Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojanisches Pferd "zeus2" auf meinem Computer

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 04.07.2013, 12:06   #1
Connemara
 
Trojanisches Pferd "zeus2" auf meinem Computer - Standard

Trojanisches Pferd "zeus2" auf meinem Computer



Hallo,

ich habe gestern einen Brief von der Bank bekommen, dass mein Online-Bankingzugang gesperrt wurde, weil von einem Computer auf das Online-Banking zugegriffen wurde, auf dem das Trojanische Pferd "zeus2" instralliert sei.

Ich habe selbst keine Symptome bemerkt und auch noch nichts unternommen.

Für Hilfe wäre ich sehr dankbar!

Gruß, Connemara

Alt 04.07.2013, 12:12   #2
markusg
/// Malware-holic
 
Trojanisches Pferd "zeus2" auf meinem Computer - Standard

Trojanisches Pferd "zeus2" auf meinem Computer



hi,

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 04.07.2013, 12:50   #3
Connemara
 
Trojanisches Pferd "zeus2" auf meinem Computer - Standard

Trojanisches Pferd "zeus2" auf meinem Computer



OTL.txt:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 04.07.2013 13:37:26 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Hanna\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 1,55 Gb Available Physical Memory | 52,81% Memory free
6,08 Gb Paging File | 4,44 Gb Available in Paging File | 72,96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,08 Gb Total Space | 194,84 Gb Free Space | 67,63% Space Free | Partition Type: NTFS
 
Computer Name: HANNA-PC | User Name: Hanna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.07.04 13:36:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hanna\Desktop\OTL.exe
PRC - [2013.05.25 02:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Hanna\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.02.16 02:33:51 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013.01.27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2013.01.27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013.01.27 12:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012.12.12 11:28:14 | 000,163,000 | ---- | M] (Geek Software GmbH) -- C:\Program Files\PDF24\pdf24.exe
PRC - [2010.09.07 21:10:54 | 000,604,416 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TUProgSt.exe
PRC - [2010.07.05 17:12:00 | 000,544,768 | ---- | M] (Oberon Media ) -- C:\Program Files\GamesBar\SearchEngineProtection.exe
PRC - [2010.03.22 17:19:11 | 001,540,096 | ---- | M] (Deutsche Telekom AG) -- C:\Program Files\Netzmanager\netzmanager.exe
PRC - [2010.03.22 16:40:22 | 000,009,728 | ---- | M] (Deutsche Telekom AG) -- C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
PRC - [2009.11.11 16:17:02 | 000,771,360 | ---- | M] (Apple Inc.) -- C:\Program Files\AirPort\APAgent.exe
PRC - [2009.07.06 19:07:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.06.27 12:33:18 | 006,244,896 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.06.11 12:18:30 | 000,024,576 | ---- | M] () -- C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
PRC - [2008.01.21 04:24:13 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2007.01.04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.03.13 22:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Hanna\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013.02.16 02:34:12 | 003,067,288 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012.11.14 01:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Hanna\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2011.06.30 19:23:05 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\e3180b4230f052996adb81da3dc64ad0\System.Management.ni.dll
MOD - [2011.06.30 19:21:14 | 001,070,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\3fb6b9b320c78fa02be3fa8ce26b7559\System.IdentityModel.ni.dll
MOD - [2011.06.30 19:21:11 | 002,345,472 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\0393b1448497e28ae9bbfed9be19bd3e\System.Runtime.Serialization.ni.dll
MOD - [2011.06.30 19:21:06 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\06bb41fe681650a017fa2c99e197edf0\SMDiagnostics.ni.dll
MOD - [2011.06.30 19:21:04 | 017,403,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\0dd1924dbe8ac43b923a28409d351619\System.ServiceModel.ni.dll
MOD - [2011.06.30 19:20:18 | 011,800,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0a1195c6b5fab213527364c9e8b26ef0\System.Web.ni.dll
MOD - [2011.06.30 19:19:59 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\fdbb4d76b37aada9010c49a6e09da067\System.Transactions.ni.dll
MOD - [2011.06.30 19:19:58 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\1c06ada12457242969cdc35d5af12b01\System.EnterpriseServices.ni.dll
MOD - [2011.06.30 19:19:26 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll
MOD - [2011.06.30 19:06:47 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll
MOD - [2011.06.30 19:06:05 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll
MOD - [2011.06.30 19:05:37 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll
MOD - [2011.06.30 19:04:15 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6bebfe5b7776c84cb38efdb2a7c9d447\PresentationFramework.Aero.ni.dll
MOD - [2011.06.30 19:04:13 | 014,327,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\415ef2ec8cbd9f3368da6ade10beae26\PresentationFramework.ni.dll
MOD - [2011.06.30 19:03:30 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\c1498ba4652483d5adddd4c5d3927170\PresentationCore.ni.dll
MOD - [2011.06.30 19:02:56 | 003,313,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\29d729043903b7b4b2ea695db220d866\WindowsBase.ni.dll
MOD - [2011.06.30 19:02:30 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll
MOD - [2011.06.28 13:39:54 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2008.07.27 20:03:15 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2008.07.27 20:03:09 | 000,167,936 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll
MOD - [2008.07.27 20:03:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2008.07.27 20:03:08 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2008.07.04 04:02:58 | 000,487,424 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.ServiceModel.resources\3.0.0.0_de_b77a5c561934e089\System.ServiceModel.resources.dll
MOD - [2008.07.04 04:02:58 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.resources\3.0.0.0_de_b77a5c561934e089\System.Runtime.Serialization.resources.dll
MOD - [2008.04.04 03:00:58 | 000,003,072 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.06.12 13:25:01 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.02.16 02:34:06 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.01.27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013.01.27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2010.09.07 21:10:54 | 000,604,416 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2010.09.07 21:10:48 | 000,361,216 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010.03.22 16:40:22 | 000,009,728 | ---- | M] (Deutsche Telekom AG) [Auto | Running] -- C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe -- (Netzmanager Service)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.04.27 14:21:36 | 000,028,928 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2008.06.11 12:18:30 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe -- (ETService)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.01.04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\zpnnlqgu.sys -- (zpnnlqgu)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\zhhohjdn.sys -- (zhhohjdn)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\ycqhnloq.sys -- (ycqhnloq)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\xvysrriv.sys -- (xvysrriv)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\wpmqlqgd.sys -- (wpmqlqgd)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\wpddpvvm.sys -- (wpddpvvm)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\wikoztsj.sys -- (wikoztsj)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\whqdilhl.sys -- (whqdilhl)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\wgriqhda.sys -- (wgriqhda)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\wduvamgn.sys -- (wduvamgn)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\vlqoefga.sys -- (vlqoefga)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\vildfska.sys -- (vildfska)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\vhmlfgnv.sys -- (vhmlfgnv)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\vewtcbpb.sys -- (vewtcbpb)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\ujaqhsqy.sys -- (ujaqhsqy)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\uepbqtfa.sys -- (uepbqtfa)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\szfeofbd.sys -- (szfeofbd)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\sukifpdx.sys -- (sukifpdx)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\smdnbrfu.sys -- (smdnbrfu)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\sejafszk.sys -- (sejafszk)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\sdyslqfg.sys -- (sdyslqfg)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\saeacjqj.sys -- (saeacjqj)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\rulvxbun.sys -- (rulvxbun)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\rpxapolq.sys -- (rpxapolq)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\rhkplgwu.sys -- (rhkplgwu)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\rgxkmttj.sys -- (rgxkmttj)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\qstzxuhm.sys -- (qstzxuhm)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\qpqgvjav.sys -- (qpqgvjav)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\qkvropkb.sys -- (qkvropkb)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\qikqudhb.sys -- (qikqudhb)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\qhqacqdw.sys -- (qhqacqdw)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\qaguxzum.sys -- (qaguxzum)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\pyofpkri.sys -- (pyofpkri)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\pqjnmqma.sys -- (pqjnmqma)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\pcbiiwiv.sys -- (pcbiiwiv)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\oqvnraux.sys -- (oqvnraux)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\ookslhnv.sys -- (ookslhnv)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\ojutlavf.sys -- (ojutlavf)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\nzmbgvme.sys -- (nzmbgvme)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\nmakobim.sys -- (nmakobim)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\mpelvrzl.sys -- (mpelvrzl)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\mfjmcbdz.sys -- (mfjmcbdz)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\lqybegeo.sys -- (lqybegeo)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\lpptswil.sys -- (lpptswil)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\loctzsie.sys -- (loctzsie)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\lksnseyp.sys -- (lksnseyp)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\lguaqttw.sys -- (lguaqttw)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\lfssgnvy.sys -- (lfssgnvy)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\kquxfouq.sys -- (kquxfouq)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\klrntvnk.sys -- (klrntvnk)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\jyftkbgr.sys -- (jyftkbgr)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\jnbosovs.sys -- (jnbosovs)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\jmzsylmz.sys -- (jmzsylmz)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\iugnudez.sys -- (iugnudez)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\huotufyo.sys -- (huotufyo)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\hmzcnucm.sys -- (hmzcnucm)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\hmhwazky.sys -- (hmhwazky)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\gvcruzyt.sys -- (gvcruzyt)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\gqtapwpm.sys -- (gqtapwpm)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\gnuwogzg.sys -- (gnuwogzg)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\gnkropup.sys -- (gnkropup)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\gksmkjpj.sys -- (gksmkjpj)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\ggxxvjrb.sys -- (ggxxvjrb)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\fpugudpo.sys -- (fpugudpo)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\ekmlgvdv.sys -- (ekmlgvdv)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\egxmgzqs.sys -- (egxmgzqs)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\ebfgapfz.sys -- (ebfgapfz)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\dvinguwj.sys -- (dvinguwj)
DRV - File not found [Kernel | System | Stopped] -- C:\PROGRA~1\LAUNCH~1\DPortIO.sys -- (DritekPortIO)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\dpjqrnkw.sys -- (dpjqrnkw)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\dhomzlpo.sys -- (dhomzlpo)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\dgkupvxr.sys -- (dgkupvxr)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\cxtarluf.sys -- (cxtarluf)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\cuybmpcq.sys -- (cuybmpcq)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\cdvczbkm.sys -- (cdvczbkm)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\cbjmreek.sys -- (cbjmreek)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\brqnibiq.sys -- (brqnibiq)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\bkgrynvj.sys -- (bkgrynvj)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\bhckyxba.sys -- (bhckyxba)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\azimzwac.sys -- (azimzwac)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\assfgepf.sys -- (assfgepf)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\asrwumcr.sys -- (asrwumcr)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\ashqevxg.sys -- (ashqevxg)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\aqkhnymt.sys -- (aqkhnymt)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\amdcsfmn.sys -- (amdcsfmn)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\afwmrqtc.sys -- (afwmrqtc)
DRV - [2013.01.20 16:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010.06.23 09:21:32 | 000,259,176 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.06.11 12:13:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008.02.18 16:09:40 | 000,166,960 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007.04.17 21:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vp32&d=0209&m=e720
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vp32&d=0209&m=e720
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vp32&d=0209&m=e720
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2431245
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - No CLSID value found
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {BB17F21B-B06E-41FE-A424-F1E51D59C2C0}
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=DVSV5&o=15012&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=U9&apn_dtid=YYY-YYYB3&apn_uid=64054D15-A545-4E54-9860-13A8BAB636E6&apn_sauid=FC6D164B-2096-413C-AECF-CA85761E4C58
IE - HKCU\..\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}: "URL" = hxxp://start.iplay.com/searchresults.aspx?o=chrome&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKCU\..\SearchScopes\{BB17F21B-B06E-41FE-A424-F1E51D59C2C0}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACEW_de
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Elf 1.15 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2866295&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/webhp?rls=ig"
FF - prefs.js..extensions.enabledAddons: firefox%40ghostery.com:2.8.3
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.100008
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.6.0.10
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.6.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.0.19
FF - prefs.js..extensions.enabledItems: {f4e6547e-325b-403c-a3bb-ad29ed37a92f}:3.6.0.10
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e}:3.6.0.10
FF - prefs.js..extensions.enabledItems: gamesbar@oberon-media.com:1.2.1.94
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\program files\Mozilla Firefox\components [2013.02.22 12:08:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\program files\Mozilla Firefox\plugins [2013.05.15 15:26:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.06.27 09:56:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\Hanna\AppData\Roaming\14001.019 [2012.08.30 22:22:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.06.27 09:56:04 | 000,000,000 | ---D | M]
 
