneUp Utilities (inkl. Language Pack), Glary Utilities, Spybot S & D (inklusive Teatimer), Zonealarm Firewall, McAfee Security Scan, Spyware Hunter, Spyware Terminator, Java 6 (alle), Pokersoftware, xp-Antispy, Hotspot Shield, iLivid, Amazon Icon, DriverEasy, Advanced Driver Updater, FireJump, SearchAnonymizer,



Schritt 2:
AdwCleaner: Werbeprogramme suchen und löschen
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Alternativer Link: AdwCleaner Download

Schritt 3:
Temporäre Dateien löschen mit TFC

Bitte lade dir TFC auf deinen Desktop und starte es. Es wird automatisch alle temporären Dateien entfernen.


Schritt 4:
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!

Alt 10.03.2013, 14:04   #5
Karre
 
TR/Matsnu.A.85    TR/PSW.Zbot.1970 - Standard

TR/Matsnu.A.85 TR/PSW.Zbot.1970



Hallo Ryder.

Mit Deiner Anleitung komme ich im Moment leider nicht weiter. Mein Laptop spinnt mittlerweile dermaßen, dass er bereits im Windows Explorer keine Rückmeldung anzeigt oder spätestens während der versuchten Deinstallation der Toolbar streikt (er fordert dann auf, vor Beendigung der Deinstallation sämtliche Internet Browser zu schließen, obwohl keine geöffnet sind).
Wie soll ich nun weiter vorgehen?

Wäre eine komplette Neuformatierung des Laptops sinnvoll?

Viele fragende Grüße aus dem Frankenland ins Frankenland
Karre


Geändert von Karre (10.03.2013 um 14:07 Uhr) Grund: ein beschriebenes Problem ist behoben

Alt 10.03.2013, 14:17   #6
ryder
/// TB-Ausbilder
 
TR/Matsnu.A.85    TR/PSW.Zbot.1970 - Standard

TR/Matsnu.A.85 TR/PSW.Zbot.1970



Sinnvoll kann das immer sein. Wir können auch erstmal alternativ weiter machen.

Scan mit Farbar's Recovery Scan Tool

Downloade dir bitte die passende Version des Tools und speichere diese auf einen USB Stick:
Farbar Recovery Scan Tool 32-Bit-Version
Farbar Recovery Scan Tool 64-Bit-Version

Schließe den USB Stick an das infizierte System an

Du musst das System nun in die System Reparatur Option booten.

Über den Boot Manager
  • Starte den Rechner neu auf.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu auf und starte von der CD
  • Wähle die Spracheinstellungen und klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !!
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".


Wähle in den Reparaturoptionen Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer
    Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein.
    e:\frst.exe bzw. e:\frst64.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Yes und klicke Scan
Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier.
__________________
--> TR/Matsnu.A.85 TR/PSW.Zbot.1970

Alt 10.03.2013, 14:52   #7
Karre
 
TR/Matsnu.A.85    TR/PSW.Zbot.1970 - Standard

TR/Matsnu.A.85 TR/PSW.Zbot.1970



Hallo Ryder,

hier FRST.txt:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10-03-2013
Ran by SYSTEM at 10-03-2013 14:50:15
Running from G:\
Windows 7 Home Premium   (X64) OS Language: German Standard 
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324608 2010-06-10] (Alcor Micro Corp.)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11101800 2010-07-28] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1842472 2009-09-17] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetI] C:\Windows\PLFSetI.exe [206208 2010-06-09] ()
HKLM\...\Run: [Acer ePower Management] C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" -h -k [263936 2010-06-28] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-01-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)
HKLM-x32\...\Run: [Camera Assistant Software] "C:\Program Files (x86)\Video Web Camera\traybar.exe" [600688 2010-07-15] (Chicony)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: []  [x]
HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [1561768 2012-05-04] (Ask)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310128 2013-02-13] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [385248 2013-03-08] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-02] (Sun Microsystems, Inc.)
HKU\Default\...\RunOnce: [ScrSav] C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe /default [154144 2010-07-29] ()
HKU\Default User\...\RunOnce: [ScrSav] C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe /default [154144 2010-07-29] ()
HKU\Karre\...\Run: [Iduqirvi] C:\Users\Karre\AppData\Roaming\Hiamib\zufa.exe [x]
HKU\Karre\...\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload [1509232 2013-02-13] (Samsung)
HKU\Karre\...\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup [x]
HKU\Karre\...\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844144 2013-02-13] (Samsung)
HKU\Karre\...\Run: [winva] "C:\Users\Karre\AppData\Roaming\winva.exe" -autorun [x]
HKU\Karre\...\Run: [logonqu] "C:\Users\Karre\AppData\Roaming\logonqu.exe" -autorun [248832 1687-06-26] (??????????  ??????????)
HKU\Karre\...\Run: [KB00845595.exe] "C:\Users\Karre\AppData\Roaming\KB00845595.exe" [89088 2013-03-10] (Exiland Software)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Startup: C:\ProgramData\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Schnellstart.lnk
ShortcutTarget: Microsoft Office OneNote 2003 Schnellstart.lnk -> C:\Program Files (x86)\Microsoft Office\OFFICE11\ONENOTEM.EXE (Microsoft Corporation)

==================== Services (Whitelisted) ===================

2 AntiVirSchedulerService; "C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe" [86752 2013-03-08] (Avira Operations GmbH & Co. KG)
2 AntiVirService; "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe" [110816 2013-03-08] (Avira Operations GmbH & Co. KG)
2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [868896 2010-06-11] (Acer Incorporated)
3 GameConsoleService; "C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe" [246520 2010-04-03] (WildTangent, Inc.)
2 GREGService; C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe" [235216 2013-02-05] (McAfee, Inc.)
2 NOBU; "C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE [2804568 2010-06-01] (Symantec Corporation)
2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [255744 2010-06-28] (NewTech Infosystems, Inc.)
2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [243232 2010-01-28] (Acer Group)
3 MozillaMaintenance; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [x]

