Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: vermehrte Virusmeldungen, wahrscheinlich auch wg der Rechnung.zip von Groupon?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 15.03.2013, 08:36   #1
dvdhero
 
vermehrte Virusmeldungen, wahrscheinlich auch wg der Rechnung.zip von Groupon? - Standard

vermehrte Virusmeldungen, wahrscheinlich auch wg der Rechnung.zip von Groupon?



Moin liebe Experten,

ich bin auch auf die Mail von "Groupon" reingefallen.
Jetzt bekomme ich oft Virusmeldungen durch mein Virenscanner (AntiVir).
Leider bin ich damit etwas überfordert.

Vielleicht könnt Ihr mir helfen.

Anbei die letzten Funde durch AntiVir:
Code:
ATTFilter
Typ:	Datei
Quelle:	C:\Users\***\AppData\Local\Temp\POS1386.tmp
Status:	Infiziert
Quarantäne-Objekt:	59f94c6c.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.02.12.16
Virendefinitionsdatei:	7.11.65.04
Meldung:	TR/Kazy.153787.2
Datum/Uhrzeit:	15.03.2013, 08:53


Typ:	Datei
Quelle:	C:\Users\***\AppData\Roaming\KB00834037.exe.DAT
Status:	Infiziert
Quarantäne-Objekt:	56b37ebc.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.02.12.16
Virendefinitionsdatei:	7.11.65.04
Meldung:	TR/Graftor.72688
Datum/Uhrzeit:	15.03.2013, 08:52


Typ:	Datei
Quelle:	C:\Users\***\AppData\Roaming\KB00834037.exe
Status:	Infiziert
Quarantäne-Objekt:	59dee816.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.02.12.16
Virendefinitionsdatei:	7.11.64.242
Meldung:	TR/Kazy.153787.2
Datum/Uhrzeit:	15.03.2013, 02:27


Typ:	Datei
Quelle:	C:\Users\***\AppData\Local\Temp\tmp7568a5f8\vv1303.exe
Status:	Infiziert
Quarantäne-Objekt:	594f8603.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.02.12.14
Virendefinitionsdatei:	7.11.64.226
Meldung:	TR/Spy.Bebloh.EB.100
Datum/Uhrzeit:	14.03.2013, 01:22
         
Zudem hier die Logfiles:
Aber GMER funktioniert bei mir nicht.
Es kam nach einer Zeit folgende Benachrichtigung:
gmer_2.1.19155.exe funktioniert nicht mehr

Das Programm wird aufgrund eines Problems nicht richtig ausgeführt.
Das Programm wird geschlossen und Sie werden benachrichtigt, wenn eine Lösung verfügbar ist.

Hier nun defogger:
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 04:53 on 15/03/2013 (***)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Lite -> Removed

Checking for services/drivers...


-=E.O.F=-
         
Code:
ATTFilter
OTL logfile created on: 3/15/2013 4:56:22 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.96 Gb Total Physical Memory | 1.76 Gb Available Physical Memory | 59.27% Memory free
5.92 Gb Paging File | 4.34 Gb Available in Paging File | 73.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 106.39 Gb Total Space | 7.56 Gb Free Space | 7.10% Space Free | Partition Type: NTFS
Drive D: | 106.39 Gb Total Space | 0.01 Gb Free Space | 0.01% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name:***| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/03/15 04:54:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2013/02/08 14:55:20 | 001,644,680 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2013/02/06 11:54:06 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013/02/06 11:53:46 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013/02/06 11:53:46 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013/01/20 20:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/11/13 14:08:12 | 003,487,240 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
PRC - [2012/11/13 14:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2012/11/13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2012/11/13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2012/11/13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2010/06/10 13:42:44 | 002,621,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
PRC - [2010/05/06 07:44:44 | 001,749,504 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe
PRC - [2010/01/19 03:34:48 | 002,201,192 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
PRC - [2009/12/17 06:34:08 | 000,834,560 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2009/10/13 11:03:04 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/11/13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2012/11/13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2012/11/13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
MOD - [2012/11/13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl
MOD - [2012/11/13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
MOD - [2006/08/12 04:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2013/03/13 06:01:50 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/06 11:54:06 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/02/06 11:53:46 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/10/19 16:14:08 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/01/04 19:17:42 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/12/11 19:34:30 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/12/11 19:34:30 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012/11/16 20:17:15 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012/07/30 12:32:08 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012/07/30 12:32:08 | 000,102,240 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/14 18:51:20 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 11:49:51 | 000,146,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST)
DRV:64bit: - [2010/08/25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/04/01 01:25:14 | 000,136,192 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010/03/31 01:35:26 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
DRV:64bit: - [2009/12/14 21:46:56 | 001,573,888 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/10/13 03:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/28 10:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/08/05 22:24:16 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/10 14:45:12 | 000,139,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2009/06/10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2010/08/09 10:25:19 | 000,015,144 | ---- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\rtport.sys -- (rtport)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {72a0f495-ba60-4524-827b-b36b8c18587a} - C:\Program Files (x86)\WhiteSmoke_US_New_E1\prxtbWhit.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\***\Desktop\Desp. Houswives
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {72a0f495-ba60-4524-827b-b36b8c18587a} - C:\Program Files (x86)\WhiteSmoke_US_New_E1\prxtbWhit.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{5D2564B4-BA8D-44DE-9CA2-11702F25A82A}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=39BA7493-0E43-4E9B-82B4-D2AD316F6A87&apn_sauid=5DFF952A-A4D7-4BA5-A139-514F9C3B650E
IE - HKCU\..\SearchScopes\{6089E4E5-E6DF-4CC7-9174-1D523B95B31E}: "URL" = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http-proxy.fu-berlin.de:80
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/01/26 19:46:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/01/26 19:46:30 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Netviewer Support) - {4BE8B65B-EE14-40C1-B6BB-31E494FE6EBA} - C:\PROGRA~2\NETVIE~1\Support\Plugin\IEPLUG~1\NVIEPL~1.DLL (Netviewer AG)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (WhiteSmoke US New E1 Toolbar) - {72a0f495-ba60-4524-827b-b36b8c18587a} - C:\Program Files (x86)\WhiteSmoke_US_New_E1\prxtbWhit.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (WhiteSmoke US New E1 Toolbar) - {72a0f495-ba60-4524-827b-b36b8c18587a} - C:\Program Files (x86)\WhiteSmoke_US_New_E1\prxtbWhit.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (&Netviewer Support) - {E1F9EDE7-EF90-4A65-A5A4-D2FFEEA5D469} - C:\PROGRA~2\NETVIE~1\Support\Plugin\IEPLUG~1\NVIEPL~1.DLL (Netviewer AG)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [colodVol] rundll32 ",CreateProcessNotify File not found
O4 - HKCU..\Run: [klwcbbuc] C:\Users\BJRN~1.WER\AppData\Local\Temp\Dpkdxni\kszgvwpbbuc.exe File not found
O4 - HKCU..\Run: [mietn] rundll32.exe  File not found
O4 - HKCU..\Run: [nmaiooei] C:\Users\***\AppData\Local\Temp\Jqrzvupmfd\fnhleooei.exe ()
O4 - HKCU..\Run: [silapi] "C:\Windows\System32\rundll32.exe"  File not found
O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [wintv] "C:\Users\***\AppData\Roaming\wintv.exe" -autorun File not found
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.50.140.180 195.50.140.114
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F60E597-EFF3-4BFC-9E7A-92338D17C8C5}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8FC7120D-BBE0-4850-B828-CF269BAC3849}: DhcpNameServer = 195.50.140.180 195.50.140.114
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{421dc10f-3121-11e2-8048-002454b6e387}\Shell - "" = AutoRun
O33 - MountPoints2\{421dc10f-3121-11e2-8048-002454b6e387}\Shell\AutoRun\command - "" = F:\iStudio.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\iStudio.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/03/15 04:54:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013/03/14 19:06:52 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\123
[2013/03/08 20:19:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/03/08 20:19:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/03/08 20:19:48 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013/03/08 20:19:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013/03/08 20:18:03 | 055,454,464 | ---- | C] (Safer-Networking Ltd.                                       ) -- C:\Users\***\Desktop\SpybotSD2.exe
[2013/03/08 14:43:37 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Udyxp
[2013/03/08 14:43:37 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Cile
[2013/03/08 14:43:37 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Byubol
[2013/03/08 12:41:14 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\793F0FAB
[2013/03/08 12:14:20 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Piyrm
[2013/03/08 12:14:20 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Hice
[2013/03/08 12:14:20 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Dunuaq
[2013/03/08 10:54:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Gizoyr
[2013/03/08 10:54:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Epynf
[2013/03/08 10:54:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Dawi
[2013/03/08 10:52:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Ovneiq
[2013/03/08 10:52:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Hize
[2013/03/08 10:52:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Agnu
[2013/02/25 04:17:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2013/02/25 04:17:25 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\APN
[2013/02/25 04:17:23 | 000,000,000 | ---D | C] -- C:\Firefox
[2013/02/24 22:37:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask
[2013/02/24 22:37:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
 