[2009.11.22 00:10:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hanna\AppData\Roaming\mozilla\Extensions
[2012.11.24 23:28:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hanna\AppData\Roaming\mozilla\Firefox\Profiles\i9p06hy1.default\extensions
[2011.12.12 20:41:02 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Hanna\AppData\Roaming\mozilla\Firefox\Profiles\i9p06hy1.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(7)
[2012.10.25 20:17:53 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Hanna\AppData\Roaming\mozilla\Firefox\Profiles\i9p06hy1.default\extensions\firefox@ghostery.com
[2012.11.24 23:28:07 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Hanna\AppData\Roaming\mozilla\Firefox\Profiles\i9p06hy1.default\extensions\ich@maltegoetz.de
[2012.08.07 19:22:18 | 000,002,396 | ---- | M] () -- C:\Users\Hanna\AppData\Roaming\mozilla\firefox\profiles\i9p06hy1.default\searchplugins\askcom.xml
[2012.04.30 19:32:54 | 000,000,919 | ---- | M] () -- C:\Users\Hanna\AppData\Roaming\mozilla\firefox\profiles\i9p06hy1.default\searchplugins\conduit.xml
[2009.12.27 22:04:35 | 000,002,321 | ---- | M] () -- C:\Users\Hanna\AppData\Roaming\mozilla\firefox\profiles\i9p06hy1.default\searchplugins\forestle-de.xml
[2013.02.22 12:08:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013.02.16 02:34:54 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2013.02.16 06:15:47 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.02.16 06:15:47 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.02.16 06:15:47 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.02.16 06:15:47 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.01.08 22:32:42 | 000,001,456 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober19111479.xml
[2013.02.16 06:15:47 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.02.16 06:15:47 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com
 
O1 HOSTS File: ([2010.04.30 14:56:08 | 000,001,798 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1				activate.adobe.com
O1 - Hosts: 127.0.0.1				practivate.adobe.com
O1 - Hosts: 127.0.0.1				ereg.adobe.com
O1 - Hosts: 127.0.0.1				activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1				wip3.adobe.com
O1 - Hosts: 127.0.0.1				3dns-3.adobe.com
O1 - Hosts: 127.0.0.1				3dns-2.adobe.com
O1 - Hosts: 127.0.0.1				adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1				adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1				adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1				ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1				activate-sea.adobe.com
O1 - Hosts: 127.0.0.1				wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1				activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1                               adobe.activate.com
O1 - Hosts: 127.0.0.1                               adobeereg.com                        
O1 - Hosts: 127.0.0.1                               www.adobeereg.com                    
O1 - Hosts: 127.0.0.1                               wwis-dubc1-vip60.adobe.com           
O1 - Hosts: 127.0.0.1                               125.252.224.90                       
O1 - Hosts: 127.0.0.1                               125.252.224.91
O1 - Hosts: 127.0.0.1                               hl2rcv.adobe.com
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AirPort Base Station Agent] C:\Program Files\AirPort\APAgent.exe (Apple Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files\EMACHINES\WR_PopUp\WarReg_PopUp.exe (eMachines)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [{0C6A3A70-0304-0E2A-A1CE-9AA25A0A27EE}] C:\Users\Hanna\AppData\Roaming\Qaifu\soidl.exe (Xeneso Oput)
O4 - HKCU..\Run: [FilterHost] C:\Users\Hanna\AppData\Roaming\mmserver\FilterHost.exe (Synatix GmbH)
O4 - HKCU..\Run: [NvCplDaemonTool] rundll32.exe C:\Users\Hanna\floadu1C.dll,_IWMPEvents File not found
O4 - HKCU..\Run: [SearchEngineProtection] C:\Program Files\GamesBar\SearchEngineProtection.exe (Oberon Media )
O4 - Startup: C:\Users\Hanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Hanna\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Hanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk = C:\Program Files\Netzmanager\netzmanager.exe (Deutsche Telekom AG)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8 - Extra context menu item: Free YouTube Download - C:\Users\Hanna\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Hanna\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra 'Tools' menuitem : GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - Reg Error: Value error. File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5DE2AF7-7FDA-4FA8-87BF-290CD98962D2}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5DE2AF7-7FDA-4FA8-87BF-290CD98962D2}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DAE15BB4-E5D7-4D17-BBE1-F64F678EB3B0}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Hanna\Pictures\Bild 023.jpg
O24 - Desktop BackupWallPaper: C:\Users\Hanna\Pictures\Bild 023.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{02444e18-13e9-11de-ade5-00235a531a7b}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{0f762ed8-05f2-11df-a6f6-00235a531a7b}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{14de9494-d939-11de-871a-00235a531a7b}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{196c663e-65c1-11df-a402-00235a531a7b}\Shell - "" = AutoRun
O33 - MountPoints2\{196c663e-65c1-11df-a402-00235a531a7b}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{196c6651-65c1-11df-a402-00235a531a7b}\Shell - "" = AutoRun
O33 - MountPoints2\{196c6651-65c1-11df-a402-00235a531a7b}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{1fdae04a-dc25-11de-8c6e-00235a531a7b}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{898d2c65-c95f-11de-8bb1-00235a531a7b}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{97fe7507-78a6-11df-b555-00235a531a7b}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{db31fb8c-f3c8-11de-abe5-00235a531a7b}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{db74c945-1183-11df-9e01-00235a531a7b}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{db74c97f-1183-11df-9e01-00235a531a7b}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.07.04 13:36:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Hanna\Desktop\OTL.exe
[2013.06.27 09:56:03 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2013.06.25 16:31:19 | 000,000,000 | ---D | C] -- C:\Users\Hanna\Desktop\Irland England
[2013.06.18 16:00:11 | 000,000,000 | ---D | C] -- C:\Users\Hanna\Desktop\Kindergeld
[2 C:\Users\Hanna\AppData\Roaming\*.tmp files -> C:\Users\Hanna\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.07.04 13:36:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hanna\Desktop\OTL.exe
[2013.07.04 13:35:13 | 000,000,000 | ---- | M] () -- C:\Users\Hanna\defogger_reenable
[2013.07.04 13:33:34 | 000,050,477 | ---- | M] () -- C:\Users\Hanna\Desktop\Defogger.exe
[2013.07.04 13:25:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.07.04 13:24:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.07.04 12:52:15 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2013.07.04 12:52:13 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2013.07.04 12:52:11 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.07.04 12:52:02 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.04 12:52:02 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.04 12:51:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.07.03 02:57:54 | 000,002,693 | ---- | M] () -- C:\Users\Hanna\.recently-used.xbel
[2013.07.02 09:23:56 | 000,163,528 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.07.02 09:23:56 | 000,065,938 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.07.02 09:23:56 | 000,017,656 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.07.02 09:23:56 | 000,009,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.06.26 13:20:19 | 000,000,983 | ---- | M] () -- C:\Users\Hanna\Desktop\Dropbox.lnk
[2013.06.25 11:50:01 | 000,175,949 | ---- | M] () -- C:\Users\Hanna\Desktop\Flyer C.A. Krankenpflege_2012.pdf
[2013.06.15 16:08:22 | 000,225,254 | ---- | M] () -- C:\Users\Hanna\Desktop\IRISH DANCE FERIENPLAN.pdf
[2013.06.12 10:22:27 | 000,001,224 | ---- | M] () -- C:\Windows\WININIT.INI
[2013.06.12 10:22:27 | 000,000,993 | ---- | M] () -- C:\Users\Hanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2 C:\Users\Hanna\AppData\Roaming\*.tmp files -> C:\Users\Hanna\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.07.04 13:35:13 | 000,000,000 | ---- | C] () -- C:\Users\Hanna\defogger_reenable
[2013.07.04 13:33:33 | 000,050,477 | ---- | C] () -- C:\Users\Hanna\Desktop\Defogger.exe
[2013.07.03 02:57:54 | 000,002,693 | ---- | C] () -- C:\Users\Hanna\.recently-used.xbel
[2013.06.26 13:20:19 | 000,000,983 | ---- | C] () -- C:\Users\Hanna\Desktop\Dropbox.lnk
[2013.06.25 11:50:00 | 000,175,949 | ---- | C] () -- C:\Users\Hanna\Desktop\Flyer C.A. Krankenpflege_2012.pdf
[2013.06.15 16:08:20 | 000,225,254 | ---- | C] () -- C:\Users\Hanna\Desktop\IRISH DANCE FERIENPLAN.pdf
[2012.09.11 22:57:35 | 000,065,536 | ---- | C] () -- C:\Users\Hanna\AppData\Roaming\i9p06hy1.default.dat
[2012.08.31 12:11:13 | 000,007,424 | ---- | C] () -- C:\Users\Hanna\AppData\Roaming\BAcroIEHelpe205.dll
[2012.08.28 13:20:02 | 000,006,400 | ---- | C] () -- C:\Users\Hanna\AppData\Roaming\BAcroIEHelpe202.dll
[2012.08.20 15:12:58 | 000,006,400 | ---- | C] () -- C:\Users\Hanna\AppData\Roaming\BAcroIEHelpe195.dll
[2012.08.08 14:19:21 | 000,006,400 | ---- | C] () -- C:\Users\Hanna\AppData\Roaming\BAcroIEHelpe184.dll
[2012.08.07 13:03:07 | 000,006,400 | ---- | C] () -- C:\Users\Hanna\AppData\Roaming\BAcroIEHelpe182.dll
[2012.08.04 11:58:40 | 000,000,069 | ---- | C] () -- C:\Users\Hanna\AppData\Roaming\urhtps.dat
[2012.08.03 21:21:07 | 000,006,400 | ---- | C] () -- C:\Users\Hanna\AppData\Roaming\BAcroIEHelpe180.dll
[2012.07.27 16:33:24 | 000,000,034 | ---- | C] () -- C:\Users\Hanna\AppData\Roaming\blckdom.res
[2012.07.26 13:20:41 | 004,503,728 | ---- | C] () -- C:\ProgramData\0tbpw.pad
[2011.07.21 14:06:50 | 000,015,364 | -H-- | C] () -- C:\Users\Hanna\.DS_Store
[2010.09.21 11:19:45 | 000,000,680 | ---- | C] () -- C:\Users\Hanna\AppData\Local\d3d9caps.dat
[2009.11.21 23:52:17 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.07.12 13:14:01 | 000,024,206 | ---- | C] () -- C:\Users\Hanna\AppData\Roaming\UserTile.png
[2009.03.27 16:39:30 | 000,005,115 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2009.03.20 16:58:24 | 000,071,680 | ---- | C] () -- C:\Users\Hanna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.03.18 20:46:11 | 000,000,326 | ---- | C] () -- C:\Users\Hanna\AppData\Roaming\wklnhst.dat
[2001.01.04 01:01:22 | 000,101,820 | ---- | C] () -- C:\Users\Hanna\CHILLER.TTF
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 17:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.03.03 06:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.01.21 04:24:03 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.07.27 16:34:05 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\14001.004
[2012.07.27 21:38:55 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\14001.005
[2012.07.28 21:28:36 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\14001.006
[2012.08.03 21:21:18 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\14001.008
[2012.08.06 17:43:35 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\14001.009
[2012.08.07 13:03:17 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\14001.010
[2012.08.08 14:19:51 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\14001.011
[2012.08.09 21:56:51 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\14001.012
[2012.08.18 23:30:43 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\14001.016
[2012.08.23 23:27:03 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\14001.017
[2012.08.27 12:33:26 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\14001.018
[2012.08.30 22:22:44 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\14001.019
[2009.05.16 13:32:54 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\Big Fish Games
[2010.08.21 15:47:06 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\CocoonSoftware
[2010.03.31 12:57:53 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\Degener
[2013.07.04 12:54:40 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\Dropbox
[2011.01.08 00:20:09 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.03.31 12:58:03 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\Ebner
[2013.07.03 02:57:54 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\gtk-2.0
[2011.11.20 14:10:02 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\Gutscheinmieze
[2009.03.23 16:30:47 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\InterVideo
[2012.10.31 16:40:36 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\Ipam
[2012.07.27 16:33:03 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\kock
[2010.07.17 11:09:28 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\MioNetApplet
[2010.01.27 08:37:14 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\mmserver
[2013.07.03 02:39:44 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\Nausal
[2011.01.08 22:32:54 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\Oberon Media
[2010.06.04 20:51:25 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\Philipp Winterberg
[2011.08.06 15:39:49 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\Qaifu
[2010.08.20 16:30:47 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\SumatraPDF
[2009.05.16 12:39:42 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\Template
[2012.07.05 13:37:39 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\Thunderbird
[2010.09.07 21:06:31 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\TuneUp Software
[2012.08.24 19:45:02 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\UAs
[2013.02.19 13:36:42 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\xmldm
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 60 bytes -> C:\Users\Hanna\Desktop\.TEMP_com.apple.iWork.Pages_147_336291406_2:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\Users\Hanna\Desktop\.DS_Store:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\Users\Hanna\.DS_Store:AFP_AfpInfo
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:A696643D
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:9F683177
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:CF5C4195
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:861A898F
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:4F636E25
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:4D066AD2
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:8AB6C1D7
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:E36F5B57
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:9B52F176
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:798A3728
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:C46995DA
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:4BB26BE9
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:9E22BBE8
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:3E7393FC