==================== Drivers (Whitelisted) =====================

2 avgntflt; C:\Windows\System32\Drivers\avgntflt.sys [99912 2013-03-08] (Avira Operations GmbH & Co. KG)
1 avipbb; C:\Windows\System32\Drivers\avipbb.sys [129216 2013-03-08] (Avira Operations GmbH & Co. KG)
1 avkmgr; C:\Windows\System32\Drivers\avkmgr.sys [27800 2013-03-08] (Avira Operations GmbH & Co. KG)
3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2013-03-09 12:23 - 2013-03-09 12:23 - 00022221 ____A C:\Users\Karre\Desktop\dds.txt
2013-03-09 12:23 - 2013-03-09 12:23 - 00007816 ____A C:\Users\Karre\Desktop\attach.txt
2013-03-09 12:22 - 2013-03-09 12:03 - 00700783 ____R (Swearware) C:\Users\Karre\Desktop\dds+.exe
2013-03-09 12:20 - 2013-03-09 12:03 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Karre\Desktop\tdsskiller.exe
2013-03-09 12:15 - 2013-03-09 12:04 - 04732416 ____A (AVAST Software) C:\Users\Karre\Desktop\aswMBR.exe
2013-03-09 10:27 - 2013-03-09 10:27 - 00000000 ____A C:\Users\Karre\defogger_reenable
2013-03-09 02:22 - 2013-03-09 02:21 - 00262560 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-03-09 02:21 - 2013-03-09 02:21 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-03-09 02:21 - 2013-03-09 02:21 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-03-09 02:21 - 2013-03-09 02:21 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-03-09 02:21 - 2013-03-09 02:21 - 00000000 ____D C:\Program Files (x86)\Java
2013-03-09 01:57 - 2013-03-09 02:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-03-09 01:57 - 2013-03-09 02:14 - 00001163 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-03-09 01:57 - 2013-03-09 02:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-03-09 01:52 - 2013-03-09 01:52 - 20427472 ____A (Mozilla) C:\Users\Karre\Downloads\Firefox_Setup_19.0.2.exe
2013-03-08 03:40 - 2013-03-10 05:36 - 00000000 ___HD C:\Users\Karre\AppData\Roaming\9D65552A
2013-03-08 03:40 - 2013-03-10 04:29 - 00089088 ____A (Exiland Software) C:\Users\Karre\AppData\Roaming\KB00845595.exe
2013-03-08 03:20 - 2013-03-10 05:00 - 00000000 ____D C:\Users\Karre\AppData\Roaming\Iczuwy
2013-03-08 03:20 - 2013-03-09 02:20 - 00000000 ____D C:\Users\Karre\AppData\Roaming\Duray
2013-03-08 03:20 - 2013-03-08 03:20 - 00000000 ____D C:\Users\Karre\AppData\Roaming\Feulat
2013-03-08 03:07 - 2013-03-08 03:07 - 00000000 ____D C:\Users\Karre\AppData\Roaming\Avira
2013-03-08 03:01 - 2013-03-08 03:01 - 00002006 ____A C:\Users\Public\Desktop\Avira Control Center.lnk
2013-03-08 03:01 - 2013-03-08 03:01 - 00000000 ____D C:\ProgramData\Avira
2013-03-08 03:01 - 2013-03-08 03:01 - 00000000 ____D C:\Program Files (x86)\Avira
2013-03-08 03:01 - 2013-03-08 02:54 - 00129216 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2013-03-08 03:01 - 2013-03-08 02:54 - 00099912 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2013-03-08 03:01 - 2013-03-08 02:54 - 00027800 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys
2013-03-08 02:51 - 2013-03-08 02:51 - 02086240 ____A C:\Users\Karre\Downloads\avira_free_antivirus (1).exe
2013-03-08 01:17 - 2013-03-08 01:17 - 02086240 ____A C:\Users\Karre\Downloads\avira_free_antivirus.exe
2013-03-08 01:07 - 2013-03-08 01:07 - 00000000 ____D C:\Users\Karre\AppData\Roaming\Ysoh
2013-03-08 01:07 - 2013-03-08 01:07 - 00000000 ____D C:\Users\Karre\AppData\Roaming\Vyacbo
2013-03-08 01:07 - 2013-03-08 01:07 - 00000000 ____D C:\Users\Karre\AppData\Roaming\Ubha
2013-03-07 01:17 - 2013-03-07 01:17 - 00000000 ____D C:\Users\Karre\AppData\Roaming\Woxu
2013-03-07 01:17 - 2013-03-07 01:17 - 00000000 ____D C:\Users\Karre\AppData\Roaming\Unsy
2013-03-07 01:17 - 2013-03-07 01:17 - 00000000 ____D C:\Users\Karre\AppData\Roaming\Exfe
2013-03-07 01:06 - 2013-03-07 01:06 - 00000000 ____D C:\Users\Karre\AppData\Roaming\Veyr
2013-03-07 01:06 - 2013-03-07 01:06 - 00000000 ____D C:\Users\Karre\AppData\Roaming\Lyfy
2013-03-07 01:06 - 2013-03-07 01:06 - 00000000 ____D C:\Users\Karre\AppData\Roaming\Lavih
2013-03-06 00:51 - 2013-03-06 00:51 - 00000000 ____D C:\Users\Karre\AppData\Roaming\Inbumu
2013-03-06 00:51 - 2013-03-06 00:51 - 00000000 ____D C:\Users\Karre\AppData\Roaming\Igycva
2013-03-06 00:51 - 2013-03-06 00:51 - 00000000 ____D C:\Users\Karre\AppData\Roaming\Eqfe
2013-02-26 02:08 - 2013-02-26 02:45 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-02-26 02:08 - 2013-02-26 02:08 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log
2013-02-26 02:08 - 2013-02-26 02:08 - 00000000 ____D C:\Users\Karre\Documents\samsung
2013-02-26 02:08 - 2013-02-26 02:08 - 00000000 ____D C:\Users\Karre\AppData\Roaming\Samsung
2013-02-26 02:08 - 2013-02-26 02:08 - 00000000 ____D C:\Users\Karre\AppData\Local\Samsung
2013-02-26 02:00 - 2013-02-05 08:53 - 04659712 ____A (Dmitry Streblechenko) C:\Windows\SysWOW64\Redemption.dll