========== Files - Modified Within 30 Days ==========
 
[2013/03/15 04:54:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013/03/15 04:53:42 | 000,000,168 | ---- | M] () -- C:\Users\***\defogger_reenable
[2013/03/15 04:52:46 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2013/03/15 04:39:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/15 04:30:00 | 000,014,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/15 04:30:00 | 000,014,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/15 04:18:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/15 04:18:42 | 3179,921,408 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/15 02:20:48 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013/03/14 18:21:54 | 000,002,048 | -H-- | M] () -- C:\Users\***\Documents\Default.rdp
[2013/03/11 06:14:18 | 000,000,302 | ---- | M] () -- C:\Users\***\AppData\Roaming\KB00834037.exe.BAT
[2013/03/10 02:33:07 | 000,089,088 | ---- | M] () -- C:\Users\***\AppData\Roaming\KB00834037.exe.DAT
[2013/03/08 20:19:54 | 000,002,173 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/03/08 20:19:12 | 055,454,464 | ---- | M] (Safer-Networking Ltd.                                       ) -- C:\Users\***\Desktop\SpybotSD2.exe
[2013/03/08 13:02:26 | 000,116,448 | ---- | M] () -- C:\Users\***\Documents\svnetbkp_20130308130214.svb
[2013/03/08 12:29:03 | 000,339,936 | ---- | M] () -- C:\Users\***\Desktop\Gesellschaftsvertrag - Bito AG (Berlin).tif
[2013/03/03 21:28:35 | 001,682,504 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/03 21:28:35 | 000,719,712 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013/03/03 21:28:35 | 000,681,554 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/03 21:28:35 | 000,154,882 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013/03/03 21:28:35 | 000,131,264 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/03 21:16:56 | 000,328,972 | ---- | M] () -- C:\Users\***\Desktop\Übungsaufgabe IAS 19 neu.pdf
[2013/02/15 09:23:33 | 000,420,232 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2013/03/15 04:53:42 | 000,000,168 | ---- | C] () -- C:\Users\***\defogger_reenable
[2013/03/15 04:52:46 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2013/03/15 02:20:48 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013/03/11 06:14:18 | 000,000,302 | ---- | C] () -- C:\Users\***\AppData\Roaming\KB00834037.exe.BAT
[2013/03/08 20:19:54 | 000,002,185 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/03/08 20:19:54 | 000,002,173 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/03/08 13:02:24 | 000,116,448 | ---- | C] () -- C:\Users\***\Documents\svnetbkp_20130308130214.svb
[2013/03/08 12:41:13 | 000,089,088 | ---- | C] () -- C:\Users\***\AppData\Roaming\KB00834037.exe.DAT
[2013/03/08 12:33:07 | 000,339,936 | ---- | C] () -- C:\Users\***\Desktop\Gesellschaftsvertrag - Bito AG (Berlin).tif
[2013/03/03 21:16:43 | 000,328,972 | ---- | C] () -- C:\Users\***\Desktop\Übungsaufgabe IAS 19 neu.pdf
[2012/06/29 06:26:16 | 004,503,728 | ---- | C] () -- C:\ProgramData\l_0_00_re.pad
[2012/01/31 20:43:07 | 000,000,343 | ---- | C] () -- C:\Users\***\AppData\Roaming\solr129725125879631490.xml
[2012/01/27 07:55:30 | 000,000,343 | ---- | C] () -- C:\Users\***\AppData\Roaming\solr129721209303326158.xml
[2012/01/19 21:27:23 | 000,000,343 | ---- | C] () -- C:\Users\***\AppData\Roaming\solr129714784434242087.xml
[2012/01/08 15:39:02 | 000,000,343 | ---- | C] () -- C:\Users\***\AppData\Roaming\solr129705071423016200.xml
[2012/01/08 14:44:26 | 000,000,400 | -H-- | C] () -- C:\Windows\br.bin
[2012/01/08 12:46:53 | 001,705,192 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/02/15 15:28:41 | 000,000,653 | ---- | C] () -- C:\Users\***\AppData\Roaming\BeckLStTab.ini
[2011/02/15 15:28:41 | 000,000,050 | ---- | C] () -- C:\Users\***\AppData\Roaming\newCOMer.ini
[2010/12/14 09:03:37 | 000,022,419 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft Access 97-2003.ADR
[2010/12/14 08:15:20 | 000,021,869 | ---- | C] () -- C:\Users\***\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2010/09/28 16:28:24 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/03/14 01:37:07 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\793F0FAB
[2013/03/08 10:52:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Agnu
[2012/11/22 06:08:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ateswy
[2013/03/08 14:43:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Byubol
[2013/03/08 14:43:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Cile
[2013/01/04 19:18:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2013/03/15 04:16:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dawi
[2013/03/15 04:22:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2013/03/08 12:29:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dunuaq
[2012/11/23 18:57:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ecmay
[2012/01/15 22:16:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\elsterformular
[2012/08/09 23:38:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ennozy
[2013/03/08 10:54:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Epynf
[2012/08/10 08:36:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Fyvuod
[2013/03/08 10:54:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Gizoyr
[2013/03/10 22:32:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Hice
[2013/03/15 04:18:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Hize
[2013/01/04 19:16:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenCandy
[2013/03/14 01:21:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ovneiq
[2012/11/23 19:25:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Padyot
[2013/03/08 12:14:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Piyrm
[2011/12/07 15:53:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\sr45iu56u
[2013/03/15 04:16:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Udyxp
[2011/08/28 20:54:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XMedia Recode
 
========== Purity Check ==========
 
 

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 3/15/2013 4:56:22 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.96 Gb Total Physical Memory | 1.76 Gb Available Physical Memory | 59.27% Memory free
5.92 Gb Paging File | 4.34 Gb Available in Paging File | 73.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 106.39 Gb Total Space | 7.56 Gb Free Space | 7.10% Space Free | Partition Type: NTFS
Drive D: | 106.39 Gb Total Space | 0.01 Gb Free Space | 0.01% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{062BD1D7-A34E-49D5-A209-97E879C78EE0}" = lport=137 | protocol=17 | dir=in | app=system | 
"{1C9CA586-2F2A-4878-801A-C0B6B96B0B7A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{24009017-B520-45A3-A0B3-4176845401B8}" = rport=137 | protocol=17 | dir=out | app=system | 
"{29448E7D-0576-4C29-A991-D2DF72803B8D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{2E474B84-E0FF-48E4-BE4F-4DA58F6C82EC}" = lport=139 | protocol=6 | dir=in | app=system | 
"{3458F3B1-04F3-4239-994E-F1377C22FA98}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{38AF08A1-C7A9-4905-AD33-0D19CB15D890}" = rport=139 | protocol=6 | dir=out | app=system | 
"{43313ED1-C4D0-4619-AE58-2E880CBB3AE9}" = rport=138 | protocol=17 | dir=out | app=system | 
"{53F058F4-E39E-478F-8160-12116C745705}" = lport=138 | protocol=17 | dir=in | app=system | 
"{54B73F9A-CEE2-49A7-93B9-4D8A454F70BA}" = rport=445 | protocol=6 | dir=out | app=system | 
"{5EA531F2-A18C-4815-8636-604B78C9494F}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{60F09DC4-904D-47D2-9DAA-79B79F6CDDF4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{74301544-322C-454B-9B9C-B723910C7253}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{756A1D8A-FA96-4C2A-B816-69B791094D7B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{89CE4DA6-1B1C-42DA-89D5-DAA05865F7D1}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{A142E722-6C8A-452A-8E2B-C7387D74115C}" = lport=445 | protocol=6 | dir=in | app=system | 
"{AF4E317A-A76D-4AC7-92B0-3B80A8ADBFEF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B5B87E0A-4D17-4F9F-8779-9D72FACF2A17}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{C6DC5009-8EF4-495B-BA00-0FC24446BA36}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C9DD39F9-F4A4-410D-9AA0-25CFAC5B75DD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{CA5BAE1B-31E5-40CE-9DF0-24821D8ACE27}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CFDAEFDF-2D17-443B-8BA5-B991B8B0D378}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D890A92C-B506-44EE-8C1B-E4B222DEED4F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{DC74ED34-EF68-4D74-ADDD-ACBF0E2700B7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DDFE3123-12AC-4103-BB2F-7D6CADCDB60D}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{E4AAB2AE-504A-46AF-88B6-5B19C56FCC39}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0ABF6C35-EFB4-4162-912C-E19022359E01}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{0B8DDBF3-01FF-4F5A-AEAE-097547AB1894}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{13AC0EED-5920-4416-93A9-337406C40BB2}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | 
"{169B616B-68F5-4257-ABCC-FD56B3A568F1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{17A9C841-E1D5-4F83-A3B7-108605B0E9A6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{19CAA047-240F-4A15-A508-6B86B4D5DF91}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{1CC9862E-E424-490A-8BD6-3844DCA2D070}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | 
"{1EC79062-EB64-4A10-A018-D1AA7DB07182}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | 
"{209EB816-EFF2-4B44-BBC0-93B438FD6AA1}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{28279730-AC44-4B15-9207-B65BF1FE68F9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{29A71561-CFEF-492E-B5DC-775BE258C665}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{378D8E66-F2E2-4120-8E8B-7DC087B5FD9E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{3D1F9E75-BD2C-4A2C-979D-82C6012A0BD0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | 
"{3ED05266-6040-4931-81ED-5378067A4066}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3EF3987C-8696-44F8-887F-DF3165403524}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{590FDB03-AB8B-4CE2-AD78-48102C266318}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{5D3629D9-D2CF-4961-8A31-04FDFC348BB9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | 
"{5E65F5D3-436B-4996-9356-E8575EE651A8}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{60125A1F-6293-443A-BCA9-48CD6332C657}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{644B55BE-593E-4073-9A2B-108C34B57481}" = protocol=6 | dir=out | app=system | 
"{6A7DB789-52DD-4A65-8679-A1B5D18ADE52}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
"{6F265F6E-89CA-4F3C-8651-A5EA8239D581}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{75D121F4-A927-47C7-958D-28921826489F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{76F9D73E-210E-41E1-836A-B07132079C36}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{7A469460-932B-47F1-86D7-8930A69F9241}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{86EE379D-4AF9-42F4-8F32-48BE8B7B32AD}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{872913BE-8320-4FCC-8372-F0D4B7DD3FFE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | 
"{8B659CAA-1E4C-437C-B069-B5676C257FF2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | 
"{8B8DAD46-2BAC-49A2-AA0B-07C612D4D2A8}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
"{8DA04435-1E38-40C7-99B7-4F1275B41EA9}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{8E241EDD-944E-42D6-9E99-5A7FCBB464F7}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{8E2E7012-CC43-4F12-9805-75FB66238241}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{940CBFB6-5AA0-49DD-99D9-14A95E2F86F2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | 
"{99132787-A2A9-4A78-AFB6-54BFAFE89160}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9E596696-D454-4EF3-97B8-C797CECF9E16}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{AEB6F621-C45E-49E6-8B81-27E42BC1E773}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{B1FB893E-58E8-4795-B762-A89A23292690}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | 
"{B40B691C-2E50-40FA-A1B5-36F33FEBC602}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{B71DA961-3261-4B18-8611-3AF00CC6BABC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | 
"{BC7EE89E-6578-4330-807A-663A0BA6A021}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{BFEDA17A-121C-44A2-858C-06F126F5E568}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{C3F856A4-EAB7-4CB2-B854-396D21D9C478}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe | 
"{CEFC2E64-1274-41AC-82B7-12EE2163CC91}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe | 
"{D1834BFD-4DA0-4461-BAD5-C948E69BE925}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | 
"{D37C3C76-BEF6-4828-AA36-11F2641C3129}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | 
"{D8340636-116F-41FF-A0EB-1C45BF662206}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{D89C6770-C261-4EAE-ABDC-8F8E42FFB3D7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E70EC1D2-96D8-48CF-9AFD-233BC75AB3DE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F0FD3D11-CA76-4F6A-A4BB-9AFC71D8A60C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{F375B915-1C09-47EF-BBE4-F23EE76FBC5F}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"TCP Query User{05AF01FA-D3D9-48B6-96E4-BFBA403E6FB3}C:\users\***\desktop\netviewer_support_free.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\netviewer_support_free.exe | 
"TCP Query User{0D6C873A-E454-4F4F-833E-F4942EBB09EC}C:\users\***\appdata\roaming\fyvuod\taib.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\fyvuod\taib.exe | 
"TCP Query User{1A722806-7A5C-4B32-B630-523C5D015BB2}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"TCP Query User{22D43D85-E490-4F73-BED4-EE40DF4C6273}C:\users\***\appdata\roaming\hize\qihy.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\hize\qihy.exe | 
"TCP Query User{525591D2-9AE1-4E8D-B955-B2DA2D170A68}C:\program files (x86)\netviewer\support\netviewer_support_free.exe" = protocol=6 | dir=in | app=c:\program files (x86)\netviewer\support\netviewer_support_free.exe | 
"TCP Query User{65F40BBD-E561-4B02-84C5-7936EF1EF39F}C:\users\***\appdata\roaming\ecmay\vyma.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\ecmay\vyma.exe | 
"UDP Query User{2454DDD4-4150-4B7E-B652-35312878EBB8}C:\users\***\desktop\netviewer_support_free.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\netviewer_support_free.exe | 
"UDP Query User{4B736767-C307-4E35-A20C-FDD5D1D98451}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{75432F5B-E653-4CE9-9BF7-502BA718992D}C:\program files (x86)\netviewer\support\netviewer_support_free.exe" = protocol=17 | dir=in | app=c:\program files (x86)\netviewer\support\netviewer_support_free.exe | 
"UDP Query User{8FB65F30-82C1-4DD4-A48D-844C629A3703}C:\users\***\appdata\roaming\ecmay\vyma.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\ecmay\vyma.exe | 
"UDP Query User{9B561C77-F192-4BAB-A168-D1696086D1D4}C:\users\***\appdata\roaming\hize\qihy.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\hize\qihy.exe | 
"UDP Query User{F6F584F9-42FF-49B0-8A04-8EDDF49B22D8}C:\users\***\appdata\roaming\fyvuod\taib.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\fyvuod\taib.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1E1746EF-F5BF-4677-8F30-04FE399130DA}" = HP Photosmart C4600 All-In-One Driver Software 14.0 Rel. 5
"{28D06854-572C-4A65-83E5-F8CAF26B9FDC}" = Microsoft SQL Server VSS Writer
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{77B8B4A5-EE79-4907-A318-2DA86325B8D7}" = iTunes
"{8325FD0C-2FDB-46C3-921A-3A78385EA972}" = Microsoft SQL Server 2008 Native Client
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ED333F8-3E6C-4A38-BAFA-728454121CDA}" = PDF-XChange Viewer
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{E5C95CA5-4565-4B9D-97ED-05088D775614}" = Apple Mobile Device Support
"{F0A36649-873E-4832-A5F1-BF5DF8600BDB}" = Windows Live Family Safety
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Elantech" = ETDWare PS/2-x64 7.0.7.0_WHQL
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Shop for HP Supplies" = Shop for HP Supplies
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{1CA3A991-B03D-4C92-9922-315E5434E87B}" = PS_AIO_05_C4600_Software_Min
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{34B76DCB-BF7C-440F-B058-C84172C1E338}" = Easy Network Manager
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5BD39911-A12F-4562-98BA-A6E03E3370B1}" = Microsoft SQL Server 2008 Database Engine Services
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74A579FB-EB06-497D-B194-01590D6FE51A}" = BatteryLifeExtender
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110109903}" = Flip Words
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110160733}" = Slingo
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110245793}" = Insaniquarium Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110521483}" = Gem Shop
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111768557}" = Bonbon Quest
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113128447}" = Daycare Nightmare
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{877B3198-1C6B-4A9A-8D28-BE4F6040987F}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup 
"{87BDC315-543E-4E52-914E-B3E25F84C066}" = NWB Datenbank
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8F69E6E3-7A08-40A4-AD9C-175ACC4DAE09}" = BeckRecherche 2010
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E0E1E3B-229C-4CF9-8A39-4455477327E4}" = C4600
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.5 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AE75AF6A-22AC-4497-AE20-9FA4F4B10046}" = Netviewer Support
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C38F79EE-1533-4D0F-99E3-CBEE88E2ACDF}" = Lohnsteuer 2011
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D1F6FBBB-B204-459A-9BF8-D06FFAB96CCC}_is1" = Game Pack
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2A97415-BD97-4867-B906-05E39E9EE51F}" = HL-2270DW
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Samsung Support Center
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Avira AntiVir Desktop" = Avira Free Antivirus
"DAEMON Tools Lite" = DAEMON Tools Lite
"ElsterFormular 13.1.1.8531k" = ElsterFormular
"ElsterFormular für Privatanwender 12.0.0.5880p" = ElsterFormular für Privatanwender
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"IsoBuster_is1" = IsoBuster 3.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Office14.SingleImage" = Microsoft Office Professional 2010
"Ruhe_is1" = Ruhe V 0.09
"SecureW2 EAP Suite" = SecureW2 EAP Suite 1.1.1 for Windows
"skedTerminSyncOutlook2_is1" = sked TerminSync für MS Outlook 2.0.6
"sv.net" = sv.net
"VLC media player" = VLC media player 1.1.11
"WhiteSmoke_US_New_E1 Toolbar" = WhiteSmoke US New E1 Toolbar
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"XMedia Recode" = XMedia Recode 3.0.1.9
"Yahoo! Companion" = Yahoo! Toolbar
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 6/4/2012 11:25:00 PM | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 57713490
 