< End of report >
         
--- --- ---


Extras.txt:OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 04.07.2013 13:37:26 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Hanna\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 1,55 Gb Available Physical Memory | 52,81% Memory free
6,08 Gb Paging File | 4,44 Gb Available in Paging File | 72,96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,08 Gb Total Space | 194,84 Gb Free Space | 67,63% Space Free | Partition Type: NTFS
 
Computer Name: HANNA-PC | User Name: Hanna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\program files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1F6A7254-8E92-407F-9625-68D18F7C5DF0}" = lport=445 | protocol=6 | dir=in | app=system | 
"{2D5A2983-1488-4D64-84DB-7A293F856921}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{390E8FF9-2554-4835-8315-949B11B1932B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{3958DF73-91F8-4D0A-97EE-CABB7B97E293}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{451EBCBA-0B44-4000-BF31-9CD4A4D2B2E5}" = lport=139 | protocol=6 | dir=in | app=system | 
"{49E1C980-9DA3-46F5-BC6E-7B80A92883EB}" = rport=139 | protocol=6 | dir=out | app=system | 
"{58199F90-1A87-4E45-BA7A-6E58ED264A25}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{5A0BADDA-EF5F-4778-93F0-C0F75D0C09E6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{64BEE306-10D4-4BF9-85C3-C39E2962CFE8}" = lport=138 | protocol=17 | dir=in | app=system | 
"{81EBA63A-C5BB-4338-B4A6-854A64EFC73A}" = lport=137 | protocol=17 | dir=in | app=system | 
"{8F7EC319-704A-41FE-846E-70A86CB8A907}" = rport=445 | protocol=6 | dir=out | app=system | 
"{9F587962-2A24-4601-863E-AEE62E139F2F}" = rport=137 | protocol=17 | dir=out | app=system | 
"{C5F68B46-C8D8-4A1D-87CD-9FC4CEC7787D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CE61204B-7AF2-4005-9B84-F93CEC25A622}" = rport=138 | protocol=17 | dir=out | app=system | 
"{CEADCF14-BC1A-45B9-B2B8-6C3D71AFA7A5}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{D467D608-04C5-4FDC-9C06-A4DF370173FF}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{FB2CD107-6688-452E-936E-89266EDFECF4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{FE3AE746-8127-4EED-851E-3F69421FA984}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1352BB8C-637B-47C9-AB4D-785A45EBF7BA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{34CD3037-04B5-4A17-8DF1-E1A5F465C1D1}" = protocol=6 | dir=in | app=d:\alicesetup.exe | 
"{58D087BB-E7CA-4472-BAE8-956B1814548D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{6D7D456E-D172-4829-AAAB-9A2C75402B22}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8D703BA8-B97A-401B-BDE6-0130894F1163}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{A3C0EAC7-3CFC-40E1-A3CD-55AC66A8E994}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{C50CC880-6F08-4089-8563-F215DB01A310}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{E1212908-37CA-401E-971A-2234CA67E581}" = protocol=17 | dir=in | app=d:\alicesetup.exe | 
"TCP Query User{0A736F0A-5637-4557-BDD4-79163732B968}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{14DF81BD-272E-4043-B4A9-8AC387C5C46A}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{6CFF1F84-8C6A-470C-8F95-BB4F0B1A6589}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{9DF31523-725B-4944-9B2D-60ECE1E9A15A}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{A149D91E-255B-4CFF-847C-70A719CFA1F4}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{C1BAA7DB-8599-420E-818E-CF14B734D92C}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"UDP Query User{0E452904-6CEF-4E6E-AAC4-F0A043CDCF37}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"UDP Query User{0F198771-A924-4642-B077-5D69BA1BE8BF}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"UDP Query User{48FDE32C-3C04-4EDC-AD67-D30C6E4684A9}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{4B8A9EB5-1F9B-417F-8CE9-27E0EC15BC84}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{B01860F5-3B0A-4B72-9470-078E56FFCC78}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{BD6B1344-0F27-4FAD-B2E8-88040A0CBFF7}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2600_series" = Canon iP2600 series
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 24
"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
"{40184457-4514-4B18-84A8-6BB8A3AB6A81}" = AirPort
"{43B74FAB-FB58-447D-8D3A-5F638AF36FD1}" = Netzmanager
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = eMachines ScreenSaver
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.2.0
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11019760}" = eMachines
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader Extreme
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}" = Stronghold
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"7-Zip" = 7-Zip 9.15 beta
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVS Image Converter_is1" = AVS Image Converter 1.2.1.100
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"Canon iP2600 series Benutzerregistrierung" = Canon iP2600 series Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de)
"Mozilla Thunderbird 17.0.7 (x86 de)" = Mozilla Thunderbird 17.0.7 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Netzmanager" = Netzmanager
"PhotoFiltre" = PhotoFiltre
"SumatraPDF" = SumatraPDF
"VLC media player" = VLC media player 1.0.3
"WinGimp-2.0_is1" = GIMP 2.6.10
"YDKJG" = YOU DON'T KNOW JACK®
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"QUICKMEDIACONVERTER" = QMC
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 02.07.2013 03:18:31 | Computer Name = Hanna-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 02.07.2013 10:08:38 | Computer Name = Hanna-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 02.07.2013 17:40:37 | Computer Name = Hanna-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 03.07.2013 06:26:53 | Computer Name = Hanna-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 03.07.2013 06:27:11 | Computer Name = Hanna-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 03.07.2013 06:27:22 | Computer Name = Hanna-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 03.07.2013 06:28:33 | Computer Name = Hanna-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 04.07.2013 06:53:33 | Computer Name = Hanna-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 04.07.2013 07:08:11 | Computer Name = Hanna-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 04.07.2013 07:08:12 | Computer Name = Hanna-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 04.07.2013 07:43:14 | Computer Name = Hanna-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
[ OSession Events ]
Error - 14.04.2011 04:45:56 | Computer Name = Hanna-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 253
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 02.07.2013 03:17:00 | Computer Name = Hanna-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.51 für die Netzwerkkarte mit der Netzwerkadresse
 00242B75B5E6 wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 02.07.2013 10:07:09 | Computer Name = Hanna-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 02.07.2013 10:09:13 | Computer Name = Hanna-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.51 für die Netzwerkkarte mit der Netzwerkadresse
 00242B75B5E6 wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 02.07.2013 17:39:08 | Computer Name = Hanna-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 02.07.2013 17:39:10 | Computer Name = Hanna-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.51 für die Netzwerkkarte mit der Netzwerkadresse
 00242B75B5E6 wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 03.07.2013 06:25:22 | Computer Name = Hanna-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 03.07.2013 06:25:28 | Computer Name = Hanna-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.51 für die Netzwerkkarte mit der Netzwerkadresse
 00242B75B5E6 wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 03.07.2013 06:25:32 | Computer Name = Hanna-PC | Source = Microsoft-Windows-ResourcePublication | ID = 1002
Description = 
 
Error - 04.07.2013 06:52:04 | Computer Name = Hanna-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 04.07.2013 06:54:07 | Computer Name = Hanna-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.51 für die Netzwerkkarte mit der Netzwerkadresse
 00242B75B5E6 wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
[ TuneUp Events ]
Error - 20.11.2011 08:12:33 | Computer Name = Hanna-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "n": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-11-20 13:12:33', '\device\harddiskvolume2\program
 files\t-mobile\web'n'walk manager\driver\driveruninstall.exe','5956',0)
 
Error - 20.11.2011 08:12:33 | Computer Name = Hanna-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "n": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-11-20 13:12:33', '\device\harddiskvolume2\program
 files\t-mobile\web'n'walk manager\driver\devsetup32.exe','5356',0)
 
 
< End of report >
         
--- --- ---
__________________

Alt 04.07.2013, 12:54   #4
markusg
/// Malware-holic
 
Trojanisches Pferd "zeus2" auf meinem Computer - Standard

Trojanisches Pferd "zeus2" auf meinem Computer



Hi,


otl fix

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
ATTFilter
:OTL
O4 - HKCU..\Run: [{0C6A3A70-0304-0E2A-A1CE-9AA25A0A27EE}] C:\Users\Hanna\AppData\Roaming\Qaifu\soidl.exe (Xeneso Oput)
:files
C:\Users\Hanna\AppData\Roaming\Qaifu
:Commands
[emptytemp]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread


Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!




Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 04.07.2013, 13:15   #5
Connemara
 
Trojanisches Pferd "zeus2" auf meinem Computer - Standard

Trojanisches Pferd "zeus2" auf meinem Computer



Der Scan kann irgendwie nicht vollständig durchgefüht werden:

gmer_2.1.19163.exe funktioniert nicht mehr
Das Programm wurde aufgrund eines Problems nicht richtig ausgeführt. Das Programm wird geschlossen und Sie werden benachrichtigt, wenn eine Lösung verfügbar ist.

Ich hab eigentlich nen Screenshot gemacht, weiß aber nicht, wie ich das Bild hier einfürgen soll.

(Vielen Dank übrigens schon mal für die schnellen Antowrten!!)

Ach und ich weiß nicht, wie ich Microsoft Security Essentials ausstellen kann.

Aaah, sorry, hab deinen beitrag überlesen.. bin dabei

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 04.07.2013 14:24:51 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Hanna\Desktop\Viren
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 1,30 Gb Available Physical Memory | 44,33% Memory free
6,08 Gb Paging File | 4,29 Gb Available in Paging File | 70,48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,08 Gb Total Space | 194,71 Gb Free Space | 67,59% Space Free | Partition Type: NTFS
 
Computer Name: HANNA-PC | User Name: Hanna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Hanna\Desktop\Viren\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe (Adobe Systems, Inc.)
PRC - C:\Users\Hanna\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH)
PRC - C:\Windows\System32\TUProgSt.exe (TuneUp Software)
PRC - C:\Program Files\GamesBar\SearchEngineProtection.exe (Oberon Media )
PRC - C:\Program Files\Netzmanager\netzmanager.exe (Deutsche Telekom AG)
PRC - C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe (Deutsche Telekom AG)
PRC - C:\Program Files\AirPort\APAgent.exe (Apple Inc.)
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe ()
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
MOD - C:\Users\Hanna\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Users\Hanna\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\e3180b4230f052996adb81da3dc64ad0\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\3fb6b9b320c78fa02be3fa8ce26b7559\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\0393b1448497e28ae9bbfed9be19bd3e\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\06bb41fe681650a017fa2c99e197edf0\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\0dd1924dbe8ac43b923a28409d351619\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0a1195c6b5fab213527364c9e8b26ef0\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\fdbb4d76b37aada9010c49a6e09da067\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\1c06ada12457242969cdc35d5af12b01\System.EnterpriseServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6bebfe5b7776c84cb38efdb2a7c9d447\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\415ef2ec8cbd9f3368da6ade10beae26\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\c1498ba4652483d5adddd4c5d3927170\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\29d729043903b7b4b2ea695db220d866\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.ServiceModel.resources\3.0.0.0_de_b77a5c561934e089\System.ServiceModel.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.resources\3.0.0.0_de_b77a5c561934e089\System.Runtime.Serialization.resources.dll ()
MOD - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (TuneUp.ProgramStatisticsSvc) -- C:\Windows\System32\TUProgSt.exe (TuneUp Software)
SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software)
SRV - (Netzmanager Service) -- C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe (Deutsche Telekom AG)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (ETService) -- C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (zpnnlqgu) -- C:\Windows\system32\drivers\zpnnlqgu.sys File not found
DRV - (zhhohjdn) -- C:\Windows\system32\drivers\zhhohjdn.sys File not found
DRV - (ycqhnloq) -- C:\Windows\system32\drivers\ycqhnloq.sys File not found
DRV - (xvysrriv) -- C:\Windows\system32\drivers\xvysrriv.sys File not found
DRV - (wpmqlqgd) -- C:\Windows\system32\drivers\wpmqlqgd.sys File not found
DRV - (wpddpvvm) -- C:\Windows\system32\drivers\wpddpvvm.sys File not found
DRV - (wikoztsj) -- C:\Windows\system32\drivers\wikoztsj.sys File not found
DRV - (whqdilhl) -- C:\Windows\system32\drivers\whqdilhl.sys File not found
DRV - (wgriqhda) -- C:\Windows\system32\drivers\wgriqhda.sys File not found
DRV - (wduvamgn) -- C:\Windows\system32\drivers\wduvamgn.sys File not found
DRV - (vlqoefga) -- C:\Windows\system32\drivers\vlqoefga.sys File not found
DRV - (vildfska) -- C:\Windows\system32\drivers\vildfska.sys File not found
DRV - (vhmlfgnv) -- C:\Windows\system32\drivers\vhmlfgnv.sys File not found
DRV - (vewtcbpb) -- C:\Windows\system32\drivers\vewtcbpb.sys File not found
DRV - (ujaqhsqy) -- C:\Windows\system32\drivers\ujaqhsqy.sys File not found
DRV - (ugloipog) -- C:\Users\Hanna\AppData\Local\Temp\ugloipog.sys File not found
DRV - (uepbqtfa) -- C:\Windows\system32\drivers\uepbqtfa.sys File not found
DRV - (szfeofbd) -- C:\Windows\system32\drivers\szfeofbd.sys File not found
DRV - (sukifpdx) -- C:\Windows\system32\drivers\sukifpdx.sys File not found
DRV - (smdnbrfu) -- C:\Windows\system32\drivers\smdnbrfu.sys File not found
DRV - (sejafszk) -- C:\Windows\system32\drivers\sejafszk.sys File not found
DRV - (sdyslqfg) -- C:\Windows\system32\drivers\sdyslqfg.sys File not found
DRV - (saeacjqj) -- C:\Windows\system32\drivers\saeacjqj.sys File not found
DRV - (rulvxbun) -- C:\Windows\system32\drivers\rulvxbun.sys File not found
DRV - (rpxapolq) -- C:\Windows\system32\drivers\rpxapolq.sys File not found
DRV - (rhkplgwu) -- C:\Windows\system32\drivers\rhkplgwu.sys File not found
DRV - (rgxkmttj) -- C:\Windows\system32\drivers\rgxkmttj.sys File not found
DRV - (qstzxuhm) -- C:\Windows\system32\drivers\qstzxuhm.sys File not found
DRV - (qpqgvjav) -- C:\Windows\system32\drivers\qpqgvjav.sys File not found
DRV - (qkvropkb) -- C:\Windows\system32\drivers\qkvropkb.sys File not found
DRV - (qikqudhb) -- C:\Windows\system32\drivers\qikqudhb.sys File not found
DRV - (qhqacqdw) -- C:\Windows\system32\drivers\qhqacqdw.sys File not found
DRV - (qaguxzum) -- C:\Windows\system32\drivers\qaguxzum.sys File not found
DRV - (pyofpkri) -- C:\Windows\system32\drivers\pyofpkri.sys File not found
DRV - (pqjnmqma) -- C:\Windows\system32\drivers\pqjnmqma.sys File not found
DRV - (pcbiiwiv) -- C:\Windows\system32\drivers\pcbiiwiv.sys File not found
DRV - (oqvnraux) -- C:\Windows\system32\drivers\oqvnraux.sys File not found
DRV - (ookslhnv) -- C:\Windows\system32\drivers\ookslhnv.sys File not found
DRV - (ojutlavf) -- C:\Windows\system32\drivers\ojutlavf.sys File not found
DRV - (nzmbgvme) -- C:\Windows\system32\drivers\nzmbgvme.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (nmakobim) -- C:\Windows\system32\drivers\nmakobim.sys File not found
DRV - (mpelvrzl) -- C:\Windows\system32\drivers\mpelvrzl.sys File not found
DRV - (mfjmcbdz) -- C:\Windows\system32\drivers\mfjmcbdz.sys File not found
DRV - (lqybegeo) -- C:\Windows\system32\drivers\lqybegeo.sys File not found
DRV - (lpptswil) -- C:\Windows\system32\drivers\lpptswil.sys File not found
DRV - (loctzsie) -- C:\Windows\system32\drivers\loctzsie.sys File not found
DRV - (lksnseyp) -- C:\Windows\system32\drivers\lksnseyp.sys File not found
DRV - (lguaqttw) -- C:\Windows\system32\drivers\lguaqttw.sys File not found
DRV - (lfssgnvy) -- C:\Windows\system32\drivers\lfssgnvy.sys File not found
DRV - (kquxfouq) -- C:\Windows\system32\drivers\kquxfouq.sys File not found
DRV - (klrntvnk) -- C:\Windows\system32\drivers\klrntvnk.sys File not found
DRV - (jyftkbgr) -- C:\Windows\system32\drivers\jyftkbgr.sys File not found
DRV - (jnbosovs) -- C:\Windows\system32\drivers\jnbosovs.sys File not found
DRV - (jmzsylmz) -- C:\Windows\system32\drivers\jmzsylmz.sys File not found
DRV - (iugnudez) -- C:\Windows\system32\drivers\iugnudez.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (hwdatacard) -- system32\DRIVERS\ewusbmdm.sys File not found
DRV - (huotufyo) -- C:\Windows\system32\drivers\huotufyo.sys File not found
DRV - (hmzcnucm) -- C:\Windows\system32\drivers\hmzcnucm.sys File not found
DRV - (hmhwazky) -- C:\Windows\system32\drivers\hmhwazky.sys File not found
DRV - (gvcruzyt) -- C:\Windows\system32\drivers\gvcruzyt.sys File not found
DRV - (gqtapwpm) -- C:\Windows\system32\drivers\gqtapwpm.sys File not found
DRV - (gnuwogzg) -- C:\Windows\system32\drivers\gnuwogzg.sys File not found
DRV - (gnkropup) -- C:\Windows\system32\drivers\gnkropup.sys File not found
DRV - (gksmkjpj) -- C:\Windows\system32\drivers\gksmkjpj.sys File not found
DRV - (ggxxvjrb) -- C:\Windows\system32\drivers\ggxxvjrb.sys File not found
DRV - (fpugudpo) -- C:\Windows\system32\drivers\fpugudpo.sys File not found
DRV - (ekmlgvdv) -- C:\Windows\system32\drivers\ekmlgvdv.sys File not found
DRV - (egxmgzqs) -- C:\Windows\system32\drivers\egxmgzqs.sys File not found
DRV - (ebfgapfz) -- C:\Windows\system32\drivers\ebfgapfz.sys File not found
DRV - (dvinguwj) -- C:\Windows\system32\drivers\dvinguwj.sys File not found
DRV - (DritekPortIO) -- C:\PROGRA~1\LAUNCH~1\DPortIO.sys File not found
DRV - (dpjqrnkw) -- C:\Windows\system32\drivers\dpjqrnkw.sys File not found
DRV - (dhomzlpo) -- C:\Windows\system32\drivers\dhomzlpo.sys File not found
DRV - (dgkupvxr) -- C:\Windows\system32\drivers\dgkupvxr.sys File not found
DRV - (cxtarluf) -- C:\Windows\system32\drivers\cxtarluf.sys File not found
DRV - (cuybmpcq) -- C:\Windows\system32\drivers\cuybmpcq.sys File not found
DRV - (cdvczbkm) -- C:\Windows\system32\drivers\cdvczbkm.sys File not found
DRV - (cbjmreek) -- C:\Windows\system32\drivers\cbjmreek.sys File not found
DRV - (brqnibiq) -- C:\Windows\system32\drivers\brqnibiq.sys File not found
DRV - (bkgrynvj) -- C:\Windows\system32\drivers\bkgrynvj.sys File not found
DRV - (bhckyxba) -- C:\Windows\system32\drivers\bhckyxba.sys File not found
DRV - (azimzwac) -- C:\Windows\system32\drivers\azimzwac.sys File not found
DRV - (assfgepf) -- C:\Windows\system32\drivers\assfgepf.sys File not found
DRV - (asrwumcr) -- C:\Windows\system32\drivers\asrwumcr.sys File not found
DRV - (ashqevxg) -- C:\Windows\system32\drivers\ashqevxg.sys File not found
DRV - (aqkhnymt) -- C:\Windows\system32\drivers\aqkhnymt.sys File not found
DRV - (amdcsfmn) -- C:\Windows\system32\drivers\amdcsfmn.sys File not found
DRV - (afwmrqtc) -- C:\Windows\system32\drivers\afwmrqtc.sys File not found
DRV - (MpKsl9937d51c) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9DD092A5-6812-4506-9248-127974941C9B}\MpKsl9937d51c.sys (Microsoft Corporation)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek                                            )
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vp32&d=0209&m=e720
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vp32&d=0209&m=e720
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-914363350-1928270848-4035351899-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vp32&d=0209&m=e720
IE - HKU\S-1-5-21-914363350-1928270848-4035351899-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-914363350-1928270848-4035351899-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2431245
IE - HKU\S-1-5-21-914363350-1928270848-4035351899-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-914363350-1928270848-4035351899-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - No CLSID value found
IE - HKU\S-1-5-21-914363350-1928270848-4035351899-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKU\S-1-5-21-914363350-1928270848-4035351899-1000\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-914363350-1928270848-4035351899-1000\..\SearchScopes,DefaultScope = {BB17F21B-B06E-41FE-A424-F1E51D59C2C0}
IE - HKU\S-1-5-21-914363350-1928270848-4035351899-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=DVSV5&o=15012&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=U9&apn_dtid=YYY-YYYB3&apn_uid=64054D15-A545-4E54-9860-13A8BAB636E6&apn_sauid=FC6D164B-2096-413C-AECF-CA85761E4C58
IE - HKU\S-1-5-21-914363350-1928270848-4035351899-1000\..\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}: "URL" = hxxp://start.iplay.com/searchresults.aspx?o=chrome&q={searchTerms}
IE - HKU\S-1-5-21-914363350-1928270848-4035351899-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKU\S-1-5-21-914363350-1928270848-4035351899-1000\..\SearchScopes\{BB17F21B-B06E-41FE-A424-F1E51D59C2C0}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACEW_de
IE - HKU\S-1-5-21-914363350-1928270848-4035351899-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-914363350-1928270848-4035351899-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Elf 1.15 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2866295&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/webhp?rls=ig"
FF - prefs.js..extensions.enabledAddons: firefox%40ghostery.com:2.8.3
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.100008
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.6.0.10
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.6.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.0.19
FF - prefs.js..extensions.enabledItems: {f4e6547e-325b-403c-a3bb-ad29ed37a92f}:3.6.0.10
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e}:3.6.0.10
FF - prefs.js..extensions.enabledItems: gamesbar@oberon-media.com:1.2.1.94
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\program files\Mozilla Firefox\components [2013.02.22 12:08:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\program files\Mozilla Firefox\plugins [2013.05.15 15:26:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.06.27 09:56:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\Hanna\AppData\Roaming\14001.019 [2012.08.30 22:22:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.06.27 09:56:04 | 000,000,000 | ---D | M]
 