2013-02-26 02:00 - 2013-02-05 08:52 - 00821824 ____A (Devguru Co., Ltd.) C:\Windows\SysWOW64\dgderapi.dll
2013-02-26 01:59 - 2013-02-26 07:15 - 00000000 ____D C:\Program Files (x86)\Samsung
2013-02-26 01:59 - 2013-02-26 02:06 - 00000000 ____D C:\ProgramData\Samsung
2013-02-26 01:51 - 2013-02-26 01:51 - 00000000 ____D C:\Users\Karre\AppData\Local\Downloaded Installations
2013-02-26 01:46 - 2013-02-26 01:46 - 00393048 ____A (Softonic                                        ) C:\Users\Karre\Downloads\SoftonicDownloader_fuer_samsung-kies.exe
2013-02-26 01:04 - 2013-03-08 01:10 - 00000000 ____D C:\Users\Karre\AppData\Roaming\Hiamib
2013-02-26 01:04 - 2013-03-07 01:32 - 00000000 ____D C:\Users\Karre\AppData\Roaming\Cesi
2013-02-26 01:04 - 2013-02-26 01:04 - 00000000 ____D C:\Users\Karre\AppData\Roaming\Hapun
2013-02-25 10:13 - 2013-02-25 10:13 - 00000000 ____D C:\Windows\Sun
2013-02-14 02:13 - 2013-01-08 17:48 - 17812992 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-02-14 02:13 - 2013-01-08 17:22 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-02-14 02:13 - 2013-01-08 17:19 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-02-14 02:13 - 2013-01-08 17:12 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-02-14 02:13 - 2013-01-08 17:12 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-02-14 02:13 - 2013-01-08 17:11 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-02-14 02:13 - 2013-01-08 17:10 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-02-14 02:13 - 2013-01-08 17:09 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-02-14 02:13 - 2013-01-08 17:07 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-02-14 02:13 - 2013-01-08 17:07 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-02-14 02:13 - 2013-01-08 17:07 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-02-14 02:13 - 2013-01-08 17:06 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-02-14 02:13 - 2013-01-08 17:05 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-02-14 02:13 - 2013-01-08 17:04 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-02-14 02:13 - 2013-01-08 17:04 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-02-14 02:13 - 2013-01-08 17:00 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-02-14 02:13 - 2013-01-08 14:23 - 12321280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-02-14 02:13 - 2013-01-08 14:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-02-14 02:13 - 2013-01-08 14:09 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-02-14 02:13 - 2013-01-08 14:03 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-02-14 02:13 - 2013-01-08 14:03 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-02-14 02:13 - 2013-01-08 14:03 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-02-14 02:13 - 2013-01-08 14:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-02-14 02:13 - 2013-01-08 14:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-02-14 02:13 - 2013-01-08 13:59 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-02-14 02:13 - 2013-01-08 13:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-02-14 02:13 - 2013-01-08 13:58 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-02-14 02:13 - 2013-01-08 13:57 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-02-14 02:13 - 2013-01-08 13:56 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-02-14 02:13 - 2013-01-08 13:56 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-02-14 02:13 - 2013-01-08 13:56 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-02-14 02:13 - 2013-01-08 13:53 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-02-14 01:33 - 2013-01-04 21:53 - 05553512 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-02-14 01:33 - 2013-01-04 21:00 - 03967848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-02-14 01:33 - 2013-01-04 21:00 - 03913064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-02-14 01:33 - 2013-01-03 21:46 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-02-14 01:33 - 2013-01-03 20:51 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-02-14 01:33 - 2013-01-03 19:26 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-02-14 01:33 - 2013-01-03 18:47 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-02-14 01:33 - 2013-01-03 18:47 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-02-14 01:33 - 2013-01-03 18:47 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-02-14 01:33 - 2013-01-03 18:47 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-02-14 01:33 - 2013-01-02 22:00 - 01913192 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-02-14 01:33 - 2013-01-02 22:00 - 00288088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
1376-546-00 63031:16384 - 1687-06-26 20:36 - 00248832 ____N (??????????  ??????????) C:\Users\Karre\AppData\Roaming\logonqu.exe