Error - 6/5/2012 12:16:44 AM | Computer Name = *** | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 6/5/2012 4:20:58 AM | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 6/5/2012 1:27:43 PM | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 6/5/2012 1:27:43 PM | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15943
 
Error - 6/5/2012 1:27:43 PM | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15943
 
Error - 6/5/2012 3:57:11 PM | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 6/6/2012 12:39:24 AM | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 6/6/2012 12:39:25 AM | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7259522
 
Error - 6/6/2012 12:39:25 AM | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7259522
 
[ Spybot - Search and Destroy Events ]
Error - 3/8/2013 4:01:41 PM | Computer Name = *** | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
[ System Events ]
Error - 3/10/2013 3:11:48 PM | Computer Name = *** | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 BrYNSvc erreicht.
 
Error - 3/10/2013 3:11:48 PM | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "BrYNSvc" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%1053
 
Error - 3/10/2013 3:12:14 PM | Computer Name = *** | Source = DCOM | ID = 10010
Description = 
 
Error - 3/10/2013 3:17:11 PM | Computer Name = *** | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Update" wurde nicht richtig gestartet.
 
Error - 3/14/2013 11:21:38 PM | Computer Name = *** | Source = DCOM | ID = 10005
Description = 
 
Error - 3/14/2013 11:21:38 PM | Computer Name = *** | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Search erreicht.
 
Error - 3/14/2013 11:21:38 PM | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
Error - 3/14/2013 11:22:16 PM | Computer Name = *** | Source = DCOM | ID = 10005
Description = 
 
Error - 3/14/2013 11:22:16 PM | Computer Name = *** | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Search erreicht.
 
Error - 3/14/2013 11:22:16 PM | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
 
< End of report >
         
Vielen Dank schon jetzt für Eure Bemühungen.

Alt 15.03.2013, 10:42   #2
t'john
/// Helfer-Team
 
vermehrte Virusmeldungen, wahrscheinlich auch wg der Rechnung.zip von Groupon? - Standard

vermehrte Virusmeldungen, wahrscheinlich auch wg der Rechnung.zip von Groupon?





Bitte das Malwarebytes-Logfile posten, das du schon gemacht hast!
(Reiter Logdateien)

Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen.
Diese Nacheinander abarbeiten und die 3 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen.

Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte.

1. Schritt

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
  • Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.

Ersetze die *** Sternchen wieder in den Benutzernamen zurück!
Code:
ATTFilter
:OTL

O4 - HKCU..\Run: [colodVol] rundll32 ",CreateProcessNotify File not found 
O4 - HKCU..\Run: [klwcbbuc] C:\Users\BJRN~1.WER\AppData\Local\Temp\Dpkdxni\kszgvwpbbuc.exe File not found 
O4 - HKCU..\Run: [mietn] rundll32.exe File not found 
O4 - HKCU..\Run: [nmaiooei] C:\Users\***\AppData\Local\Temp\Jqrzvupmfd\fnhleooei.exe () 
[2013/03/08 20:18:03 | 055,454,464 | ---- | C] (Safer-Networking Ltd. ) -- C:\Users\***\Desktop\SpybotSD2.exe 
[2013/03/11 06:14:18 | 000,000,302 | ---- | M] () -- C:\Users\***\AppData\Roaming\KB00834037.exe.BAT 
[2013/03/10 02:33:07 | 000,089,088 | ---- | M] () -- C:\Users\***\AppData\Roaming\KB00834037.exe.DAT 
[2013/03/08 12:41:14 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\793F0FAB 
[2012/06/29 06:26:16 | 004,503,728 | ---- | C] () -- C:\ProgramData\l_0_00_re.pad 

:Files 
C:\ProgramData\*.exe
C:\ProgramData\*.dll
C:\ProgramData\*.tmp
C:\ProgramData\TEMP
C:\Users\***\*.tmp
C:\Users\***\AppData\*.dll
C:\Users\***\AppData\*.exe
C:\Users\***\AppData\Local\Temp\*.exe
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache
ipconfig /flushdns /c
:Commands
[emptytemp]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!



2. Schritt
Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


danach:

3. Schritt
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).
__________________

__________________

Alt 15.03.2013, 12:14   #3
dvdhero
 
vermehrte Virusmeldungen, wahrscheinlich auch wg der Rechnung.zip von Groupon? - Standard

vermehrte Virusmeldungen, wahrscheinlich auch wg der Rechnung.zip von Groupon?



Moin t'john,

ich finde Deine/Eure Arbeit wahnsinnig beeindruckend.
Danke, dass Ihr alle so bei der Sache seid.

Hier nun das Malwarebytes-Logfile:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.03.14.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
*** :: ***-PC [Administrator]

15.03.2013 02:30:33
mbam-log-2013-03-15 (02-30-33).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 386177
Laufzeit: 1 Stunde(n), 43 Minute(n), 29 Sekunde(n)

Infizierte Speicherprozesse: 1
C:\Users\***\AppData\Roaming\Hize\qihy.exe (Trojan.Agent.MU) -> 312 -> Löschen bei Neustart.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Xiocd (Trojan.Agent.MU) -> Daten: C:\Users\***\AppData\Roaming\Hize\qihy.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 5
C:\Users\***\AppData\Roaming\Hize\qihy.exe (Trojan.Agent.MU) -> Löschen bei Neustart.
C:\Users\***\AppData\Roaming\Dawi\enlyy.exe (Trojan.Agent.MU) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\Udyxp\alnia.exe (Trojan.Ransom.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ch8l0.exe.lnk (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Dann OTL:

Code:
ATTFilter
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\colodVol deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\klwcbbuc deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\mietn deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\nmaiooei deleted successfully.
File move failed. C:\Users\***\AppData\Local\Temp\Jqrzvupmfd\fnhleooei.exe scheduled to be moved on reboot.
C:\Users\***\Desktop\SpybotSD2.exe moved successfully.
C:\Users\***\AppData\Roaming\KB00834037.exe.BAT moved successfully.
File C:\Users\***\AppData\Roaming\KB00834037.exe.DAT not found.
C:\Users\***\AppData\Roaming\793F0FAB folder moved successfully.
C:\ProgramData\l_0_00_re.pad moved successfully.
========== FILES ==========
C:\ProgramData\FullRemove.exe moved successfully.
File\Folder C:\ProgramData\*.dll not found.
File\Folder C:\ProgramData\*.tmp not found.
C:\ProgramData\Temp\{CB099890-1D5F-11D5-9EA9-0050BAE317E1} folder moved successfully.
C:\ProgramData\Temp\{C59C179C-668D-49A9-B6EA-0121CCFC1243} folder moved successfully.
C:\ProgramData\Temp\{B7A0CE06-068E-11D6-97FD-0050BACBF861} folder moved successfully.
C:\ProgramData\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41} folder moved successfully.
C:\ProgramData\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658} folder moved successfully.
C:\ProgramData\Temp\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47} folder moved successfully.
C:\ProgramData\Temp\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79} folder moved successfully.
C:\ProgramData\Temp\{01FB4998-33C4-4431-85ED-079E3EEFE75D} folder moved successfully.
C:\ProgramData\Temp folder moved successfully.
File\Folder C:\Users\***\*.tmp not found.
File\Folder C:\Users\***\AppData\*.dll not found.
File\Folder C:\Users\***\AppData\*.exe not found.
C:\Users\***\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe moved successfully.
C:\Users\***\AppData\Local\Temp\_is6DCE.exe moved successfully.
C:\Users\***\AppData\Local\Temp\_isBC7F.exe moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
< ipconfig /flushdns /c >
No captured output from command...
C:\Users\***\Desktop\cmd.bat deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temporary Internet Files folder emptied: 0 bytes
 