[2009.11.22 00:10:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hanna\AppData\Roaming\mozilla\Extensions
[2012.11.24 23:28:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hanna\AppData\Roaming\mozilla\Firefox\Profiles\i9p06hy1.default\extensions
[2011.12.12 20:41:02 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Hanna\AppData\Roaming\mozilla\Firefox\Profiles\i9p06hy1.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(7)
[2012.10.25 20:17:53 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Hanna\AppData\Roaming\mozilla\Firefox\Profiles\i9p06hy1.default\extensions\firefox@ghostery.com
[2012.11.24 23:28:07 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Hanna\AppData\Roaming\mozilla\Firefox\Profiles\i9p06hy1.default\extensions\ich@maltegoetz.de
[2012.08.07 19:22:18 | 000,002,396 | ---- | M] () -- C:\Users\Hanna\AppData\Roaming\mozilla\firefox\profiles\i9p06hy1.default\searchplugins\askcom.xml
[2012.04.30 19:32:54 | 000,000,919 | ---- | M] () -- C:\Users\Hanna\AppData\Roaming\mozilla\firefox\profiles\i9p06hy1.default\searchplugins\conduit.xml
[2009.12.27 22:04:35 | 000,002,321 | ---- | M] () -- C:\Users\Hanna\AppData\Roaming\mozilla\firefox\profiles\i9p06hy1.default\searchplugins\forestle-de.xml
[2013.02.22 12:08:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013.02.16 02:34:54 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2013.02.16 06:15:47 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.02.16 06:15:47 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.02.16 06:15:47 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.02.16 06:15:47 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.01.08 22:32:42 | 000,001,456 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober19111479.xml
[2013.02.16 06:15:47 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.02.16 06:15:47 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com
 