==================== One Month Modified Files and Folders =======

2013-03-10 05:39 - 2011-01-13 02:35 - 00001104 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-03-10 05:39 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-03-10 05:39 - 2009-07-13 20:51 - 00110441 ____A C:\Windows\setupact.log
2013-03-10 05:39 - 2009-07-13 20:45 - 00017376 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-03-10 05:39 - 2009-07-13 20:45 - 00017376 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-03-10 05:38 - 2010-11-10 21:41 - 02041239 ____A C:\Windows\WindowsUpdate.log
2013-03-10 05:36 - 2013-03-08 03:40 - 00000000 ___HD C:\Users\Karre\AppData\Roaming\9D65552A
2013-03-10 05:09 - 2010-11-11 06:30 - 00654400 ____A C:\Windows\System32\perfh007.dat
2013-03-10 05:09 - 2010-11-11 06:30 - 00130240 ____A C:\Windows\System32\perfc007.dat
2013-03-10 05:09 - 2009-07-13 21:13 - 01498742 ____A C:\Windows\System32\PerfStringBackup.INI
2013-03-10 05:04 - 2011-01-13 10:57 - 00000000 ____D C:\Users\Karre\Documents\Bewerbungen
2013-03-10 05:00 - 2013-03-08 03:20 - 00000000 ____D C:\Users\Karre\AppData\Roaming\Iczuwy
2013-03-10 04:41 - 2011-01-13 02:35 - 00001108 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-03-10 04:29 - 2013-03-08 03:40 - 00089088 ____A (Exiland Software) C:\Users\Karre\AppData\Roaming\KB00845595.exe
2013-03-09 12:23 - 2013-03-09 12:23 - 00022221 ____A C:\Users\Karre\Desktop\dds.txt
2013-03-09 12:23 - 2013-03-09 12:23 - 00007816 ____A C:\Users\Karre\Desktop\attach.txt
2013-03-09 12:04 - 2013-03-09 12:15 - 04732416 ____A (AVAST Software) C:\Users\Karre\Desktop\aswMBR.exe
2013-03-09 12:03 - 2013-03-09 12:22 - 00700783 ____R (Swearware) C:\Users\Karre\Desktop\dds+.exe
2013-03-09 12:03 - 2013-03-09 12:20 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Karre\Desktop\tdsskiller.exe
2013-03-09 11:08 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-03-09 10:27 - 2013-03-09 10:27 - 00000000 ____A C:\Users\Karre\defogger_reenable
2013-03-09 10:27 - 2011-01-07 04:07 - 00000000 ____D C:\users\Karre
2013-03-09 02:27 - 2013-03-09 01:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-03-09 02:21 - 2013-03-09 02:22 - 00262560 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-03-09 02:21 - 2013-03-09 02:21 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-03-09 02:21 - 2013-03-09 02:21 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-03-09 02:21 - 2013-03-09 02:21 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-03-09 02:21 - 2013-03-09 02:21 - 00000000 ____D C:\Program Files (x86)\Java
2013-03-09 02:21 - 2012-07-13 03:22 - 00861088 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-03-09 02:21 - 2012-07-13 03:22 - 00782240 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-03-09 02:20 - 2013-03-08 03:20 - 00000000 ____D C:\Users\Karre\AppData\Roaming\Duray
2013-03-09 02:14 - 2013-03-09 01:57 - 00001163 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-03-09 02:14 - 2013-03-09 01:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-03-09 01:52 - 2013-03-09 01:52 - 20427472 ____A (Mozilla) C:\Users\Karre\Downloads\Firefox_Setup_19.0.2.exe
2013-03-09 01:17 - 2011-01-07 04:07 - 00000000 ____D C:\Users\Karre\AppData\Local\VirtualStore
2013-03-08 03:20 - 2013-03-08 03:20 - 00000000 ____D C:\Users\Karre\AppData\Roaming\Feulat
2013-03-08 03:08 - 2011-06-07 01:07 - 00197168 ____A C:\Windows\PFRO.log
2013-03-08 03:07 - 2013-03-08 03:07 - 00000000 ____D C:\Users\Karre\AppData\Roaming\Avira
2013-03-08 03:07 - 2010-09-07 19:06 - 00000000 ____D C:\ProgramData\Norton
2013-03-08 03:01 - 2013-03-08 03:01 - 00002006 ____A C:\Users\Public\Desktop\Avira Control Center.lnk
2013-03-08 03:01 - 2013-03-08 03:01 - 00000000 ____D C:\ProgramData\Avira
2013-03-08 03:01 - 2013-03-08 03:01 - 00000000 ____D C:\Program Files (x86)\Avira
2013-03-08 02:54 - 2013-03-08 03:01 - 00129216 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2013-03-08 02:54 - 2013-03-08 03:01 - 00099912 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2013-03-08 02:54 - 2013-03-08 03:01 - 00027800 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys
2013-03-08 02:51 - 2013-03-08 02:51 - 02086240 ____A C:\Users\Karre\Downloads\avira_free_antivirus (1).exe
2013-03-08 01:17 - 2013-03-08 01:17 - 02086240 ____A C:\Users\Karre\Downloads\avira_free_antivirus.exe
2013-03-08 01:10 - 2013-02-26 01:04 - 00000000 ____D C:\Users\Karre\AppData\Roaming\Hiamib
2013-03-08 01:07 - 2013-03-08 01:07 - 00000000 ____D C:\Users\Karre\AppData\Roaming\Ysoh
2013-03-08 01:07 - 2013-03-08 01:07 - 00000000 ____D C:\Users\Karre\AppData\Roaming\Vyacbo
2013-03-08 01:07 - 2013-03-08 01:07 - 00000000 ____D C:\Users\Karre\AppData\Roaming\Ubha
2013-03-07 01:32 - 2013-02-26 01:04 - 00000000 ____D C:\Users\Karre\AppData\Roaming\Cesi
2013-03-07 01:17 - 2013-03-07 01:17 - 00000000 ____D C:\Users\Karre\AppData\Roaming\Woxu
2013-03-07 01:17 - 2013-03-07 01:17 - 00000000 ____D C:\Users\Karre\AppData\Roaming\Unsy
2013-03-07 01:17 - 2013-03-07 01:17 - 00000000 ____D C:\Users\Karre\AppData\Roaming\Exfe
2013-03-07 01:06 - 2013-03-07 01:06 - 00000000 ____D C:\Users\Karre\AppData\Roaming\Veyr
2013-03-07 01:06 - 2013-03-07 01:06 - 00000000 ____D C:\Users\Karre\AppData\Roaming\Lyfy
2013-03-07 01:06 - 2013-03-07 01:06 - 00000000 ____D C:\Users\Karre\AppData\Roaming\Lavih
2013-03-06 00:51 - 2013-03-06 00:51 - 00000000 ____D C:\Users\Karre\AppData\Roaming\Inbumu
2013-03-06 00:51 - 2013-03-06 00:51 - 00000000 ____D C:\Users\Karre\AppData\Roaming\Igycva
2013-03-06 00:51 - 2013-03-06 00:51 - 00000000 ____D C:\Users\Karre\AppData\Roaming\Eqfe
2013-03-05 01:44 - 2011-01-13 02:37 - 00002195 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-02-26 07:15 - 2013-02-26 01:59 - 00000000 ____D C:\Program Files (x86)\Samsung
2013-02-26 02:45 - 2013-02-26 02:08 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-02-26 02:08 - 2013-02-26 02:08 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log
2013-02-26 02:08 - 2013-02-26 02:08 - 00000000 ____D C:\Users\Karre\Documents\samsung
2013-02-26 02:08 - 2013-02-26 02:08 - 00000000 ____D C:\Users\Karre\AppData\Roaming\Samsung
2013-02-26 02:08 - 2013-02-26 02:08 - 00000000 ____D C:\Users\Karre\AppData\Local\Samsung
2013-02-26 02:06 - 2013-02-26 01:59 - 00000000 ____D C:\ProgramData\Samsung
2013-02-26 02:00 - 2010-09-07 19:01 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-02-26 01:51 - 2013-02-26 01:51 - 00000000 ____D C:\Users\Karre\AppData\Local\Downloaded Installations
2013-02-26 01:46 - 2013-02-26 01:46 - 00393048 ____A (Softonic                                        ) C:\Users\Karre\Downloads\SoftonicDownloader_fuer_samsung-kies.exe
2013-02-26 01:04 - 2013-02-26 01:04 - 00000000 ____D C:\Users\Karre\AppData\Roaming\Hapun
2013-02-25 10:13 - 2013-02-25 10:13 - 00000000 ____D C:\Windows\Sun
2013-02-24 02:05 - 2012-04-24 06:55 - 00691568 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-02-24 02:05 - 2012-04-24 06:55 - 00071024 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-02-24 02:04 - 2010-09-07 19:05 - 00000000 ____D C:\ProgramData\Adobe
2013-02-15 06:47 - 2009-07-13 20:45 - 00367248 ____A C:\Windows\System32\FNTCACHE.DAT
2013-02-14 02:22 - 2009-07-13 18:34 - 00000534 ____A C:\Windows\win.ini
2013-02-14 02:18 - 2011-02-21 08:52 - 70004024 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-02-10 01:11 - 2012-11-21 00:58 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan
2013-02-09 01:05 - 2009-07-13 21:08 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-02-25 06:21:41
Restore point made on: 2013-02-26 00:57:33
Restore point made on: 2013-02-26 01:59:31
Restore point made on: 2013-03-02 01:32:17
Restore point made on: 2013-03-05 01:45:30
Restore point made on: 2013-03-08 01:06:59
Restore point made on: 2013-03-08 01:07:06
Restore point made on: 2013-03-08 02:16:21
Restore point made on: 2013-03-08 02:28:54
Restore point made on: 2013-03-09 01:23:31
Restore point made on: 2013-03-09 02:21:11
Restore point made on: 2013-03-10 04:59:01
Restore point made on: 2013-03-10 04:59:16
Restore point made on: 2013-03-10 04:59:43
Restore point made on: 2013-03-10 05:30:10