User: All Users
 
User: ***
->Temp folder emptied: 30442112 bytes
->Temporary Internet Files folder emptied: 428621475 bytes
->Flash cache emptied: 707 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 436309207 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 364406564 bytes
 
Total Files Cleaned = 1,201.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 03152013_121155

Files\Folders moved on Reboot...
C:\Users\***\AppData\Local\Temp\Jqrzvupmfd\fnhleooei.exe moved successfully.
C:\Users\***\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
Malwarebytes Anti-Rootkit:

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.15.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
*** :: ***-PC [administrator]

15.03.2013 12:41:07
mbar-log-2013-03-15 (12-41-07).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 30867
Time elapsed: 17 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         
Und AdwCleaner:

Code:
ATTFilter
# AdwCleaner v2.114 - Datei am 15/03/2013 um 12:53:21 erstellt
# Aktualisiert am 05/03/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : *** - ***-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\END
Ordner Gelöscht : C:\Program Files (x86)\Ask.com
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\WhiteSmoke_US_New_E1
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Users\***\AppData\Local\APN
Ordner Gelöscht : C:\Users\***\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\***\AppData\Local\TempDir
Ordner Gelöscht : C:\Users\***\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\***\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\***\AppData\LocalLow\WhiteSmoke_US_New_E1
Ordner Gelöscht : C:\Users\***\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\WhiteSmoke_US_New_E1
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{72A0F495-BA60-4524-827B-B36B8C18587A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{72A0F495-BA60-4524-827B-B36B8C18587A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT3272810
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BB0773C4-1DF3-4521-AFD5-28BF53C9DD74}
Schlüssel Gelöscht : HKLM\Software\WhiteSmoke_US_New_E1
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{72A0F495-BA60-4524-827B-B36B8C18587A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BB0773C4-1DF3-4521-AFD5-28BF53C9DD74}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2C5E6F4F-6633-4BA1-84DC-80C3E39E1822}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3ACC7C77-3B34-4EE8-9956-4EA1D593F08C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72A0F495-BA60-4524-827B-B36B8C18587A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_US_New_E1 Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{72A0F495-BA60-4524-827B-B36B8C18587A}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{72A0F495-BA60-4524-827B-B36B8C18587A}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Wert Gelöscht : HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist [1]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{72A0F495-BA60-4524-827B-B36B8C18587A}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16470

[OK] Die Registrierungsdatenbank ist sauber.

*************************

AdwCleaner[S1].txt - [7255 octets] - [15/03/2013 12:53:21]

########## EOF - C:\AdwCleaner[S1].txt - [7315 octets] ##########
         
Auch weiterhin vielen Dank.
__________________

Alt 15.03.2013, 12:51   #4
t'john
/// Helfer-Team
 
vermehrte Virusmeldungen, wahrscheinlich auch wg der Rechnung.zip von Groupon? - Standard

vermehrte Virusmeldungen, wahrscheinlich auch wg der Rechnung.zip von Groupon?



Sehr gut!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



danach:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset




danach:

Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.
__________________
Mfg, t'john
Das TB unterstützen

Alt 15.03.2013, 13:31   #5
dvdhero
 
vermehrte Virusmeldungen, wahrscheinlich auch wg der Rechnung.zip von Groupon? - Standard

vermehrte Virusmeldungen, wahrscheinlich auch wg der Rechnung.zip von Groupon?



Hey,

leider bekomme ich beim Scan folgende Fehlermeldung:
"avast! Antirootkit funktioniert nicht mehr

Das Programm wird aufgrund eines Problems nicht richtig ausgeführt. Das Programm wird geschlossen und Sie werden benachrichtigt, wenn eine Lösung verfügbar ist."

Ich habe die nächsten Schritte dann erstmal noch nicht gemacht.


Alt 15.03.2013, 19:58   #6
t'john
/// Helfer-Team
 
vermehrte Virusmeldungen, wahrscheinlich auch wg der Rechnung.zip von Groupon? - Standard

vermehrte Virusmeldungen, wahrscheinlich auch wg der Rechnung.zip von Groupon?



Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.



dann ab ESET weitermachen.
__________________
--> vermehrte Virusmeldungen, wahrscheinlich auch wg der Rechnung.zip von Groupon?

Alt 15.03.2013, 20:16   #7
dvdhero
 
vermehrte Virusmeldungen, wahrscheinlich auch wg der Rechnung.zip von Groupon? - Standard

vermehrte Virusmeldungen, wahrscheinlich auch wg der Rechnung.zip von Groupon?



Hey,

auch weiterhin vielen Dank!

Hier die Auswertung von TDSSKiller:

Code:
ATTFilter
21:10:36.0935 3220  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
21:10:37.0076 3220  ============================================================
21:10:37.0076 3220  Current date / time: 2013/03/15 21:10:37.0076
21:10:37.0076 3220  SystemInfo:
21:10:37.0076 3220  
21:10:37.0076 3220  OS Version: 6.1.7601 ServicePack: 1.0
21:10:37.0076 3220  Product type: Workstation
21:10:37.0076 3220  ComputerName: ***-PC
21:10:37.0076 3220  UserName: ***
21:10:37.0076 3220  Windows directory: C:\Windows
21:10:37.0076 3220  System windows directory: C:\Windows
21:10:37.0076 3220  Running under WOW64
21:10:37.0076 3220  Processor architecture: Intel x64
21:10:37.0076 3220  Number of processors: 2
21:10:37.0076 3220  Page size: 0x1000
21:10:37.0076 3220  Boot type: Normal boot
21:10:37.0076 3220  ============================================================
21:10:37.0762 3220  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:10:37.0778 3220  ============================================================
21:10:37.0778 3220  \Device\Harddisk0\DR0:
21:10:37.0778 3220  MBR partitions:
21:10:37.0778 3220  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2800800, BlocksNum 0x32000
21:10:37.0778 3220  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2832800, BlocksNum 0xD4C8800
21:10:37.0778 3220  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xFCFB000, BlocksNum 0xD4CA000
21:10:37.0778 3220  ============================================================
21:10:37.0793 3220  C: <-> \Device\Harddisk0\DR0\Partition2
21:10:37.0934 3220  D: <-> \Device\Harddisk0\DR0\Partition3
21:10:37.0934 3220  ============================================================
21:10:37.0934 3220  Initialize success
21:10:37.0934 3220  ============================================================
21:11:30.0371 2832  ============================================================
21:11:30.0371 2832  Scan started
21:11:30.0371 2832  Mode: Manual; SigCheck; TDLFS; 
21:11:30.0371 2832  ============================================================
21:11:31.0401 2832  ================ Scan system memory ========================
21:11:31.0401 2832  System memory - ok
21:11:31.0416 2832  ================ Scan services =============================
21:11:32.0181 2832  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
21:11:32.0352 2832  1394ohci - ok
21:11:32.0446 2832  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
21:11:32.0477 2832  ACPI - ok
21:11:32.0539 2832  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
21:11:32.0602 2832  AcpiPmi - ok
21:11:32.0851 2832  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:11:32.0867 2832  AdobeFlashPlayerUpdateSvc - ok
21:11:32.0929 2832  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
21:11:32.0976 2832  adp94xx - ok
21:11:33.0054 2832  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
21:11:33.0085 2832  adpahci - ok
21:11:33.0132 2832  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
21:11:33.0163 2832  adpu320 - ok
21:11:33.0241 2832  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
21:11:33.0319 2832  AeLookupSvc - ok
21:11:33.0382 2832  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
21:11:33.0429 2832  AFD - ok
21:11:33.0507 2832  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
21:11:33.0538 2832  agp440 - ok
21:11:33.0585 2832  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
21:11:33.0647 2832  ALG - ok
21:11:33.0725 2832  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
21:11:33.0741 2832  aliide - ok
21:11:33.0772 2832  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
21:11:33.0787 2832  amdide - ok
21:11:33.0819 2832  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
21:11:33.0865 2832  AmdK8 - ok
21:11:33.0928 2832  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
21:11:33.0975 2832  AmdPPM - ok
21:11:34.0053 2832  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
21:11:34.0068 2832  amdsata - ok
21:11:34.0115 2832  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
21:11:34.0131 2832  amdsbs - ok
21:11:34.0146 2832  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
21:11:34.0162 2832  amdxata - ok
21:11:34.0349 2832  [ 459465DA28E49B358ECFE0D788F328F4 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
21:11:34.0365 2832  AntiVirSchedulerService - ok
21:11:34.0411 2832  [ BCDD17E8469D647A71B347C4B6F86685 ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
21:11:34.0443 2832  AntiVirService - ok
21:11:34.0489 2832  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
21:11:34.0552 2832  AppID - ok
21:11:34.0614 2832  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
21:11:34.0692 2832  AppIDSvc - ok
21:11:34.0739 2832  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
21:11:34.0786 2832  Appinfo - ok
21:11:34.0895 2832  [ 5AA788D5A2C6737BB9C45933985BC1B8 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:11:34.0911 2832  Apple Mobile Device - ok
21:11:34.0942 2832  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
21:11:34.0957 2832  arc - ok
21:11:35.0020 2832  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
21:11:35.0051 2832  arcsas - ok
21:11:35.0082 2832  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
21:11:35.0129 2832  AsyncMac - ok
21:11:35.0176 2832  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
21:11:35.0176 2832  atapi - ok
21:11:35.0254 2832  [ CCA705CDF038D5BC243203CE4416B345 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
21:11:35.0379 2832  athr - ok
21:11:35.0457 2832  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:11:35.0519 2832  AudioEndpointBuilder - ok
21:11:35.0519 2832  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
21:11:35.0566 2832  AudioSrv - ok
21:11:35.0613 2832  [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
21:11:35.0628 2832  avgntflt - ok
21:11:35.0659 2832  [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
21:11:35.0675 2832  avipbb - ok
21:11:35.0691 2832  [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
21:11:35.0691 2832  avkmgr - ok
21:11:35.0753 2832  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
21:11:35.0862 2832  AxInstSV - ok
21:11:35.0925 2832  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
21:11:35.0987 2832  b06bdrv - ok
21:11:36.0065 2832  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
21:11:36.0112 2832  b57nd60a - ok
21:11:36.0174 2832  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
21:11:36.0237 2832  BDESVC - ok
21:11:36.0252 2832  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
21:11:36.0315 2832  Beep - ok
21:11:36.0424 2832  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
21:11:36.0486 2832  BFE - ok
21:11:36.0533 2832  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
21:11:36.0611 2832  BITS - ok
21:11:36.0642 2832  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
21:11:36.0689 2832  blbdrive - ok
21:11:36.0736 2832  [ F832F1505AD8B83474BD9A5B1B985E01 ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
21:11:36.0767 2832  Bonjour Service - ok
21:11:36.0798 2832  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
21:11:36.0845 2832  bowser - ok
21:11:36.0861 2832  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:11:36.0954 2832  BrFiltLo - ok
21:11:37.0017 2832  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:11:37.0048 2832  BrFiltUp - ok
21:11:37.0095 2832  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
21:11:37.0157 2832  Browser - ok
21:11:37.0188 2832  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
21:11:37.0235 2832  Brserid - ok
21:11:37.0266 2832  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
21:11:37.0297 2832  BrSerWdm - ok
21:11:37.0344 2832  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
21:11:37.0360 2832  BrUsbMdm - ok
21:11:37.0360 2832  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
21:11:37.0407 2832  BrUsbSer - ok
21:11:37.0500 2832  [ EA7E57F87D6FEE5FD6C5F813C04E8CD2 ] BrYNSvc         C:\Program Files (x86)\Browny02\BrYNSvc.exe
21:11:37.0516 2832  BrYNSvc ( UnsignedFile.Multi.Generic ) - warning
21:11:37.0516 2832  BrYNSvc - detected UnsignedFile.Multi.Generic (1)
21:11:37.0547 2832  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
21:11:37.0578 2832  BTHMODEM - ok
21:11:37.0625 2832  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
21:11:37.0703 2832  bthserv - ok
21:11:37.0750 2832  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
21:11:37.0828 2832  cdfs - ok
21:11:37.0906 2832  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
21:11:37.0953 2832  cdrom - ok
21:11:37.0999 2832  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
21:11:38.0046 2832  CertPropSvc - ok
21:11:38.0109 2832  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
21:11:38.0155 2832  circlass - ok
21:11:38.0218 2832  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
21:11:38.0233 2832  CLFS - ok
21:11:38.0327 2832  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:11:38.0358 2832  clr_optimization_v2.0.50727_32 - ok
21:11:38.0483 2832  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:11:38.0514 2832  clr_optimization_v2.0.50727_64 - ok
21:11:38.0608 2832  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:11:38.0655 2832  clr_optimization_v4.0.30319_32 - ok
21:11:38.0686 2832  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:11:38.0701 2832  clr_optimization_v4.0.30319_64 - ok
21:11:38.0733 2832  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
21:11:38.0764 2832  CmBatt - ok
21:11:38.0811 2832  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
21:11:38.0811 2832  cmdide - ok
21:11:38.0873 2832  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
21:11:38.0967 2832  CNG - ok
21:11:39.0029 2832  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
21:11:39.0060 2832  Compbatt - ok
21:11:39.0091 2832  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
21:11:39.0138 2832  CompositeBus - ok
21:11:39.0169 2832  COMSysApp - ok
21:11:39.0201 2832  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
21:11:39.0201 2832  crcdisk - ok
21:11:39.0263 2832  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
21:11:39.0325 2832  CryptSvc - ok
21:11:39.0388 2832  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
21:11:39.0450 2832  DcomLaunch - ok
21:11:39.0497 2832  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
21:11:39.0591 2832  defragsvc - ok
21:11:39.0669 2832  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
21:11:39.0731 2832  DfsC - ok
21:11:39.0778 2832  [ 105373D52E71D2D1355AD3ACD18259C3 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
21:11:39.0793 2832  dg_ssudbus - ok
21:11:39.0840 2832  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
21:11:39.0918 2832  Dhcp - ok
21:11:39.0981 2832  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
21:11:40.0059 2832  discache - ok
21:11:40.0105 2832  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
21:11:40.0121 2832  Disk - ok
21:11:40.0168 2832  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
21:11:40.0230 2832  Dnscache - ok
21:11:40.0277 2832  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
21:11:40.0339 2832  dot3svc - ok
21:11:40.0386 2832  [ B42ED0320C6E41102FDE0005154849BB ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
21:11:40.0433 2832  Dot4 - ok
21:11:40.0480 2832  [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print       C:\Windows\system32\drivers\Dot4Prt.sys
21:11:40.0527 2832  Dot4Print - ok
21:11:40.0558 2832  [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
21:11:40.0605 2832  dot4usb - ok
21:11:40.0651 2832  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
21:11:40.0729 2832  DPS - ok
21:11:40.0776 2832  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
21:11:40.0823 2832  drmkaud - ok
21:11:40.0885 2832  [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
21:11:40.0901 2832  dtsoftbus01 - ok
21:11:40.0995 2832  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
21:11:41.0057 2832  DXGKrnl - ok
21:11:41.0104 2832  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
21:11:41.0151 2832  EapHost - ok
21:11:41.0400 2832  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
21:11:41.0509 2832  ebdrv - ok
21:11:41.0556 2832  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
21:11:41.0634 2832  EFS - ok
21:11:41.0743 2832  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
21:11:41.0853 2832  ehRecvr - ok
21:11:41.0899 2832  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
21:11:41.0977 2832  ehSched - ok
21:11:42.0071 2832  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
21:11:42.0102 2832  elxstor - ok
21:11:42.0133 2832  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
21:11:42.0180 2832  ErrDev - ok
21:11:42.0243 2832  [ 438021C3F32F30E227D0F5DFD118B7B1 ] ETD             C:\Windows\system32\DRIVERS\ETD.sys
21:11:42.0274 2832  ETD - ok
21:11:42.0336 2832  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
21:11:42.0399 2832  EventSystem - ok
21:11:42.0414 2832  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
21:11:42.0477 2832  exfat - ok
21:11:42.0570 2832  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
21:11:42.0648 2832  fastfat - ok
21:11:42.0726 2832  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
21:11:42.0804 2832  Fax - ok
21:11:42.0835 2832  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
21:11:42.0867 2832  fdc - ok
21:11:42.0913 2832  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
21:11:42.0960 2832  fdPHost - ok
21:11:42.0991 2832  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
21:11:43.0069 2832  FDResPub - ok
21:11:43.0116 2832  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
21:11:43.0132 2832  FileInfo - ok
21:11:43.0147 2832  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
21:11:43.0225 2832  Filetrace - ok
21:11:43.0272 2832  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
21:11:43.0303 2832  flpydisk - ok
21:11:43.0350 2832  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
21:11:43.0397 2832  FltMgr - ok
21:11:43.0475 2832  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
21:11:43.0569 2832  FontCache - ok
21:11:43.0725 2832  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:11:43.0740 2832  FontCache3.0.0.0 - ok
21:11:43.0771 2832  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
21:11:43.0787 2832  FsDepends - ok
21:11:43.0834 2832  [ 53DAB1791917A72738539AD25C4EED7F ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
21:11:43.0849 2832  fssfltr - ok
21:11:43.0912 2832  [ 206AD9A89BF05DFA1621F1FC7B82592D ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
21:11:43.0959 2832  fsssvc - ok
21:11:44.0005 2832  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
21:11:44.0021 2832  Fs_Rec - ok
21:11:44.0099 2832  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
21:11:44.0130 2832  fvevol - ok
21:11:44.0193 2832  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
21:11:44.0224 2832  gagp30kx - ok
21:11:44.0255 2832  [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:11:44.0255 2832  GEARAspiWDM - ok
21:11:44.0395 2832  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
21:11:44.0489 2832  gpsvc - ok
21:11:44.0551 2832  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
21:11:44.0629 2832  hcw85cir - ok
21:11:44.0692 2832  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:11:44.0754 2832  HdAudAddService - ok
21:11:44.0785 2832  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
21:11:44.0817 2832  HDAudBus - ok
21:11:44.0863 2832  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
21:11:44.0895 2832  HidBatt - ok
21:11:44.0973 2832  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
21:11:45.0051 2832  HidBth - ok
21:11:45.0113 2832  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
21:11:45.0129 2832  HidIr - ok
21:11:45.0191 2832  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
21:11:45.0285 2832  hidserv - ok
21:11:45.0347 2832  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
21:11:45.0378 2832  HidUsb - ok
21:11:45.0425 2832  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
21:11:45.0472 2832  hkmsvc - ok
21:11:45.0550 2832  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:11:45.0628 2832  HomeGroupListener - ok
21:11:45.0690 2832  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:11:45.0753 2832  HomeGroupProvider - ok
21:11:46.0221 2832  [ 5DA42D24712E00728CEA2342A65009B2 ] hpqcxs08        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
21:11:46.0751 2832  hpqcxs08 - ok
21:11:46.0813 2832  [ D86A39BF100069444D026D22D9A6E555 ] hpqddsvc        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
21:11:46.0829 2832  hpqddsvc - ok
21:11:46.0891 2832  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
21:11:46.0907 2832  HpSAMD - ok