O1 HOSTS File: ([2010.04.30 14:56:08 | 000,001,798 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1				activate.adobe.com
O1 - Hosts: 127.0.0.1				practivate.adobe.com
O1 - Hosts: 127.0.0.1				ereg.adobe.com
O1 - Hosts: 127.0.0.1				activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1				wip3.adobe.com
O1 - Hosts: 127.0.0.1				3dns-3.adobe.com
O1 - Hosts: 127.0.0.1				3dns-2.adobe.com
O1 - Hosts: 127.0.0.1				adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1				adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1				adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1				ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1				activate-sea.adobe.com
O1 - Hosts: 127.0.0.1				wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1				activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1                               adobe.activate.com
O1 - Hosts: 127.0.0.1                               adobeereg.com                        
O1 - Hosts: 127.0.0.1                               www.adobeereg.com                    
O1 - Hosts: 127.0.0.1                               wwis-dubc1-vip60.adobe.com           
O1 - Hosts: 127.0.0.1                               125.252.224.90                       
O1 - Hosts: 127.0.0.1                               125.252.224.91
O1 - Hosts: 127.0.0.1                               hl2rcv.adobe.com
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-914363350-1928270848-4035351899-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-914363350-1928270848-4035351899-1000\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O3 - HKU\S-1-5-21-914363350-1928270848-4035351899-1000\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AirPort Base Station Agent] C:\Program Files\AirPort\APAgent.exe (Apple Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files\EMACHINES\WR_PopUp\WarReg_PopUp.exe (eMachines)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-914363350-1928270848-4035351899-1000..\Run: [{0C6A3A70-0304-0E2A-A1CE-9AA25A0A27EE}] C:\Users\Hanna\AppData\Roaming\Qaifu\soidl.exe (Xeneso Oput)
O4 - HKU\S-1-5-21-914363350-1928270848-4035351899-1000..\Run: [FilterHost] C:\Users\Hanna\AppData\Roaming\mmserver\FilterHost.exe (Synatix GmbH)
O4 - HKU\S-1-5-21-914363350-1928270848-4035351899-1000..\Run: [NvCplDaemonTool] rundll32.exe C:\Users\Hanna\floadu1C.dll,_IWMPEvents File not found
O4 - HKU\S-1-5-21-914363350-1928270848-4035351899-1000..\Run: [SearchEngineProtection] C:\Program Files\GamesBar\SearchEngineProtection.exe (Oberon Media )
O4 - Startup: C:\Users\Hanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Hanna\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Hanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk = C:\Program Files\Netzmanager\netzmanager.exe (Deutsche Telekom AG)
O7 - HKU\S-1-5-21-914363350-1928270848-4035351899-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8 - Extra context menu item: Free YouTube Download - C:\Users\Hanna\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Hanna\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra 'Tools' menuitem : GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - Reg Error: Value error. File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5DE2AF7-7FDA-4FA8-87BF-290CD98962D2}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5DE2AF7-7FDA-4FA8-87BF-290CD98962D2}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DAE15BB4-E5D7-4D17-BBE1-F64F678EB3B0}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Hanna\Pictures\Bild 023.jpg
O24 - Desktop BackupWallPaper: C:\Users\Hanna\Pictures\Bild 023.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{02444e18-13e9-11de-ade5-00235a531a7b}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{0f762ed8-05f2-11df-a6f6-00235a531a7b}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{14de9494-d939-11de-871a-00235a531a7b}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{196c663e-65c1-11df-a402-00235a531a7b}\Shell - "" = AutoRun
O33 - MountPoints2\{196c663e-65c1-11df-a402-00235a531a7b}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{196c6651-65c1-11df-a402-00235a531a7b}\Shell - "" = AutoRun
O33 - MountPoints2\{196c6651-65c1-11df-a402-00235a531a7b}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{1fdae04a-dc25-11de-8c6e-00235a531a7b}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{898d2c65-c95f-11de-8bb1-00235a531a7b}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{97fe7507-78a6-11df-b555-00235a531a7b}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{db31fb8c-f3c8-11de-abe5-00235a531a7b}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{db74c945-1183-11df-9e01-00235a531a7b}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{db74c97f-1183-11df-9e01-00235a531a7b}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.07.04 13:58:03 | 000,000,000 | ---D | C] -- C:\Users\Hanna\Desktop\Viren
[2013.06.27 09:56:03 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2013.06.25 16:31:19 | 000,000,000 | ---D | C] -- C:\Users\Hanna\Desktop\Irland England
[2013.06.18 16:00:11 | 000,000,000 | ---D | C] -- C:\Users\Hanna\Desktop\Kindergeld
[2 C:\Users\Hanna\AppData\Roaming\*.tmp files -> C:\Users\Hanna\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.07.04 14:25:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.07.04 14:24:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.07.04 14:06:17 | 000,164,365 | ---- | M] () -- C:\Users\Hanna\Desktop\Unbenannt.jpg
[2013.07.04 13:35:13 | 000,000,000 | ---- | M] () -- C:\Users\Hanna\defogger_reenable
[2013.07.04 12:52:15 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2013.07.04 12:52:13 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2013.07.04 12:52:11 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.07.04 12:52:02 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.04 12:52:02 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.04 12:51:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.07.03 02:57:54 | 000,002,693 | ---- | M] () -- C:\Users\Hanna\.recently-used.xbel
[2013.07.02 09:23:56 | 000,163,528 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.07.02 09:23:56 | 000,065,938 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.07.02 09:23:56 | 000,017,656 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.07.02 09:23:56 | 000,009,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.06.26 13:20:19 | 000,000,983 | ---- | M] () -- C:\Users\Hanna\Desktop\Dropbox.lnk
[2013.06.25 11:50:01 | 000,175,949 | ---- | M] () -- C:\Users\Hanna\Desktop\Flyer C.A. Krankenpflege_2012.pdf
[2013.06.15 16:08:22 | 000,225,254 | ---- | M] () -- C:\Users\Hanna\Desktop\IRISH DANCE FERIENPLAN.pdf
[2013.06.12 13:25:00 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.06.12 13:25:00 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.06.12 10:22:27 | 000,001,224 | ---- | M] () -- C:\Windows\WININIT.INI
[2013.06.12 10:22:27 | 000,000,993 | ---- | M] () -- C:\Users\Hanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2 C:\Users\Hanna\AppData\Roaming\*.tmp files -> C:\Users\Hanna\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.07.04 14:06:17 | 000,164,365 | ---- | C] () -- C:\Users\Hanna\Desktop\Unbenannt.jpg
[2013.07.04 13:35:13 | 000,000,000 | ---- | C] () -- C:\Users\Hanna\defogger_reenable
[2013.07.03 02:57:54 | 000,002,693 | ---- | C] () -- C:\Users\Hanna\.recently-used.xbel
[2013.06.26 13:20:19 | 000,000,983 | ---- | C] () -- C:\Users\Hanna\Desktop\Dropbox.lnk
[2013.06.25 11:50:00 | 000,175,949 | ---- | C] () -- C:\Users\Hanna\Desktop\Flyer C.A. Krankenpflege_2012.pdf
[2013.06.15 16:08:20 | 000,225,254 | ---- | C] () -- C:\Users\Hanna\Desktop\IRISH DANCE FERIENPLAN.pdf
[2012.09.11 22:57:35 | 000,065,536 | ---- | C] () -- C:\Users\Hanna\AppData\Roaming\i9p06hy1.default.dat
[2012.08.04 11:58:40 | 000,000,069 | ---- | C] () -- C:\Users\Hanna\AppData\Roaming\urhtps.dat
[2012.07.27 16:33:24 | 000,000,034 | ---- | C] () -- C:\Users\Hanna\AppData\Roaming\blckdom.res
[2012.07.26 13:20:41 | 004,503,728 | ---- | C] () -- C:\ProgramData\0tbpw.pad
[2011.07.21 14:06:50 | 000,015,364 | -H-- | C] () -- C:\Users\Hanna\.DS_Store
[2010.09.21 11:19:45 | 000,000,680 | ---- | C] () -- C:\Users\Hanna\AppData\Local\d3d9caps.dat
[2009.11.21 23:52:17 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.07.12 13:14:01 | 000,024,206 | ---- | C] () -- C:\Users\Hanna\AppData\Roaming\UserTile.png
[2009.03.27 16:39:30 | 000,005,115 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2009.03.20 16:58:24 | 000,071,680 | ---- | C] () -- C:\Users\Hanna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.03.18 20:46:11 | 000,000,326 | ---- | C] () -- C:\Users\Hanna\AppData\Roaming\wklnhst.dat
[2001.01.04 01:01:22 | 000,101,820 | ---- | C] () -- C:\Users\Hanna\CHILLER.TTF
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 17:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.03.03 06:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.01.21 04:24:03 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.07.27 16:34:05 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\14001.004
[2012.07.27 21:38:55 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\14001.005
[2012.07.28 21:28:36 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\14001.006
[2012.08.03 21:21:18 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\14001.008
[2012.08.06 17:43:35 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\14001.009
[2012.08.07 13:03:17 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\14001.010
[2012.08.08 14:19:51 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\14001.011
[2012.08.09 21:56:51 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\14001.012
[2012.08.18 23:30:43 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\14001.016
[2012.08.23 23:27:03 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\14001.017
[2012.08.27 12:33:26 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\14001.018
[2012.08.30 22:22:44 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\14001.019
[2009.05.16 13:32:54 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\Big Fish Games
[2010.08.21 15:47:06 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\CocoonSoftware
[2010.03.31 12:57:53 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\Degener
[2013.07.04 12:54:40 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\Dropbox
[2011.01.08 00:20:09 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.03.31 12:58:03 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\Ebner
[2013.07.03 02:57:54 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\gtk-2.0
[2011.11.20 14:10:02 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\Gutscheinmieze
[2009.03.23 16:30:47 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\InterVideo
[2012.10.31 16:40:36 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\Ipam
[2012.07.27 16:33:03 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\kock
[2010.07.17 11:09:28 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\MioNetApplet
[2010.01.27 08:37:14 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\mmserver
[2013.07.03 02:39:44 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\Nausal
[2011.01.08 22:32:54 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\Oberon Media
[2010.06.04 20:51:25 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\Philipp Winterberg
[2011.08.06 15:39:49 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\Qaifu
[2010.08.20 16:30:47 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\SumatraPDF
[2009.05.16 12:39:42 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\Template
[2012.07.05 13:37:39 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\Thunderbird
[2010.09.07 21:06:31 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\TuneUp Software
[2012.08.24 19:45:02 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\UAs
[2013.02.19 13:36:42 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\xmldm
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 60 bytes -> C:\Users\Hanna\Desktop\.TEMP_com.apple.iWork.Pages_147_336291406_2:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\Users\Hanna\Desktop\.DS_Store:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\Users\Hanna\.DS_Store:AFP_AfpInfo
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:A696643D
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:9F683177
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:CF5C4195
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:861A898F
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:4F636E25
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:4D066AD2
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:8AB6C1D7
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:E36F5B57
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:9B52F176
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:798A3728
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:C46995DA
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:4BB26BE9
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:9E22BBE8
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:3E7393FC

< End of report >
         
--- --- ---

Okay, wenn ich auf Fix klicke, muss ich irgendwas auswählen..

Oh man, ich sollte mich mehr konzentrieren...

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{0C6A3A70-0304-0E2A-A1CE-9AA25A0A27EE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0C6A3A70-0304-0E2A-A1CE-9AA25A0A27EE}\ not found.
C:\Users\Hanna\AppData\Roaming\Qaifu\soidl.exe moved successfully.
========== FILES ==========
C:\Users\Hanna\AppData\Roaming\Qaifu folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Gast
->Temp folder emptied: 3434173 bytes
->Temporary Internet Files folder emptied: 35274799 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 1348 bytes

User: Hanna
->Temp folder emptied: 1947390 bytes
->Temporary Internet Files folder emptied: 712425173 bytes
->Java cache emptied: 1183984 bytes
->FireFox cache emptied: 54276236 bytes
->Google Chrome cache emptied: 6208909 bytes
->Flash cache emptied: 82948 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4908913 bytes
RecycleBin emptied: 108140436 bytes

Total Files Cleaned = 885,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 07042013_144755

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


Alt 04.07.2013, 13:56   #6
markusg
/// Malware-holic
 
Trojanisches Pferd "zeus2" auf meinem Computer - Standard

Trojanisches Pferd "zeus2" auf meinem Computer



wo steht was von gmer? mach bitte das, was da steht
__________________
--> Trojanisches Pferd "zeus2" auf meinem Computer

Alt 04.07.2013, 13:57   #7
Connemara
 
Trojanisches Pferd "zeus2" auf meinem Computer - Standard

Trojanisches Pferd "zeus2" auf meinem Computer



Der Upload wurde erfolgreich abgeschlossen!

Alt 04.07.2013, 13:58   #8
markusg
/// Malware-holic
 
Trojanisches Pferd "zeus2" auf meinem Computer - Standard

Trojanisches Pferd "zeus2" auf meinem Computer



ok, warum ist in der hosts datei adobe geblockt, und gleichzeitig bezahlsoftware dieser Firma instaliert? geblockt ist unteranderem die aktivierung.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 04.07.2013, 14:03   #9
Connemara
 
Trojanisches Pferd "zeus2" auf meinem Computer - Standard

Trojanisches Pferd "zeus2" auf meinem Computer



Hab ich schon mal versucht:

Zitat:
Der Scan kann irgendwie nicht vollständig durchgefüht werden:

gmer_2.1.19163.exe funktioniert nicht mehr
Das Programm wurde aufgrund eines Problems nicht richtig ausgeführt. Das Programm wird geschlossen und Sie werden benachrichtigt, wenn eine Lösung verfügbar ist.

Ich hab eigentlich nen Screenshot gemacht, weiß aber nicht, wie ich das Bild hier einfürgen soll.

Ach und ich weiß nicht, wie ich Microsoft Security Essentials ausstellen kann.

Alt 04.07.2013, 14:06   #10
markusg
/// Malware-holic
 
Trojanisches Pferd "zeus2" auf meinem Computer - Standard

Trojanisches Pferd "zeus2" auf meinem Computer



wer redet denn von gmer, mach das, was hier steht bzw beantworte meine Frage
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 04.07.2013, 14:07   #11
Connemara
 
Trojanisches Pferd "zeus2" auf meinem Computer - Standard

Trojanisches Pferd "zeus2" auf meinem Computer



Zitat:
Zitat von markusg Beitrag anzeigen
ok, warum ist in der hosts datei adobe geblockt, und gleichzeitig bezahlsoftware dieser Firma instaliert? geblockt ist unteranderem die aktivierung.
tut mir leid. ich habe keine ahnung, was das bedeutet...

Alt 04.07.2013, 14:32   #12
markusg
/// Malware-holic
 
Trojanisches Pferd "zeus2" auf meinem Computer - Standard

Trojanisches Pferd "zeus2" auf meinem Computer



hi,
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 04.07.2013, 14:39   #13
Connemara
 