==================== Memory info =========================== 

Percentage of memory in use: 17%
Total physical RAM: 3956.5 MB
Available physical RAM: 3246.79 MB
Total Pagefile: 3954.64 MB
Available Pagefile: 3238.52 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: (Packard Bell) (Fixed) (Total:452.97 GB) (Free:398.54 GB) NTFS
2 Drive e: (PQSERVICE) (Fixed) (Total:12.7 GB) (Free:0.87 GB) NTFS
4 Drive g: () (Removable) (Total:1.96 GB) (Free:1.17 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

  Datentr„ger ###  Status         Gr”áe    Frei     Dyn  GPT
  ---------------  -------------  -------  -------  ---  ---
  Datentr„ger 0    Online          465 GB      0 B         
  Datentr„ger 1    Online         2006 MB      0 B         

Partitions of Disk 0:
===============

Datentr„ger-ID: 4FFE4FFE

  Partition ###  Typ               GrӇe    Offset
  -------------  ----------------  -------  -------
  Partition 1    Wiederherstellun    12 GB  1024 KB
  Partition 2    Prim„r             100 MB    12 GB
  Partition 3    Prim„r             452 GB    12 GB

==================================================================================

Disk: 0
Partition 1
Typ      : 27
Versteckt: Ja
Aktiv    : Nein

  Volume ###  Bst  Bezeichnung  DS     Typ         GrӇe    Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3     E   PQSERVICE    NTFS   Partition     12 GB  Fehlerfre  Versteck

=========================================================

Disk: 0
Partition 2
Typ      : 07
Versteckt: Nein
Aktiv    : Ja

  Volume ###  Bst  Bezeichnung  DS     Typ         GrӇe    Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1     Y   SYSTEM RESE  NTFS   Partition    100 MB  Fehlerfre          

=========================================================

Disk: 0
Partition 3
Typ      : 07
Versteckt: Nein
Aktiv    : Nein

  Volume ###  Bst  Bezeichnung  DS     Typ         GrӇe    Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2     C   Packard Bel  NTFS   Partition    452 GB  Fehlerfre          

=========================================================

Partitions of Disk 1:
===============

Datentr„ger-ID: 005B7DEF

  Partition ###  Typ               GrӇe    Offset
  -------------  ----------------  -------  -------
  Partition 1    Prim„r            2006 MB    16 KB

==================================================================================

Disk: 1
Partition 1
Typ      : 06
Versteckt: Nein
Aktiv    : Ja

  Volume ###  Bst  Bezeichnung  DS     Typ         GrӇe    Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 4     G                FAT    Wechselmed  2006 MB  Fehlerfre          

=========================================================
============================== MBR Partition Table ==================

==============================
Partitions of Disk 0:
===============
Disk ID: 4FFE4FFE

Partition 1:
===========
Hex: 0020210027FEFFFF0008000000409601
Active: NO
Type: 27
Size: 13 GB

Partition 2:
===========
Hex: 80FEFFFF07FEFFFF0048960100200300
Active: YES
Type: 07 (NTFS)
Size: 100 MB

Partition 3:
===========
Hex: 00FEFFFF07FEFFFF0068990130F09E38
Active: NO
Type: 07 (NTFS)
Size: 453 GB

==============================
Partitions of Disk 1:
===============
Disk ID: 005B7DEF

Partition 1:
===========
Hex: 800101000601FFFF20000000E0B33E00
Active: YES
Type: 06
Size: 2 GB


Last Boot: 2013-03-09 11:00

==================== End Of Log =============================
         
Viele Grüße
Karre

Alt 10.03.2013, 15:13   #8
ryder
/// TB-Ausbilder
 
TR/Matsnu.A.85    TR/PSW.Zbot.1970 - Standard

TR/Matsnu.A.85 TR/PSW.Zbot.1970



Meine Güte! Sowas hab ich ja noch nie gesehen, so voller Malware ... meine Hochachtung ...

Fix mit FRST

Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument
Code:
ATTFilter
HKU\Karre\...\Run: [winva] "C:\Users\Karre\AppData\Roaming\winva.exe" -autorun [x]
HKU\Karre\...\Run: [logonqu] "C:\Users\Karre\AppData\Roaming\logonqu.exe" -autorun [248832 1687-06-26] (??????????  ??????????)
HKU\Karre\...\Run: [KB00845595.exe] "C:\Users\Karre\AppData\Roaming\KB00845595.exe" [89088 2013-03-10] (Exiland Software)
HKU\Karre\...\Run: [Iduqirvi] C:\Users\Karre\AppData\Roaming\Hiamib\zufa.exe [x]
C:\Users\Karre\AppData\Roaming\Iczuwy
C:\Users\Karre\AppData\Roaming\Duray
:\Users\Karre\AppData\Roaming\Feulat
C:\Users\Karre\AppData\Roaming\KB00845595.exe
C:\Users\Karre\AppData\Roaming\logonqu.exe
C:\Users\Karre\AppData\Roaming\winva.exe
C:\Users\Karre\AppData\Roaming\Ysoh
C:\Users\Karre\AppData\Roaming\Vyacbo
C:\Users\Karre\AppData\Roaming\Ubha
C:\Users\Karre\AppData\Roaming\Woxu
C:\Users\Karre\AppData\Roaming\Unsy
C:\Users\Karre\AppData\Roaming\Exfe
C:\Users\Karre\AppData\Roaming\Veyr
C:\Users\Karre\AppData\Roaming\Lyfy
C:\Users\Karre\AppData\Roaming\Lavih
C:\Users\Karre\AppData\Roaming\Inbumu
C:\Users\Karre\AppData\Roaming\Igycva
C:\Users\Karre\AppData\Roaming\Eqfe
C:\Users\Karre\AppData\Roaming\Hiamib
C:\Users\Karre\AppData\Roaming\Cesi
C:\Users\Karre\AppData\Roaming\Hapun
         
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Fix Button.
Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

Berichte ob du jetzt die anderen Schritte durchführen kannst.
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!

Alt 10.03.2013, 15:40   #9
Karre
 
TR/Matsnu.A.85    TR/PSW.Zbot.1970 - Standard

TR/Matsnu.A.85 TR/PSW.Zbot.1970



Danke Danke für die Blumen, ich hab mir wirklich große Mühe gegeben.