21:11:47.0157 2832  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
21:11:47.0250 2832  HTTP - ok
21:11:47.0328 2832  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
21:11:47.0344 2832  hwpolicy - ok
21:11:47.0391 2832  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
21:11:47.0422 2832  i8042prt - ok
21:11:47.0593 2832  [ BE7D72FCF442C26975942007E0831241 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
21:11:47.0609 2832  iaStor - ok
21:11:47.0687 2832  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
21:11:47.0718 2832  iaStorV - ok
21:11:47.0890 2832  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:11:47.0952 2832  idsvc - ok
21:11:49.0138 2832  [ 677AA5991026A65ADA128C4B59CF2BAD ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
21:11:49.0481 2832  igfx - ok
21:11:49.0528 2832  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
21:11:49.0559 2832  iirsp - ok
21:11:49.0809 2832  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
21:11:49.0887 2832  IKEEXT - ok
21:11:50.0292 2832  [ 801946CE25DD2179FE68599826B0BB88 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
21:11:50.0401 2832  IntcAzAudAddService - ok
21:11:50.0464 2832  [ 88A20FA54C73DED4E8DAC764E9130AE9 ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
21:11:50.0495 2832  IntcHdmiAddService - ok
21:11:50.0526 2832  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
21:11:50.0542 2832  intelide - ok
21:11:50.0589 2832  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
21:11:50.0635 2832  intelppm - ok
21:11:50.0682 2832  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
21:11:50.0760 2832  IPBusEnum - ok
21:11:50.0823 2832  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:11:50.0901 2832  IpFilterDriver - ok
21:11:51.0088 2832  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
21:11:51.0150 2832  iphlpsvc - ok
21:11:51.0197 2832  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
21:11:51.0259 2832  IPMIDRV - ok
21:11:51.0291 2832  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
21:11:51.0369 2832  IPNAT - ok
21:11:51.0665 2832  [ 3D62FE4FEFE9C67DAFEC52B534DFA1FB ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
21:11:51.0727 2832  iPod Service - ok
21:11:51.0759 2832  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
21:11:51.0805 2832  IRENUM - ok
21:11:51.0837 2832  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
21:11:51.0852 2832  isapnp - ok
21:11:51.0946 2832  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
21:11:51.0977 2832  iScsiPrt - ok
21:11:52.0008 2832  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
21:11:52.0024 2832  kbdclass - ok
21:11:52.0055 2832  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
21:11:52.0102 2832  kbdhid - ok
21:11:52.0117 2832  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
21:11:52.0133 2832  KeyIso - ok
21:11:52.0211 2832  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
21:11:52.0227 2832  KSecDD - ok
21:11:52.0336 2832  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
21:11:52.0367 2832  KSecPkg - ok
21:11:52.0429 2832  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
21:11:52.0507 2832  ksthunk - ok
21:11:52.0632 2832  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
21:11:52.0741 2832  KtmRm - ok
21:11:52.0819 2832  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
21:11:52.0897 2832  LanmanServer - ok
21:11:52.0960 2832  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:11:53.0007 2832  LanmanWorkstation - ok
21:11:53.0053 2832  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
21:11:53.0131 2832  lltdio - ok
21:11:53.0225 2832  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
21:11:53.0303 2832  lltdsvc - ok
21:11:53.0319 2832  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
21:11:53.0365 2832  lmhosts - ok
21:11:53.0412 2832  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
21:11:53.0443 2832  LSI_FC - ok
21:11:53.0475 2832  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
21:11:53.0490 2832  LSI_SAS - ok
21:11:53.0506 2832  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:11:53.0521 2832  LSI_SAS2 - ok
21:11:53.0537 2832  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:11:53.0553 2832  LSI_SCSI - ok
21:11:53.0599 2832  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
21:11:53.0677 2832  luafv - ok
21:11:53.0740 2832  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
21:11:53.0771 2832  Mcx2Svc - ok
21:11:53.0787 2832  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
21:11:53.0802 2832  megasas - ok
21:11:53.0833 2832  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
21:11:53.0849 2832  MegaSR - ok
21:11:53.0896 2832  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
21:11:53.0989 2832  MMCSS - ok
21:11:54.0005 2832  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
21:11:54.0099 2832  Modem - ok
21:11:54.0145 2832  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
21:11:54.0177 2832  monitor - ok
21:11:54.0239 2832  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
21:11:54.0255 2832  mouclass - ok
21:11:54.0286 2832  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
21:11:54.0317 2832  mouhid - ok
21:11:54.0348 2832  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
21:11:54.0364 2832  mountmgr - ok
21:11:54.0442 2832  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
21:11:54.0473 2832  mpio - ok
21:11:54.0504 2832  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
21:11:54.0551 2832  mpsdrv - ok
21:11:54.0598 2832  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
21:11:54.0707 2832  MpsSvc - ok
21:11:54.0785 2832  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
21:11:54.0847 2832  MRxDAV - ok
21:11:54.0925 2832  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
21:11:55.0003 2832  mrxsmb - ok
21:11:55.0097 2832  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:11:55.0175 2832  mrxsmb10 - ok
21:11:55.0206 2832  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:11:55.0237 2832  mrxsmb20 - ok
21:11:55.0315 2832  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
21:11:55.0331 2832  msahci - ok
21:11:55.0362 2832  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
21:11:55.0378 2832  msdsm - ok
21:11:55.0440 2832  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
21:11:55.0518 2832  MSDTC - ok
21:11:55.0565 2832  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
21:11:55.0627 2832  Msfs - ok
21:11:55.0674 2832  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
21:11:55.0721 2832  mshidkmdf - ok
21:11:55.0752 2832  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
21:11:55.0768 2832  msisadrv - ok
21:11:55.0799 2832  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
21:11:55.0861 2832  MSiSCSI - ok
21:11:55.0861 2832  msiserver - ok
21:11:55.0908 2832  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
21:11:55.0971 2832  MSKSSRV - ok
21:11:55.0986 2832  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
21:11:56.0049 2832  MSPCLOCK - ok
21:11:56.0064 2832  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
21:11:56.0127 2832  MSPQM - ok
21:11:56.0220 2832  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
21:11:56.0251 2832  MsRPC - ok
21:11:56.0345 2832  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
21:11:56.0361 2832  mssmbios - ok
21:11:56.0548 2832  MSSQL$RECHERCHE2009 - ok
21:11:56.0704 2832  [ F1761C8FB2B25A32C6D63E36BB88C3AE ] MSSQLServerADHelper100 c:\Program Files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
21:11:56.0735 2832  MSSQLServerADHelper100 - ok
21:11:56.0797 2832  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
21:11:56.0860 2832  MSTEE - ok
21:11:56.0875 2832  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
21:11:56.0907 2832  MTConfig - ok
21:11:56.0938 2832  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
21:11:56.0953 2832  Mup - ok
21:11:57.0156 2832  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
21:11:57.0219 2832  napagent - ok
21:11:57.0281 2832  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
21:11:57.0328 2832  NativeWifiP - ok
21:11:57.0655 2832  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
21:11:57.0702 2832  NDIS - ok
21:11:57.0733 2832  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
21:11:57.0811 2832  NdisCap - ok
21:11:57.0858 2832  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
21:11:57.0889 2832  NdisTapi - ok
21:11:57.0952 2832  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
21:11:58.0030 2832  Ndisuio - ok
21:11:58.0108 2832  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
21:11:58.0186 2832  NdisWan - ok
21:11:58.0279 2832  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
21:11:58.0373 2832  NDProxy - ok
21:11:58.0420 2832  [ D5AC41AE382738483FAFFBD7E373D49A ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
21:11:58.0435 2832  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:11:58.0435 2832  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:11:58.0498 2832  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
21:11:58.0560 2832  NetBIOS - ok
21:11:58.0669 2832  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
21:11:58.0716 2832  NetBT - ok
21:11:58.0747 2832  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
21:11:58.0763 2832  Netlogon - ok
21:11:58.0810 2832  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
21:11:58.0841 2832  Netman - ok
21:11:58.0857 2832  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
21:11:58.0919 2832  netprofm - ok
21:11:59.0013 2832  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:11:59.0044 2832  NetTcpPortSharing - ok
21:11:59.0091 2832  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
21:11:59.0106 2832  nfrd960 - ok
21:11:59.0153 2832  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
21:11:59.0184 2832  NlaSvc - ok
21:11:59.0215 2832  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
21:11:59.0247 2832  Npfs - ok
21:11:59.0293 2832  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
21:11:59.0340 2832  nsi - ok
21:11:59.0371 2832  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
21:11:59.0449 2832  nsiproxy - ok
21:11:59.0793 2832  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
21:11:59.0871 2832  Ntfs - ok
21:11:59.0964 2832  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
21:12:00.0027 2832  Null - ok
21:12:00.0089 2832  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
21:12:00.0105 2832  nvraid - ok
21:12:00.0151 2832  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
21:12:00.0183 2832  nvstor - ok
21:12:00.0214 2832  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
21:12:00.0229 2832  nv_agp - ok
21:12:00.0261 2832  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
21:12:00.0292 2832  ohci1394 - ok
21:12:00.0370 2832  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:12:00.0385 2832  ose - ok
21:12:01.0805 2832  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:12:02.0023 2832  osppsvc - ok
21:12:02.0117 2832  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
21:12:02.0195 2832  p2pimsvc - ok
21:12:02.0382 2832  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
21:12:02.0413 2832  p2psvc - ok
21:12:02.0476 2832  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
21:12:02.0523 2832  Parport - ok
21:12:02.0585 2832  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
21:12:02.0601 2832  partmgr - ok
21:12:02.0632 2832  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
21:12:02.0679 2832  PcaSvc - ok
21:12:02.0694 2832  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
21:12:02.0710 2832  pci - ok
21:12:02.0772 2832  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
21:12:02.0788 2832  pciide - ok
21:12:02.0866 2832  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
21:12:02.0897 2832  pcmcia - ok
21:12:02.0913 2832  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
21:12:02.0913 2832  pcw - ok
21:12:02.0944 2832  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
21:12:02.0991 2832  PEAUTH - ok
21:12:03.0942 2832  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
21:12:04.0005 2832  PerfHost - ok
21:12:04.0270 2832  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
21:12:04.0410 2832  pla - ok
21:12:04.0457 2832  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
21:12:04.0519 2832  PlugPlay - ok
21:12:04.0597 2832  [ 37F6046CDC630442D7DC087501FF6FC6 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
21:12:04.0629 2832  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:12:04.0629 2832  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:12:04.0660 2832  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
21:12:04.0722 2832  PNRPAutoReg - ok
21:12:04.0816 2832  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
21:12:04.0847 2832  PNRPsvc - ok
21:12:04.0909 2832  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
21:12:04.0987 2832  PolicyAgent - ok
21:12:05.0050 2832  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
21:12:05.0128 2832  Power - ok
21:12:05.0190 2832  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
21:12:05.0237 2832  PptpMiniport - ok
21:12:05.0299 2832  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
21:12:05.0346 2832  Processor - ok
21:12:05.0424 2832  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
21:12:05.0487 2832  ProfSvc - ok
21:12:05.0502 2832  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:12:05.0518 2832  ProtectedStorage - ok
21:12:05.0580 2832  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
21:12:05.0658 2832  Psched - ok
21:12:05.0955 2832  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
21:12:06.0001 2832  ql2300 - ok
21:12:06.0048 2832  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
21:12:06.0079 2832  ql40xx - ok
21:12:06.0111 2832  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
21:12:06.0173 2832  QWAVE - ok
21:12:06.0189 2832  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
21:12:06.0251 2832  QWAVEdrv - ok
21:12:06.0267 2832  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
21:12:06.0313 2832  RasAcd - ok
21:12:06.0360 2832  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
21:12:06.0423 2832  RasAgileVpn - ok
21:12:06.0469 2832  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
21:12:06.0547 2832  RasAuto - ok
21:12:06.0594 2832  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
21:12:06.0657 2832  Rasl2tp - ok
21:12:06.0719 2832  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
21:12:06.0766 2832  RasMan - ok
21:12:06.0797 2832  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
21:12:06.0859 2832  RasPppoe - ok
21:12:06.0875 2832  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
21:12:06.0922 2832  RasSstp - ok
21:12:06.0984 2832  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
21:12:07.0062 2832  rdbss - ok
21:12:07.0078 2832  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
21:12:07.0109 2832  rdpbus - ok
21:12:07.0140 2832  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
21:12:07.0187 2832  RDPCDD - ok
21:12:07.0249 2832  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
21:12:07.0296 2832  RDPENCDD - ok
21:12:07.0327 2832  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
21:12:07.0374 2832  RDPREFMP - ok
21:12:07.0421 2832  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
21:12:07.0483 2832  RDPWD - ok
21:12:07.0546 2832  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
21:12:07.0577 2832  rdyboost - ok
21:12:07.0624 2832  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
21:12:07.0686 2832  RemoteAccess - ok
21:12:07.0717 2832  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
21:12:07.0749 2832  RemoteRegistry - ok
21:12:07.0842 2832  [ 7CCAEBCAB6FC1ED0206C07E083E79207 ] RichVideo       C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
21:12:07.0858 2832  RichVideo - ok
21:12:07.0905 2832  [ CAF88D6573D21CD2AA27001DDBFDC74D ] RMCAST          C:\Windows\system32\DRIVERS\RMCAST.sys
21:12:07.0936 2832  RMCAST - ok
21:12:07.0983 2832  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
21:12:08.0076 2832  RpcEptMapper - ok
21:12:08.0123 2832  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
21:12:08.0185 2832  RpcLocator - ok
21:12:08.0263 2832  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
21:12:08.0326 2832  RpcSs - ok
21:12:08.0404 2832  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
21:12:08.0466 2832  rspndr - ok
21:12:08.0497 2832  [ BAEFEE35D27A5440D35092CE10267BEC ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
21:12:08.0529 2832  RTL8167 - ok
21:12:08.0622 2832  [ 4CA0DBA9E224473D664C25E411F5A3BD ] rtport          C:\Windows\SysWOW64\drivers\rtport.sys
21:12:08.0638 2832  rtport - ok