Trojanisches Pferd "zeus2" auf meinem Computer - Standard

Trojanisches Pferd "zeus2" auf meinem Computer



15:36:49.0827 1008 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:36:50.0295 1008 ============================================================
15:36:50.0295 1008 Current date / time: 2013/07/04 15:36:50.0295
15:36:50.0295 1008 SystemInfo:
15:36:50.0295 1008
15:36:50.0295 1008 OS Version: 6.0.6001 ServicePack: 1.0
15:36:50.0295 1008 Product type: Workstation
15:36:50.0295 1008 ComputerName: HANNA-PC
15:36:50.0295 1008 UserName: Hanna
15:36:50.0295 1008 Windows directory: C:\Windows
15:36:50.0295 1008 System windows directory: C:\Windows
15:36:50.0295 1008 Processor architecture: Intel x86
15:36:50.0295 1008 Number of processors: 2
15:36:50.0295 1008 Page size: 0x1000
15:36:50.0295 1008 Boot type: Normal boot
15:36:50.0295 1008 ============================================================
15:36:53.0305 1008 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:36:53.0321 1008 ============================================================
15:36:53.0321 1008 \Device\Harddisk0\DR0:
15:36:53.0321 1008 MBR partitions:
15:36:53.0321 1008 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1402800, BlocksNum 0x2402B800
15:36:53.0321 1008 ============================================================
15:36:53.0321 1008 C: <-> \Device\Harddisk0\DR0\Partition1
15:36:53.0321 1008 ============================================================
15:36:53.0321 1008 Initialize success
15:36:53.0321 1008 ============================================================
15:36:58.0235 2984 ============================================================
15:36:58.0235 2984 Scan started
15:36:58.0235 2984 Mode: Manual;
15:36:58.0235 2984 ============================================================
15:36:58.0797 2984 ================ Scan system memory ========================
15:36:58.0797 2984 System memory - ok
15:36:58.0797 2984 ================ Scan services =============================
15:36:59.0015 2984 [ FCB8C7210F0135E24C6580F7F649C73C ] ACPI C:\Windows\system32\drivers\acpi.sys
15:36:59.0015 2984 ACPI - ok
15:36:59.0140 2984 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
15:36:59.0140 2984 AdobeARMservice - ok
15:36:59.0187 2984 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:36:59.0187 2984 AdobeFlashPlayerUpdateSvc - ok
15:36:59.0374 2984 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
15:36:59.0421 2984 adp94xx - ok
15:36:59.0467 2984 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
15:36:59.0483 2984 adpahci - ok
15:36:59.0530 2984 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
15:36:59.0530 2984 adpu160m - ok
15:36:59.0561 2984 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
15:36:59.0577 2984 adpu320 - ok
15:36:59.0623 2984 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:36:59.0623 2984 AeLookupSvc - ok
15:36:59.0670 2984 [ 48EB99503533C27AC6135648E5474457 ] AFD C:\Windows\system32\drivers\afd.sys
15:36:59.0670 2984 AFD - ok
15:36:59.0701 2984 afwmrqtc - ok
15:36:59.0764 2984 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
15:36:59.0779 2984 agp440 - ok
15:36:59.0795 2984 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
15:36:59.0811 2984 aic78xx - ok
15:36:59.0826 2984 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
15:36:59.0826 2984 ALG - ok
15:36:59.0857 2984 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
15:36:59.0857 2984 aliide - ok
15:36:59.0904 2984 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
15:36:59.0904 2984 amdagp - ok
15:36:59.0920 2984 amdcsfmn - ok
15:36:59.0935 2984 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
15:36:59.0935 2984 amdide - ok
15:36:59.0967 2984 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
15:36:59.0967 2984 AmdK7 - ok
15:36:59.0998 2984 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
15:36:59.0998 2984 AmdK8 - ok
15:37:00.0060 2984 [ 0ED1A5B7A8AE5939A92EA1EC39E16D21 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
15:37:00.0060 2984 ApfiltrService - ok
15:37:00.0107 2984 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
15:37:00.0107 2984 Appinfo - ok
15:37:00.0123 2984 aqkhnymt - ok
15:37:00.0185 2984 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
15:37:00.0185 2984 arc - ok
15:37:00.0216 2984 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
15:37:00.0216 2984 arcsas - ok
15:37:00.0216 2984 ashqevxg - ok
15:37:00.0247 2984 asrwumcr - ok
15:37:00.0263 2984 assfgepf - ok
15:37:00.0294 2984 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:37:00.0294 2984 AsyncMac - ok
15:37:00.0325 2984 [ 2D9C903DC76A66813D350A562DE40ED9 ] atapi C:\Windows\system32\drivers\atapi.sys
15:37:00.0325 2984 atapi - ok
15:37:00.0388 2984 [ 42076E29AAFA0830A2C5D4E310F58DD1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:37:00.0388 2984 AudioEndpointBuilder - ok
15:37:00.0403 2984 [ 42076E29AAFA0830A2C5D4E310F58DD1 ] Audiosrv C:\Windows\System32\Audiosrv.dll
15:37:00.0403 2984 Audiosrv - ok
15:37:00.0419 2984 azimzwac - ok
15:37:00.0497 2984 [ E22ABCAA7B6FF580FEB0D49545DC4263 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys
15:37:00.0513 2984 BCM43XX - ok
15:37:00.0544 2984 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
15:37:00.0544 2984 Beep - ok
15:37:00.0591 2984 [ D3E6D78285529962349A7F1617035938 ] BFE C:\Windows\System32\bfe.dll
15:37:00.0591 2984 BFE - ok
15:37:00.0606 2984 bhckyxba - ok
15:37:00.0669 2984 [ 02ED7B4DBC2A3232A389106DA7515C3D ] BITS C:\Windows\System32\qmgr.dll
15:37:00.0684 2984 BITS - ok
15:37:00.0700 2984 bkgrynvj - ok
15:37:00.0731 2984 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
15:37:00.0731 2984 blbdrive - ok
15:37:00.0825 2984 [ F2060A34C8A75BC24A9222EB4F8C07BD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:37:00.0840 2984 Bonjour Service - ok
15:37:00.0887 2984 [ 8153396D5551276227FA146900F734E6 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:37:00.0887 2984 bowser - ok
15:37:00.0949 2984 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
15:37:00.0949 2984 BrFiltLo - ok
15:37:00.0965 2984 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
15:37:00.0965 2984 BrFiltUp - ok
15:37:01.0012 2984 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
15:37:01.0012 2984 Browser - ok
15:37:01.0012 2984 brqnibiq - ok
15:37:01.0043 2984 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
15:37:01.0043 2984 Brserid - ok
15:37:01.0074 2984 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
15:37:01.0090 2984 BrSerWdm - ok
15:37:01.0105 2984 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
15:37:01.0105 2984 BrUsbMdm - ok
15:37:01.0121 2984 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
15:37:01.0137 2984 BrUsbSer - ok
15:37:01.0168 2984 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
15:37:01.0168 2984 BTHMODEM - ok
15:37:01.0261 2984 [ 09E6AFFAE6C0E9158BF05C7D08D0107A ] BUNAgentSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
15:37:01.0261 2984 BUNAgentSvc - ok
15:37:01.0261 2984 cbjmreek - ok
15:37:01.0308 2984 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:37:01.0308 2984 cdfs - ok
15:37:01.0324 2984 [ 1EC25CEA0DE6AC4718BF89F9E1778B57 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:37:01.0324 2984 cdrom - ok
15:37:01.0356 2984 cdvczbkm - ok
15:37:01.0372 2984 [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] CertPropSvc C:\Windows\System32\certprop.dll
15:37:01.0387 2984 CertPropSvc - ok
15:37:01.0418 2984 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
15:37:01.0418 2984 circlass - ok
15:37:01.0450 2984 [ 465745561C832B29F7C48B488AAB3842 ] CLFS C:\Windows\system32\CLFS.sys
15:37:01.0450 2984 CLFS - ok
15:37:01.0543 2984 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:37:01.0543 2984 clr_optimization_v2.0.50727_32 - ok
15:37:01.0606 2984 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:37:01.0606 2984 clr_optimization_v4.0.30319_32 - ok
15:37:01.0668 2984 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
15:37:01.0668 2984 CmBatt - ok
15:37:01.0715 2984 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:37:01.0715 2984 cmdide - ok
15:37:01.0746 2984 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
15:37:01.0746 2984 Compbatt - ok
15:37:01.0746 2984 COMSysApp - ok
15:37:01.0762 2984 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
15:37:01.0762 2984 crcdisk - ok
15:37:01.0793 2984 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
15:37:01.0793 2984 Crusoe - ok
15:37:01.0855 2984 [ 6DE363F9F99334514C46AEC02D3E3678 ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:37:01.0855 2984 CryptSvc - ok
15:37:01.0871 2984 cuybmpcq - ok
15:37:01.0886 2984 cxtarluf - ok
15:37:01.0949 2984 [ 301AE00E12408650BADDC04DBC832830 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:37:01.0964 2984 DcomLaunch - ok
15:37:01.0980 2984 [ A3E9FA213F443AC77C7746119D13FEEC ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:37:01.0980 2984 DfsC - ok
15:37:02.0089 2984 [ FA3463F25F9CC9C3BCF1E7912FEFF099 ] DFSR C:\Windows\system32\DFSR.exe
15:37:02.0136 2984 DFSR - ok
15:37:02.0152 2984 dgkupvxr - ok
15:37:02.0198 2984 [ 43A988A9C10333476CB5FB667CBD629D ] Dhcp C:\Windows\System32\dhcpcsvc.dll
15:37:02.0214 2984 Dhcp - ok
15:37:02.0214 2984 dhomzlpo - ok
15:37:02.0261 2984 [ 64109E623ABD6955C8FB110B592E68B7 ] disk C:\Windows\system32\drivers\disk.sys
15:37:02.0261 2984 disk - ok
15:37:02.0308 2984 [ 4805D9A6D281C7A7DEFD9094DEC6AF7D ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:37:02.0308 2984 Dnscache - ok
15:37:02.0323 2984 [ 5AF620A08C614E24206B79E8153CF1A8 ] dot3svc C:\Windows\System32\dot3svc.dll
15:37:02.0339 2984 dot3svc - ok
15:37:02.0354 2984 dpjqrnkw - ok
15:37:02.0401 2984 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
15:37:02.0401 2984 DPS - ok
15:37:02.0417 2984 DritekPortIO - ok
15:37:02.0464 2984 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:37:02.0464 2984 drmkaud - ok
15:37:02.0510 2984 dvinguwj - ok
15:37:02.0573 2984 [ 85F33880B8CFB554BD3D9CCDB486845A ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:37:02.0588 2984 DXGKrnl - ok
15:37:02.0620 2984 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
15:37:02.0620 2984 E1G60 - ok
15:37:02.0666 2984 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
15:37:02.0666 2984 EapHost - ok
15:37:02.0682 2984 ebfgapfz - ok
15:37:02.0744 2984 [ DD2CD259D83D8B72C02C5F2331FF9D68 ] Ecache C:\Windows\system32\drivers\ecache.sys
15:37:02.0744 2984 Ecache - ok
15:37:02.0760 2984 egxmgzqs - ok
15:37:02.0822 2984 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:37:02.0822 2984 ehRecvr - ok
15:37:02.0838 2984 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
15:37:02.0854 2984 ehSched - ok
15:37:02.0869 2984 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
15:37:02.0869 2984 ehstart - ok
15:37:02.0900 2984 ekmlgvdv - ok
15:37:02.0916 2984 Scan interrupted by user!
15:37:02.0916 2984 ================ Scan global ===============================
15:37:02.0916 2984 Scan interrupted by user!
15:37:02.0916 2984 ================ Scan MBR ==================================
15:37:02.0916 2984 Scan interrupted by user!
15:37:02.0916 2984 ================ Scan VBR ==================================
15:37:02.0916 2984 Scan interrupted by user!
15:37:02.0916 2984 ============================================================