Hier die Fixlog.txt:

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-03-2013
Ran by SYSTEM at 2013-03-10 15:37:54 Run:1
Running from G:\

==============================================

HKEY_USERS\Karre\Software\Microsoft\Windows\CurrentVersion\Run\\winva Value deleted successfully.
HKEY_USERS\Karre\Software\Microsoft\Windows\CurrentVersion\Run\\logonqu Value deleted successfully.
HKEY_USERS\Karre\Software\Microsoft\Windows\CurrentVersion\Run\\KB00845595.exe Value deleted successfully.
HKEY_USERS\Karre\Software\Microsoft\Windows\CurrentVersion\Run\\Iduqirvi Value deleted successfully.
C:\Users\Karre\AppData\Roaming\Iczuwy moved successfully.
C:\Users\Karre\AppData\Roaming\Duray moved successfully.
C:\Users\Karre\AppData\Roaming\KB00845595.exe moved successfully.
C:\Users\Karre\AppData\Roaming\logonqu.exe moved successfully.
C:\Users\Karre\AppData\Roaming\winva.exe not found.
C:\Users\Karre\AppData\Roaming\Ysoh moved successfully.
C:\Users\Karre\AppData\Roaming\Vyacbo moved successfully.
C:\Users\Karre\AppData\Roaming\Ubha moved successfully.
C:\Users\Karre\AppData\Roaming\Woxu moved successfully.
C:\Users\Karre\AppData\Roaming\Unsy moved successfully.
C:\Users\Karre\AppData\Roaming\Exfe moved successfully.
C:\Users\Karre\AppData\Roaming\Veyr moved successfully.
C:\Users\Karre\AppData\Roaming\Lyfy moved successfully.
C:\Users\Karre\AppData\Roaming\Lavih moved successfully.
C:\Users\Karre\AppData\Roaming\Inbumu moved successfully.
C:\Users\Karre\AppData\Roaming\Igycva moved successfully.
C:\Users\Karre\AppData\Roaming\Eqfe moved successfully.
C:\Users\Karre\AppData\Roaming\Hiamib moved successfully.
C:\Users\Karre\AppData\Roaming\Cesi moved successfully.
C:\Users\Karre\AppData\Roaming\Hapun moved successfully.

==== End of Fixlog ====
         

Alt 10.03.2013, 15:54   #10
ryder
/// TB-Ausbilder
 
TR/Matsnu.A.85    TR/PSW.Zbot.1970 - Standard

TR/Matsnu.A.85 TR/PSW.Zbot.1970



Zitat:
Berichte ob du jetzt die anderen Schritte durchführen kannst.
Nun?
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!

Alt 10.03.2013, 16:10   #11
Karre
 
TR/Matsnu.A.85    TR/PSW.Zbot.1970 - Standard

TR/Matsnu.A.85 TR/PSW.Zbot.1970



Entschuldige, den letzten Satz hatte ich überlesen. Also: Ask Toolbar und Bing Bar habe ich deinstalliert, Downloader sehe ich keine. Cleaner auch nicht. McAfee ist deinstalliert,

Von Java habe ich Java 7 Update 17 und Java FX 2.1.1. Sollen die auch runter?
Von den restlichen Programmen habe ich keines.

Gruß

Alt 10.03.2013, 16:15   #12
ryder
/// TB-Ausbilder
 
TR/Matsnu.A.85    TR/PSW.Zbot.1970 - Standard

TR/Matsnu.A.85 TR/PSW.Zbot.1970



Nein die bleiben.

Dann weiter.
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!

Alt 10.03.2013, 16:52   #13
Karre
 
TR/Matsnu.A.85    TR/PSW.Zbot.1970 - Standard

TR/Matsnu.A.85 TR/PSW.Zbot.1970



So.

AdwCleaner:
Code:
ATTFilter
# AdwCleaner v2.114 - Datei am 10/03/2013 um 16:17:38 erstellt
# Aktualisiert am 05/03/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Karre - KARRE-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Karre\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Karre\AppData\Roaming\Mozilla\Firefox\Profiles\sy8aeltw.default\searchplugins\11-suche.xml
Datei Gelöscht : C:\Users\Karre\AppData\Roaming\Mozilla\Firefox\Profiles\sy8aeltw.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Users\Public\Desktop\eBay.lnk
Ordner Gelöscht : C:\ProgramData\Ask

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v19.0.2 (de)

Datei : C:\Users\Karre\AppData\Roaming\Mozilla\Firefox\Profiles\sy8aeltw.default\prefs.js

C:\Users\Karre\AppData\Roaming\Mozilla\Firefox\Profiles\sy8aeltw.default\user.js ... Gelöscht !

Gelöscht : user_pref("browser.search.order.1", "Ask.com");
Gelöscht : user_pref("browser.search.selectedEngine", "Ask.com");
Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Gelöscht : user_pref("browser.search.defaultenginename", "Ask.com");

-\\ Google Chrome v25.0.1364.152

Datei : C:\Users\Karre\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [2189 octets] - [10/03/2013 16:17:38]

########## EOF - C:\AdwCleaner[S1].txt - [2249 octets] ##########
         
Combofix:

Code:
ATTFilter
ComboFix 13-03-10.02 - Karre 10.03.2013  16:42:54.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3956.2749 [GMT 1:00]
ausgeführt von:: c:\users\Karre\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\muzapp.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-02-10 bis 2013-03-10  ))))))))))))))))))))))))))))))
.
.
2013-03-10 22:50 . 2013-03-10 22:50	--------	d-----w-	C:\FRST
2013-03-10 15:47 . 2013-03-10 15:47	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-03-09 09:57 . 2013-03-09 10:27	--------	d-----w-	c:\program files (x86)\Mozilla Maintenance Service
2013-03-09 09:23 . 2013-02-08 00:28	9162192	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{E6B1B255-B273-4A25-94C7-766BE6499D1E}\mpengine.dll
2013-03-08 11:40 . 2013-03-10 13:36	--------	d--h--w-	c:\users\Karre\AppData\Roaming\9D65552A
2013-03-08 11:20 . 2013-03-08 11:20	--------	d-----w-	c:\users\Karre\AppData\Roaming\Feulat
2013-03-08 11:07 . 2013-03-08 11:07	--------	d-----w-	c:\users\Karre\AppData\Roaming\Avira
2013-03-08 11:01 . 2013-03-08 10:54	99912	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-03-08 11:01 . 2013-03-08 10:54	27800	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-03-08 11:01 . 2013-03-08 10:54	129216	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-03-08 11:01 . 2013-03-08 11:01	--------	d-----w-	c:\programdata\Avira
2013-03-08 11:01 . 2013-03-08 11:01	--------	d-----w-	c:\program files (x86)\Avira
2013-02-26 10:08 . 2013-02-26 10:08	--------	d-----w-	c:\users\Karre\AppData\Local\Samsung
2013-02-26 10:08 . 2013-02-26 10:08	--------	d-----w-	c:\users\Karre\AppData\Roaming\Samsung
2013-02-26 10:00 . 2013-02-05 16:53	4659712	----a-w-	c:\windows\SysWow64\Redemption.dll
2013-02-26 10:00 . 2013-02-05 16:52	821824	----a-w-	c:\windows\SysWow64\dgderapi.dll
2013-02-26 09:59 . 2013-02-26 15:15	--------	d-----w-	c:\program files (x86)\Samsung
2013-02-26 09:59 . 2013-02-26 10:06	--------	d-----w-	c:\programdata\Samsung
2013-02-26 09:51 . 2013-02-26 09:51	--------	d-----w-	c:\users\Karre\AppData\Local\Downloaded Installations
2013-02-25 18:13 . 2013-02-25 18:13	--------	d-----w-	c:\windows\Sun
2013-02-14 10:14 . 2013-01-08 22:01	768000	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 10:14 . 2013-01-09 01:10	996352	----a-w-	c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 09:33 . 2013-01-05 05:53	5553512	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-02-14 09:33 . 2013-01-05 05:00	3967848	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-02-14 09:33 . 2013-01-05 05:00	3913064	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-02-14 09:33 . 2013-01-04 03:26	3153408	----a-w-	c:\windows\system32\win32k.sys
2013-02-14 09:33 . 2013-01-04 05:46	215040	----a-w-	c:\windows\system32\winsrv.dll
2013-02-14 09:33 . 2013-01-04 02:47	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2013-02-14 09:33 . 2013-01-04 04:51	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2013-02-14 09:33 . 2013-01-04 02:47	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2013-02-14 09:33 . 2013-01-04 02:47	2048	----a-w-	c:\windows\SysWow64\user.exe
2013-02-14 09:33 . 2013-01-04 02:47	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2013-02-14 09:33 . 2013-01-03 06:00	1913192	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-02-14 09:33 . 2013-01-03 06:00	288088	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-09 10:21 . 2012-07-13 11:22	861088	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-03-09 10:21 . 2012-07-13 11:22	782240	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-02-24 10:05 . 2012-04-24 14:55	71024	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-24 10:05 . 2012-04-24 14:55	691568	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-14 10:18 . 2011-02-21 16:52	70004024	----a-w-	c:\windows\system32\MRT.exe
2013-02-05 16:52 . 2013-02-05 16:52	90112	----a-w-	c:\windows\MAMCityDownload.ocx
2013-02-05 16:52 . 2013-02-05 16:52	330240	----a-w-	c:\windows\MASetupCaller.dll
2013-02-05 16:52 . 2013-02-05 16:52	30568	----a-w-	c:\windows\MusiccityDownload.exe
2013-02-05 16:52 . 2013-02-05 16:52	974848	----a-w-	c:\windows\SysWow64\cis-2.4.dll
2013-02-05 16:52 . 2013-02-05 16:52	81920	----a-w-	c:\windows\SysWow64\issacapi_bs-2.3.dll
2013-02-05 16:52 . 2013-02-05 16:52	65536	----a-w-	c:\windows\SysWow64\issacapi_pe-2.3.dll
2013-02-05 16:52 . 2013-02-05 16:52	57344	----a-w-	c:\windows\SysWow64\MTXSYNCICON.dll
2013-02-05 16:52 . 2013-02-05 16:52	57344	----a-w-	c:\windows\SysWow64\MK_Lyric.dll
2013-02-05 16:52 . 2013-02-05 16:52	57344	----a-w-	c:\windows\SysWow64\issacapi_se-2.3.dll
2013-02-05 16:52 . 2013-02-05 16:52	569344	----a-w-	c:\windows\SysWow64\muzdecode.ax
2013-02-05 16:52 . 2013-02-05 16:52	491520	----a-w-	c:\windows\SysWow64\muzapp.dll
2013-02-05 16:52 . 2013-02-05 16:52	49152	----a-w-	c:\windows\SysWow64\MaJGUILib.dll
2013-02-05 16:52 . 2013-02-05 16:52	45320	----a-w-	c:\windows\SysWow64\MAMACExtract.dll
2013-02-05 16:52 . 2013-02-05 16:52	45056	----a-w-	c:\windows\SysWow64\MaXMLProto.dll
2013-02-05 16:52 . 2013-02-05 16:52	45056	----a-w-	c:\windows\SysWow64\MACXMLProto.dll
2013-02-05 16:52 . 2013-02-05 16:52	40960	----a-w-	c:\windows\SysWow64\MTTELECHIP.dll
2013-02-05 16:52 . 2013-02-05 16:52	352256	----a-w-	c:\windows\SysWow64\MSLUR71.dll
2013-02-05 16:52 . 2013-02-05 16:52	258048	----a-w-	c:\windows\SysWow64\muzoggsp.ax
2013-02-05 16:52 . 2013-02-05 16:52	245760	----a-w-	c:\windows\SysWow64\MSCLib.dll
2013-02-05 16:52 . 2013-02-05 16:52	24576	----a-w-	c:\windows\SysWow64\MASetupCleaner.exe
2013-02-05 16:52 . 2013-02-05 16:52	200704	----a-w-	c:\windows\SysWow64\muzwmts.dll
2013-02-05 16:52 . 2013-02-05 16:52	155648	----a-w-	c:\windows\SysWow64\MSFLib.dll
2013-02-05 16:52 . 2013-02-05 16:52	143360	----a-w-	c:\windows\SysWow64\3DAudio.ax
2013-02-05 16:52 . 2013-02-05 16:52	135168	----a-w-	c:\windows\SysWow64\muzaf1.dll
2013-02-05 16:52 . 2013-02-05 16:52	131072	----a-w-	c:\windows\SysWow64\muzmpgsp.ax
2013-02-05 16:52 . 2013-02-05 16:52	122880	----a-w-	c:\windows\SysWow64\muzeffect.ax
2013-02-05 16:52 . 2013-02-05 16:52	118784	----a-w-	c:\windows\SysWow64\MaDRM.dll
2013-02-05 16:52 . 2013-02-05 16:52	110592	----a-w-	c:\windows\SysWow64\muzmp4sp.ax
2013-01-17 00:28 . 2011-01-08 16:26	273840	------w-	c:\windows\system32\MpSigStub.exe
2013-01-04 04:43 . 2013-02-14 09:33	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-12-16 17:11 . 2012-12-21 10:13	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 10:13	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 10:13	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 10:13	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2013-02-13 1509232]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" [2010-06-28 263936]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-22 98304]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-11 975952]
"Camera Assistant Software"="c:\program files (x86)\Video Web Camera\traybar.exe" [2010-07-15 600688]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2013-02-13 310128]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-03-08 385248]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
Microsoft Office OneNote 2003 Schnellstart.lnk - c:\program files (x86)\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-4-19 64864]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2010-06-10 40448]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2008-06-16 55024]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-03-08 27800]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-01-22 202752]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-03-08 86752]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-11 321104]
S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2010-06-11 868896]
S2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [2010-01-08 23584]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [2010-06-28 255744]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2010-01-28 243232]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-06-08 406056]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-05 09:42	1630672	----a-w-	c:\program files (x86)\Google\Chrome\Application\25.0.1364.152\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-13 10:35]
.
2013-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-13 10:35]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-06-10 324608]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-29 11101800]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-06-10 206208]
"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2010-06-11 861216]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://packardbell.msn.com
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://packardbell.msn.com
mStart Page = hxxp://packardbell.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Karre\AppData\Roaming\Mozilla\Firefox\Profiles\sy8aeltw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=de&q=
FF - ExtSQL: !HIDDEN! 2011-01-08 18:23; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-KiesAirMessage - c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-10  16:49:36
ComboFix-quarantined-files.txt  2013-03-10 15:49
.
Vor Suchlauf: 9 Verzeichnis(se), 429.411.635.200 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 429.033.213.952 Bytes frei
.
- - End Of File - - 6A6884E980C3FC3653A55F522DA64BA1
         