21:12:08.0669 2832  [ 62DB6CC4B0818F1B5F3441241B098F12 ] SABI            C:\Windows\system32\Drivers\SABI.sys
21:12:08.0685 2832  SABI - ok
21:12:08.0685 2832  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
21:12:08.0700 2832  SamSs - ok
21:12:08.0763 2832  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
21:12:08.0778 2832  sbp2port - ok
21:12:08.0825 2832  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
21:12:08.0872 2832  SCardSvr - ok
21:12:08.0919 2832  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
21:12:09.0012 2832  scfilter - ok
21:12:09.0340 2832  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
21:12:09.0402 2832  Schedule - ok
21:12:09.0433 2832  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
21:12:09.0480 2832  SCPolicySvc - ok
21:12:09.0589 2832  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
21:12:09.0652 2832  SDRSVC - ok
21:12:09.0808 2832  [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
21:12:09.0855 2832  SDScannerService - ok
21:12:09.0933 2832  [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
21:12:09.0979 2832  SDUpdateService - ok
21:12:10.0011 2832  [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
21:12:10.0042 2832  SDWSCService - ok
21:12:10.0089 2832  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
21:12:10.0151 2832  secdrv - ok
21:12:10.0229 2832  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
21:12:10.0276 2832  seclogon - ok
21:12:10.0323 2832  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
21:12:10.0385 2832  SENS - ok
21:12:10.0416 2832  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
21:12:10.0463 2832  SensrSvc - ok
21:12:10.0510 2832  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
21:12:10.0557 2832  Serenum - ok
21:12:10.0572 2832  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
21:12:10.0619 2832  Serial - ok
21:12:10.0635 2832  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
21:12:10.0666 2832  sermouse - ok
21:12:10.0728 2832  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
21:12:10.0806 2832  SessionEnv - ok
21:12:10.0837 2832  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
21:12:10.0884 2832  sffdisk - ok
21:12:10.0915 2832  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
21:12:10.0947 2832  sffp_mmc - ok
21:12:10.0978 2832  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
21:12:11.0009 2832  sffp_sd - ok
21:12:11.0040 2832  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
21:12:11.0056 2832  sfloppy - ok
21:12:11.0071 2832  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
21:12:11.0134 2832  SharedAccess - ok
21:12:11.0321 2832  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:12:11.0399 2832  ShellHWDetection - ok
21:12:11.0430 2832  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:12:11.0430 2832  SiSRaid2 - ok
21:12:11.0477 2832  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
21:12:11.0493 2832  SiSRaid4 - ok
21:12:11.0571 2832  [ B866E8C5ED1DCBEA72285BA4107892C2 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
21:12:11.0633 2832  SkypeUpdate - ok
21:12:11.0680 2832  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
21:12:11.0711 2832  Smb - ok
21:12:11.0789 2832  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
21:12:11.0836 2832  SNMPTRAP - ok
21:12:11.0867 2832  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
21:12:11.0883 2832  spldr - ok
21:12:11.0914 2832  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
21:12:11.0945 2832  Spooler - ok
21:12:12.0413 2832  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
21:12:12.0553 2832  sppsvc - ok
21:12:12.0616 2832  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
21:12:12.0663 2832  sppuinotify - ok
21:12:12.0741 2832  [ A687B5B326AFCFCF182C4931D1FF9771 ] SQLAgent$RECHERCHE2009 c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.RECHERCHE2009\MSSQL\Binn\SQLAGENT.EXE
21:12:12.0787 2832  SQLAgent$RECHERCHE2009 - ok
21:12:12.0897 2832  [ B54B48F6D92423440C264E91225C5FF1 ] SQLBrowser      c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
21:12:12.0912 2832  SQLBrowser - ok
21:12:13.0037 2832  [ 6D65985945B03CA59B67D0B73702FC7B ] SQLWriter       c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
21:12:13.0068 2832  SQLWriter - ok
21:12:13.0193 2832  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
21:12:13.0240 2832  srv - ok
21:12:13.0287 2832  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
21:12:13.0333 2832  srv2 - ok
21:12:13.0365 2832  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
21:12:13.0380 2832  srvnet - ok
21:12:13.0458 2832  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
21:12:13.0536 2832  SSDPSRV - ok
21:12:13.0567 2832  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
21:12:13.0614 2832  SstpSvc - ok
21:12:13.0677 2832  [ 74425FFA11C133D045E1C3BE2EAD481D ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
21:12:13.0692 2832  ssudmdm - ok
21:12:13.0723 2832  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
21:12:13.0723 2832  stexstor - ok
21:12:13.0770 2832  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
21:12:13.0833 2832  stisvc - ok
21:12:13.0864 2832  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
21:12:13.0879 2832  swenum - ok
21:12:13.0911 2832  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
21:12:13.0973 2832  swprv - ok
21:12:14.0160 2832  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
21:12:14.0254 2832  SysMain - ok
21:12:14.0301 2832  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:12:14.0332 2832  TabletInputService - ok
21:12:14.0410 2832  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
21:12:14.0472 2832  TapiSrv - ok
21:12:14.0503 2832  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
21:12:14.0581 2832  TBS - ok
21:12:14.0831 2832  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
21:12:14.0909 2832  Tcpip - ok
21:12:14.0971 2832  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
21:12:15.0018 2832  TCPIP6 - ok
21:12:15.0065 2832  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
21:12:15.0096 2832  tcpipreg - ok
21:12:15.0143 2832  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
21:12:15.0205 2832  TDPIPE - ok
21:12:15.0252 2832  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
21:12:15.0283 2832  TDTCP - ok
21:12:15.0330 2832  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
21:12:15.0361 2832  tdx - ok
21:12:15.0408 2832  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
21:12:15.0424 2832  TermDD - ok
21:12:15.0471 2832  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
21:12:15.0549 2832  TermService - ok
21:12:15.0595 2832  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
21:12:15.0642 2832  Themes - ok
21:12:15.0673 2832  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
21:12:15.0705 2832  THREADORDER - ok
21:12:15.0751 2832  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
21:12:15.0798 2832  TrkWks - ok
21:12:15.0907 2832  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:12:15.0970 2832  TrustedInstaller - ok
21:12:16.0032 2832  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
21:12:16.0079 2832  tssecsrv - ok
21:12:16.0141 2832  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
21:12:16.0173 2832  TsUsbFlt - ok
21:12:16.0251 2832  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
21:12:16.0329 2832  tunnel - ok
21:12:16.0360 2832  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
21:12:16.0375 2832  uagp35 - ok
21:12:16.0469 2832  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
21:12:16.0547 2832  udfs - ok
21:12:16.0625 2832  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
21:12:16.0656 2832  UI0Detect - ok
21:12:16.0687 2832  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
21:12:16.0687 2832  uliagpkx - ok
21:12:16.0765 2832  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
21:12:16.0812 2832  umbus - ok
21:12:16.0843 2832  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
21:12:16.0875 2832  UmPass - ok
21:12:16.0921 2832  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
21:12:16.0999 2832  upnphost - ok
21:12:17.0046 2832  [ F724B03C3DFAACF08D17D38BF3333583 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
21:12:17.0109 2832  USBAAPL64 - ok
21:12:17.0171 2832  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
21:12:17.0233 2832  usbccgp - ok
21:12:17.0296 2832  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
21:12:17.0311 2832  usbcir - ok
21:12:17.0374 2832  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
21:12:17.0421 2832  usbehci - ok
21:12:17.0483 2832  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
21:12:17.0514 2832  usbhub - ok
21:12:17.0545 2832  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
21:12:17.0577 2832  usbohci - ok
21:12:17.0639 2832  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
21:12:17.0670 2832  usbprint - ok
21:12:17.0733 2832  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
21:12:17.0779 2832  usbscan - ok
21:12:17.0811 2832  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:12:17.0873 2832  USBSTOR - ok
21:12:17.0904 2832  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
21:12:17.0951 2832  usbuhci - ok
21:12:18.0013 2832  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
21:12:18.0076 2832  usbvideo - ok
21:12:18.0107 2832  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
21:12:18.0201 2832  UxSms - ok
21:12:18.0216 2832  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
21:12:18.0232 2832  VaultSvc - ok
21:12:18.0279 2832  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
21:12:18.0294 2832  vdrvroot - ok
21:12:18.0357 2832  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
21:12:18.0450 2832  vds - ok
21:12:18.0497 2832  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
21:12:18.0528 2832  vga - ok
21:12:18.0544 2832  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
21:12:18.0591 2832  VgaSave - ok
21:12:18.0684 2832  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
21:12:18.0700 2832  vhdmp - ok
21:12:18.0747 2832  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
21:12:18.0747 2832  viaide - ok
21:12:18.0762 2832  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
21:12:18.0778 2832  volmgr - ok
21:12:18.0825 2832  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
21:12:18.0856 2832  volmgrx - ok
21:12:18.0903 2832  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
21:12:18.0934 2832  volsnap - ok
21:12:18.0965 2832  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
21:12:18.0981 2832  vsmraid - ok
21:12:19.0090 2832  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
21:12:19.0199 2832  VSS - ok
21:12:19.0246 2832  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
21:12:19.0261 2832  vwifibus - ok
21:12:19.0293 2832  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
21:12:19.0355 2832  vwififlt - ok
21:12:19.0480 2832  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
21:12:19.0573 2832  W32Time - ok
21:12:19.0605 2832  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
21:12:19.0651 2832  WacomPen - ok
21:12:19.0714 2832  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
21:12:19.0776 2832  WANARP - ok
21:12:19.0807 2832  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
21:12:19.0839 2832  Wanarpv6 - ok
21:12:20.0041 2832  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
21:12:20.0135 2832  WatAdminSvc - ok
21:12:20.0307 2832  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
21:12:20.0416 2832  wbengine - ok
21:12:20.0463 2832  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
21:12:20.0525 2832  WbioSrvc - ok
21:12:20.0650 2832  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
21:12:20.0712 2832  wcncsvc - ok
21:12:20.0728 2832  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:12:20.0806 2832  WcsPlugInService - ok
21:12:20.0821 2832  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
21:12:20.0853 2832  Wd - ok
21:12:20.0899 2832  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
21:12:20.0931 2832  Wdf01000 - ok
21:12:20.0993 2832  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
21:12:21.0102 2832  WdiServiceHost - ok
21:12:21.0102 2832  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
21:12:21.0118 2832  WdiSystemHost - ok
21:12:21.0211 2832  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
21:12:21.0243 2832  WebClient - ok
21:12:21.0289 2832  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
21:12:21.0321 2832  Wecsvc - ok
21:12:21.0352 2832  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
21:12:21.0383 2832  wercplsupport - ok
21:12:21.0414 2832  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
21:12:21.0461 2832  WerSvc - ok
21:12:21.0508 2832  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
21:12:21.0539 2832  WfpLwf - ok
21:12:21.0570 2832  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
21:12:21.0570 2832  WIMMount - ok
21:12:21.0617 2832  WinDefend - ok
21:12:21.0633 2832  WinHttpAutoProxySvc - ok
21:12:22.0163 2832  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
21:12:22.0241 2832  Winmgmt - ok
21:12:22.0428 2832  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
21:12:22.0553 2832  WinRM - ok
21:12:22.0615 2832  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
21:12:22.0631 2832  WinUsb - ok
21:12:22.0693 2832  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
21:12:22.0756 2832  Wlansvc - ok
21:12:22.0771 2832  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
21:12:22.0787 2832  WmiAcpi - ok
21:12:22.0881 2832  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
21:12:22.0943 2832  wmiApSrv - ok
21:12:22.0990 2832  WMPNetworkSvc - ok
21:12:23.0021 2832  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
21:12:23.0068 2832  WPCSvc - ok
21:12:23.0115 2832  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
21:12:23.0161 2832  WPDBusEnum - ok
21:12:23.0208 2832  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
21:12:23.0286 2832  ws2ifsl - ok
21:12:23.0333 2832  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
21:12:23.0380 2832  wscsvc - ok
21:12:23.0395 2832  WSearch - ok
21:12:24.0019 2832  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
21:12:24.0129 2832  wuauserv - ok
21:12:24.0175 2832  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
21:12:24.0238 2832  WudfPf - ok
21:12:24.0331 2832  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
21:12:24.0347 2832  WUDFRd - ok
21:12:24.0456 2832  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
21:12:24.0487 2832  wudfsvc - ok
21:12:24.0519 2832  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
21:12:24.0565 2832  WwanSvc - ok
21:12:24.0628 2832  [ 64F88AF327AA74E03658AE32B48CCB8B ] yukonw7         C:\Windows\system32\DRIVERS\yk62x64.sys
21:12:24.0675 2832  yukonw7 - ok
21:12:24.0690 2832  ================ Scan global ===============================
21:12:24.0721 2832  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:12:24.0815 2832  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
21:12:24.0815 2832  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
21:12:24.0862 2832  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:12:24.0924 2832  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
21:12:24.0940 2832  [Global] - ok
21:12:24.0940 2832  ================ Scan MBR ==================================
21:12:24.0987 2832  [ 2E5DEBB2116B3417023E0D6562D7ED07 ] \Device\Harddisk0\DR0
21:12:32.0818 2832  \Device\Harddisk0\DR0 - ok
21:12:32.0818 2832  ================ Scan VBR ==================================
21:12:32.0865 2832  [ F6CF56B26CCDDE65043DFD939D1A4EAE ] \Device\Harddisk0\DR0\Partition1
21:12:32.0865 2832  \Device\Harddisk0\DR0\Partition1 - ok
21:12:32.0880 2832  [ F616E7BC9B03AE3F72B44C6FB036320B ] \Device\Harddisk0\DR0\Partition2
21:12:32.0880 2832  \Device\Harddisk0\DR0\Partition2 - ok
21:12:32.0943 2832  [ 56522F189C362C6423FEB1FD4A2028E3 ] \Device\Harddisk0\DR0\Partition3
21:12:32.0943 2832  \Device\Harddisk0\DR0\Partition3 - ok
21:12:32.0943 2832  ============================================================
21:12:32.0943 2832  Scan finished
21:12:32.0943 2832  ============================================================
21:12:32.0958 4560  Detected object count: 3
21:12:32.0958 4560  Actual detected object count: 3
21:13:19.0499 4560  BrYNSvc ( UnsignedFile.Multi.Generic ) - skipped by user
21:13:19.0499 4560  BrYNSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:13:19.0499 4560  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:13:19.0499 4560  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:13:19.0499 4560  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:13:19.0499 4560  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:13:24.0741 1248  Deinitialize success
         