Gruß

Alt 10.03.2013, 17:01   #14
ryder
/// TB-Ausbilder
 
TR/Matsnu.A.85    TR/PSW.Zbot.1970 - Standard

TR/Matsnu.A.85 TR/PSW.Zbot.1970



Gut!

Soweit ich das sehe haben wir damit alles Schädliche entfernt. Um sicher sein zu können müssen jetzt noch ein paar Kontrollen machen und werden dann deinen Computer noch auf einen sicheren Stand bringen. Da diese Scans jetzt sehr lange dauern können bitte ich dich mir erst wieder zu schreiben, wenn du auch wirklich alles erledigt hast oder Probleme auftreten sollten.

Schritt 1:
Quick-Scan mit Malwarebytes
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 2:

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte poste das Logfile hier oder teile mir mit, dass nichts gefunden wurde.
Hinweis: Der Scan kann sehr lange (einige Stunden) dauern!

Schritt 3:
Scan mit SecurityCheck

Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.


Alternativer Link: SecurityCheck Download
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!

Alt 12.03.2013, 15:42   #15
ryder
/// TB-Ausbilder
 
TR/Matsnu.A.85    TR/PSW.Zbot.1970 - Standard

TR/Matsnu.A.85 TR/PSW.Zbot.1970



Hallo, benötigst Du noch weiterhin Hilfe ?

Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten.

Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!

Antwort

Themen zu TR/Matsnu.A.85 TR/PSW.Zbot.1970
adobe, antivir, avg, avira, bho, bingbar, desktop, entfernen, excel, explorer, firefox, format, gmx.net, home, launch, logfile, microsoft office 2003, opera, packard bell, programme, realtek, registry, scan, security, software, symantec, temp, tr/matsnu.a., tr/matsnu.a.85, tr/psw.zbot., tr/psw.zbot.1970, virus, windows



Ähnliche Themen: TR/Matsnu.A.85 TR/PSW.Zbot.1970


  1. Windows 7:Werde Viren nicht los TR/Matsnu.A.59,TR/Matsnu.A.56 und TR/BankZone.A.8
    Log-Analyse und Auswertung - 06.09.2013 (9)
  2. Nach PWS:WIN32/Zbot.gen!Am jetzt PWS:WIN32/Zbot.AJB - wie werde ich diesen los
    Log-Analyse und Auswertung - 16.08.2013 (10)
  3. Trojan.zbot.FV und Spyware.zbot.-ED auf Netbook Asus Eee PC /Win7
    Plagegeister aller Art und deren Bekämpfung - 21.07.2013 (23)
  4. Matsnu.gen!A
    Plagegeister aller Art und deren Bekämpfung - 26.05.2013 (22)
  5. Sparkassen Onlin Banking Virus (Zbot.HEEP, Agent.MIXC, Zbot, Agent.ED)
    Plagegeister aller Art und deren Bekämpfung - 18.05.2013 (21)
  6. TR/Matsnu.EB.133
    Log-Analyse und Auswertung - 08.04.2013 (1)
  7. Mahnungstrojaner TR/Matsnu.EB.132
    Plagegeister aller Art und deren Bekämpfung - 26.03.2013 (3)
  8. TR/matsnu.A.77.
    Log-Analyse und Auswertung - 11.03.2013 (1)
  9. matsnu.eb.101
    Plagegeister aller Art und deren Bekämpfung - 11.02.2013 (1)
  10. TR/Matsnu.EB.20
    Log-Analyse und Auswertung - 23.07.2012 (13)
  11. TR/Matsnu.EB.33
    Plagegeister aller Art und deren Bekämpfung - 19.07.2012 (3)
  12. Trojaner TR/Matsnu.EB.32
    Plagegeister aller Art und deren Bekämpfung - 19.07.2012 (1)
  13. TR/Matsnu.EB.6
    Plagegeister aller Art und deren Bekämpfung - 11.06.2012 (1)
  14. Matsnu.A.66
    Plagegeister aller Art und deren Bekämpfung - 10.06.2012 (1)
  15. TR/Matsnu.EB.3
    Plagegeister aller Art und deren Bekämpfung - 30.05.2012 (1)
  16. trojan.matsnu.1 ?
    Log-Analyse und Auswertung - 04.05.2012 (2)
  17. 3 tw. unbekannte Trojaner TR/Spy.ZBot.hkp.2, TR/Dropper.Gen und TR/Spy.ZBot.hss
    Plagegeister aller Art und deren Bekämpfung - 25.01.2009 (0)

Zum Thema TR/Matsnu.A.85 TR/PSW.Zbot.1970 - Guten Abend. Ich kenne mich leider sehr schlecht mit Computerdingen aus und habe heute zum Glück von diesem Forum erfahren. Mein Avira zeigt mir seit einigen Tagen immer wieder Sicherheitswarnungen, - TR/Matsnu.A.85 TR/PSW.Zbot.1970...
Archiv
Du betrachtest: TR/Matsnu.A.85 TR/PSW.Zbot.1970 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.