Hier die Auswertung vom ESET Online Scanner:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ba4a84ec9d3b4040b623d8ec023e4308
# engine=13399
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-03-15 10:27:31
# local_time=2013-03-15 11:27:31 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 0 228809741 31889 0
# compatibility_mode=5893 16776573 100 94 0 115016301 0 0
# scanned=164558
# found=1
# cleaned=0
# scan_time=7639
sh=911CAE8018587D0E146EE841094A73B31BAB55F8 ft=1 fh=cac2002dad6c9924 vn="a variant of Win32/Injector.AEAE trojan" ac=I fn="C:\_OTL\MovedFiles\03152013_121155\C_Users\***\AppData\Local\Temp\Jqrzvupmfd\fnhleooei.exe"
         
Und nun noch SecurityCheck:

Code:
ATTFilter
 Results of screen317's Security Check version 0.99.59  
 Windows 7 Service Pack 1 x64   
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Spybot - Search & Destroy 
 Malwarebytes Anti-Malware Version 1.70.0.1100  
 Java 7 Update 17  
 Java version out of Date! 
 Adobe Reader 9 Adobe Reader out of Date! 
````````Process Check: objlist.exe by Laurent````````  
 Spybot Teatimer.exe is disabled! 
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         

Alt 16.03.2013, 08:10   #8
t'john
/// Helfer-Team
 
vermehrte Virusmeldungen, wahrscheinlich auch wg der Rechnung.zip von Groupon? - Standard

vermehrte Virusmeldungen, wahrscheinlich auch wg der Rechnung.zip von Groupon?



Aktualisiere:

Adobe Reader: Adobe Reader - Download - Filepony (Alternativen: PDF Tools)




Java deaktivieren

Aufgrund derezeitigen Sicherheitsluecke:

http://www.trojaner-board.de/122961-...ktivieren.html

Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck
__________________
Mfg, t'john
Das TB unterstützen

Alt 16.03.2013, 08:27   #9
dvdhero
 
vermehrte Virusmeldungen, wahrscheinlich auch wg der Rechnung.zip von Groupon? - Standard

vermehrte Virusmeldungen, wahrscheinlich auch wg der Rechnung.zip von Groupon?



Guten Morgen,

PluginCheck

Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen.
Überprüft wird: Browser, Flash, Java und Adobe Reader Version.



Internet Explorer 9.0 ist aktuell

Flash (11,6,602,180) ist aktuell.
Java ist nicht Installiert oder nicht aktiviert.

Adobe Reader 11,0,0,0 ist aktuell.

Alt 17.03.2013, 09:14   #10
t'john
/// Helfer-Team
 
vermehrte Virusmeldungen, wahrscheinlich auch wg der Rechnung.zip von Groupon? - Standard

vermehrte Virusmeldungen, wahrscheinlich auch wg der Rechnung.zip von Groupon?



Sehr gut!

damit bist Du sauber und entlassen!

adwCleaner entfernen

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Uninstall.
  • Bestätige mit Ja.




Tool-Bereinigung mit OTL


Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
  • Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
  • Speichere es auf Deinem Desktop.
  • Doppelklick auf OTL.exe um das Programm auszuführen.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Klicke auf den Button "Bereinigung"
  • OTL fragt eventuell nach einem Neustart.
    Sollte es dies tun, so lasse dies bitte zu.
Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.


Zurücksetzen der Sicherheitszonen

Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen.
Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html


Systemwiederherstellungen leeren

Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein:
Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7
Danach wieder aktivieren.



Lektuere zum abarbeiten:
http://www.trojaner-board.de/90880-d...tallation.html
http://www.trojaner-board.de/105213-...tellungen.html
PluginCheck
http://www.trojaner-board.de/96344-a...-rechners.html
Secunia Online Software Inspector
http://www.trojaner-board.de/71715-k...iendungen.html
http://www.trojaner-board.de/83238-a...sschalten.html
http://www.trojaner-board.de/109844-...ren-seite.html
PC wird immer langsamer - was tun?
__________________
Mfg, t'john
Das TB unterstützen

Alt 30.04.2013, 18:29   #11
t'john
/// Helfer-Team
 
vermehrte Virusmeldungen, wahrscheinlich auch wg der Rechnung.zip von Groupon? - Standard

vermehrte Virusmeldungen, wahrscheinlich auch wg der Rechnung.zip von Groupon?



Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________
Mfg, t'john
Das TB unterstützen

Antwort

Themen zu vermehrte Virusmeldungen, wahrscheinlich auch wg der Rechnung.zip von Groupon?
application/pdf:, avg, avira, battle.net, bonjour, browser, firefox, flash player, iexplore.exe, install.exe, installation, programm, realtek, registry, rundll, safer networking, security, software, svchost.exe, tr/graftor.72688, tr/kazy.153787.2, tr/spy.bebloh.eb.100, tracker, trojan.agent, trojan.agent.mu, trojan.ransom.ed, trojan.ransom.gen



Ähnliche Themen: vermehrte Virusmeldungen, wahrscheinlich auch wg der Rechnung.zip von Groupon?


  1. gefälschte Rechnung von Vodaphone mit falschem Link zur angeblichen .pdf-Rechnung
    Plagegeister aller Art und deren Bekämpfung - 18.12.2014 (9)
  2. Virus? Vermehrte Meldungen, SQL, clipz, https seiten
    Plagegeister aller Art und deren Bekämpfung - 22.10.2014 (3)
  3. Windows 7: Vermehrte Werbung/Popups und Flash Aktualisierungsaufforderung in Chrome; Rechner generell verlangsamt
    Log-Analyse und Auswertung - 05.10.2014 (13)
  4. Leider auch Vodafone Rechnung Trojaner erwischt TR/Cridex.A.199, TR/Spy.ZBot.xgxi, Worm/Cridex.E.560
    Log-Analyse und Auswertung - 03.02.2014 (13)
  5. Gefälschte Telekom Rechnung erhalten und auf Download Link geklickt - wahrscheinlich Trojaner
    Plagegeister aller Art und deren Bekämpfung - 03.02.2014 (14)
  6. Computer arbeitet verlangsamt, Malwarebytes findet 3 infizierte Dateien, vermehrte Popups
    Log-Analyse und Auswertung - 15.10.2013 (9)
  7. Ist "rechnung.scr" auch eine Gefahr für Android?
    Plagegeister aller Art und deren Bekämpfung - 16.05.2013 (3)
  8. Probleme wegen Trojaner durch Groupon-Rechnung
    Plagegeister aller Art und deren Bekämpfung - 03.04.2013 (12)
  9. Trojaner-Befall meines Laptops nach Groupon-Rechnung
    Plagegeister aller Art und deren Bekämpfung - 03.04.2013 (4)
  10. Trojaner- Warnung nach" groupon- Rechnung"
    Plagegeister aller Art und deren Bekämpfung - 16.03.2013 (32)
  11. Groupon Rechnung - versteckte Trojaner
    Log-Analyse und Auswertung - 15.03.2013 (16)
  12. Trojaner: SHeur4.BCWW von fingierter Groupon Rechnung
    Plagegeister aller Art und deren Bekämpfung - 09.03.2013 (11)
  13. PUP.Dealio aus Groupon-Rechnung?
    Plagegeister aller Art und deren Bekämpfung - 08.03.2013 (1)
  14. Bitte um fachmännische Überprüfung meines Hijack-Logs...vermehrte Programmabstürze, low performance
    Log-Analyse und Auswertung - 14.11.2010 (1)
  15. Virusmeldungen, Pop-Ups, Taksmanager gesperrt...
    Plagegeister aller Art und deren Bekämpfung - 07.02.2010 (13)
  16. auch die 1 und 1 rechnung
    Plagegeister aller Art und deren Bekämpfung - 09.01.2007 (1)
  17. Virusmeldungen
    Plagegeister aller Art und deren Bekämpfung - 21.06.2005 (2)

Zum Thema vermehrte Virusmeldungen, wahrscheinlich auch wg der Rechnung.zip von Groupon? - Moin liebe Experten, ich bin auch auf die Mail von "Groupon" reingefallen. Jetzt bekomme ich oft Virusmeldungen durch mein Virenscanner (AntiVir). Leider bin ich damit etwas überfordert. Vielleicht könnt Ihr - vermehrte Virusmeldungen, wahrscheinlich auch wg der Rechnung.zip von Groupon?...
Archiv
Du betrachtest: vermehrte Virusmeldungen, wahrscheinlich auch wg der Rechnung.zip von Groupon? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.