15:37:02.0916 2984 Scan finished
15:37:02.0916 2984 ============================================================
15:37:02.0932 2264 Detected object count: 0
15:37:02.0932 2264 Actual detected object count: 0
15:37:12.0650 4548 ============================================================
15:37:12.0650 4548 Scan started
15:37:12.0650 4548 Mode: Manual; SigCheck; TDLFS;
15:37:12.0650 4548 ============================================================
15:37:12.0978 4548 ================ Scan system memory ========================
15:37:12.0978 4548 System memory - ok
15:37:12.0978 4548 ================ Scan services =============================
15:37:13.0150 4548 [ FCB8C7210F0135E24C6580F7F649C73C ] ACPI C:\Windows\system32\drivers\acpi.sys
15:37:13.0352 4548 ACPI - ok
15:37:13.0462 4548 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
15:37:13.0477 4548 AdobeARMservice - ok
15:37:13.0524 4548 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:37:13.0555 4548 AdobeFlashPlayerUpdateSvc - ok
15:37:13.0633 4548 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
15:37:13.0664 4548 adp94xx - ok
15:37:13.0727 4548 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
15:37:13.0742 4548 adpahci - ok
15:37:13.0789 4548 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
15:37:13.0805 4548 adpu160m - ok
15:37:13.0836 4548 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
15:37:13.0852 4548 adpu320 - ok
15:37:13.0898 4548 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:37:13.0930 4548 AeLookupSvc - ok
15:37:13.0976 4548 [ 48EB99503533C27AC6135648E5474457 ] AFD C:\Windows\system32\drivers\afd.sys
15:37:14.0008 4548 AFD - ok
15:37:14.0008 4548 afwmrqtc - ok
15:37:14.0054 4548 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
15:37:14.0070 4548 agp440 - ok
15:37:14.0086 4548 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
15:37:14.0117 4548 aic78xx - ok
15:37:14.0132 4548 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
15:37:14.0195 4548 ALG - ok
15:37:14.0226 4548 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
15:37:14.0242 4548 aliide - ok
15:37:14.0273 4548 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
15:37:14.0288 4548 amdagp - ok
15:37:14.0304 4548 amdcsfmn - ok
15:37:14.0320 4548 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
15:37:14.0335 4548 amdide - ok
15:37:14.0366 4548 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
15:37:14.0413 4548 AmdK7 - ok
15:37:14.0444 4548 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
15:37:14.0491 4548 AmdK8 - ok
15:37:14.0522 4548 [ 0ED1A5B7A8AE5939A92EA1EC39E16D21 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
15:37:14.0600 4548 ApfiltrService - ok
15:37:14.0647 4548 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
15:37:14.0663 4548 Appinfo - ok
15:37:14.0678 4548 aqkhnymt - ok
15:37:14.0710 4548 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
15:37:14.0725 4548 arc - ok
15:37:14.0741 4548 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
15:37:14.0756 4548 arcsas - ok
15:37:14.0772 4548 ashqevxg - ok
15:37:14.0772 4548 asrwumcr - ok
15:37:14.0788 4548 assfgepf - ok
15:37:14.0819 4548 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:37:14.0866 4548 AsyncMac - ok
15:37:14.0881 4548 [ 2D9C903DC76A66813D350A562DE40ED9 ] atapi C:\Windows\system32\drivers\atapi.sys
15:37:14.0897 4548 atapi - ok
15:37:14.0928 4548 [ 42076E29AAFA0830A2C5D4E310F58DD1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:37:14.0990 4548 AudioEndpointBuilder - ok
15:37:15.0006 4548 [ 42076E29AAFA0830A2C5D4E310F58DD1 ] Audiosrv C:\Windows\System32\Audiosrv.dll
15:37:15.0053 4548 Audiosrv - ok
15:37:15.0068 4548 azimzwac - ok
15:37:15.0146 4548 [ E22ABCAA7B6FF580FEB0D49545DC4263 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys
15:37:15.0193 4548 BCM43XX - ok
15:37:15.0256 4548 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
15:37:15.0302 4548 Beep - ok
15:37:15.0349 4548 [ D3E6D78285529962349A7F1617035938 ] BFE C:\Windows\System32\bfe.dll
15:37:15.0396 4548 BFE - ok
15:37:15.0412 4548 bhckyxba - ok
15:37:15.0458 4548 [ 02ED7B4DBC2A3232A389106DA7515C3D ] BITS C:\Windows\System32\qmgr.dll
15:37:15.0646 4548 BITS - ok
15:37:15.0661 4548 bkgrynvj - ok
15:37:15.0692 4548 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
15:37:15.0739 4548 blbdrive - ok
15:37:15.0802 4548 [ F2060A34C8A75BC24A9222EB4F8C07BD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:37:15.0833 4548 Bonjour Service - ok
15:37:15.0848 4548 [ 8153396D5551276227FA146900F734E6 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:37:15.0880 4548 bowser - ok
15:37:15.0958 4548 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
15:37:16.0004 4548 BrFiltLo - ok
15:37:16.0036 4548 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
15:37:16.0067 4548 BrFiltUp - ok
15:37:16.0098 4548 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
15:37:16.0160 4548 Browser - ok
15:37:16.0160 4548 brqnibiq - ok
15:37:16.0207 4548 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
15:37:16.0270 4548 Brserid - ok
15:37:16.0301 4548 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
15:37:16.0394 4548 BrSerWdm - ok
15:37:16.0457 4548 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
15:37:16.0535 4548 BrUsbMdm - ok
15:37:16.0566 4548 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
15:37:16.0644 4548 BrUsbSer - ok
15:37:16.0675 4548 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
15:37:16.0816 4548 BTHMODEM - ok
15:37:16.0894 4548 [ 09E6AFFAE6C0E9158BF05C7D08D0107A ] BUNAgentSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
15:37:16.0894 4548 BUNAgentSvc ( UnsignedFile.Multi.Generic ) - warning
15:37:16.0894 4548 BUNAgentSvc - detected UnsignedFile.Multi.Generic (1)
15:37:16.0909 4548 cbjmreek - ok
15:37:16.0925 4548 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:37:16.0972 4548 cdfs - ok
15:37:17.0034 4548 [ 1EC25CEA0DE6AC4718BF89F9E1778B57 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:37:17.0065 4548 cdrom - ok
15:37:17.0081 4548 cdvczbkm - ok
15:37:17.0096 4548 [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] CertPropSvc C:\Windows\System32\certprop.dll
15:37:17.0143 4548 CertPropSvc - ok
15:37:17.0174 4548 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
15:37:17.0237 4548 circlass - ok
15:37:17.0268 4548 [ 465745561C832B29F7C48B488AAB3842 ] CLFS C:\Windows\system32\CLFS.sys
15:37:17.0299 4548 CLFS - ok
15:37:17.0377 4548 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:37:17.0393 4548 clr_optimization_v2.0.50727_32 - ok
15:37:17.0440 4548 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:37:17.0455 4548 clr_optimization_v4.0.30319_32 - ok
15:37:17.0486 4548 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
15:37:17.0533 4548 CmBatt - ok
15:37:17.0564 4548 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:37:17.0580 4548 cmdide - ok
15:37:17.0611 4548 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
15:37:17.0627 4548 Compbatt - ok
15:37:17.0627 4548 COMSysApp - ok
15:37:17.0642 4548 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
15:37:17.0658 4548 crcdisk - ok
15:37:17.0689 4548 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
15:37:17.0736 4548 Crusoe - ok
15:37:17.0783 4548 [ 6DE363F9F99334514C46AEC02D3E3678 ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:37:17.0845 4548 CryptSvc - ok
15:37:17.0845 4548 cuybmpcq - ok
15:37:17.0861 4548 cxtarluf - ok
15:37:17.0939 4548 [ 301AE00E12408650BADDC04DBC832830 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:37:17.0970 4548 DcomLaunch - ok
15:37:18.0001 4548 [ A3E9FA213F443AC77C7746119D13FEEC ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:37:18.0032 4548 DfsC - ok
15:37:18.0110 4548 [ FA3463F25F9CC9C3BCF1E7912FEFF099 ] DFSR C:\Windows\system32\DFSR.exe
15:37:18.0220 4548 DFSR - ok
15:37:18.0235 4548 dgkupvxr - ok
15:37:18.0282 4548 [ 43A988A9C10333476CB5FB667CBD629D ] Dhcp C:\Windows\System32\dhcpcsvc.dll
15:37:18.0329 4548 Dhcp - ok
15:37:18.0329 4548 dhomzlpo - ok
15:37:18.0360 4548 [ 64109E623ABD6955C8FB110B592E68B7 ] disk C:\Windows\system32\drivers\disk.sys
15:37:18.0376 4548 disk - ok
15:37:18.0407 4548 [ 4805D9A6D281C7A7DEFD9094DEC6AF7D ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:37:18.0438 4548 Dnscache - ok
15:37:18.0454 4548 [ 5AF620A08C614E24206B79E8153CF1A8 ] dot3svc C:\Windows\System32\dot3svc.dll
15:37:18.0500 4548 dot3svc - ok
15:37:18.0516 4548 dpjqrnkw - ok
15:37:18.0547 4548 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
15:37:18.0610 4548 DPS - ok
15:37:18.0610 4548 DritekPortIO - ok
15:37:18.0641 4548 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:37:18.0688 4548 drmkaud - ok
15:37:18.0703 4548 dvinguwj - ok
15:37:18.0766 4548 [ 85F33880B8CFB554BD3D9CCDB486845A ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:37:18.0797 4548 DXGKrnl - ok
15:37:18.0844 4548 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
15:37:18.0906 4548 E1G60 - ok
15:37:18.0953 4548 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
15:37:18.0984 4548 EapHost - ok
15:37:19.0000 4548 ebfgapfz - ok
15:37:19.0031 4548 [ DD2CD259D83D8B72C02C5F2331FF9D68 ] Ecache C:\Windows\system32\drivers\ecache.sys
15:37:19.0046 4548 Ecache - ok
15:37:19.0046 4548 egxmgzqs - ok
15:37:19.0124 4548 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:37:19.0140 4548 ehRecvr - ok
15:37:19.0171 4548 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
15:37:19.0187 4548 ehSched - ok
15:37:19.0234 4548 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
15:37:19.0265 4548 ehstart - ok
15:37:19.0280 4548 ekmlgvdv - ok
15:37:19.0312 4548 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
15:37:19.0343 4548 elxstor - ok
15:37:19.0405 4548 [ 70B1A86DF0C8EAD17D2BC332EDAE2C7C ] EMDMgmt C:\Windows\system32\emdmgmt.dll
15:37:19.0436 4548 EMDMgmt - ok
15:37:19.0499 4548 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:37:19.0561 4548 ErrDev - ok
15:37:19.0624 4548 [ 4D06D9A26227AC485305133916888DF1 ] ETService C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
15:37:19.0624 4548 ETService ( UnsignedFile.Multi.Generic ) - warning
15:37:19.0624 4548 ETService - detected UnsignedFile.Multi.Generic (1)
15:37:19.0686 4548 [ 3CB3343D720168B575133A0A20DC2465 ] EventSystem C:\Windows\system32\es.dll
15:37:19.0748 4548 EventSystem - ok
15:37:19.0811 4548 [ 0D858EB20589A34EFB25695ACAA6AA2D ] exfat C:\Windows\system32\drivers\exfat.sys
15:37:19.0858 4548 exfat - ok
15:37:19.0920 4548 [ 3C489390C2E2064563727752AF8EAB9E ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:37:19.0967 4548 fastfat - ok
15:37:19.0998 4548 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
15:37:20.0060 4548 fdc - ok
15:37:20.0107 4548 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
15:37:20.0154 4548 fdPHost - ok
15:37:20.0201 4548 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
15:37:20.0279 4548 FDResPub - ok
15:37:20.0294 4548 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:37:20.0310 4548 FileInfo - ok
15:37:20.0357 4548 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:37:20.0388 4548 Filetrace - ok
15:37:20.0450 4548 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
15:37:20.0482 4548 flpydisk - ok
15:37:20.0513 4548 [ 05EA53AFE985443011E36DAB07343B46 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:37:20.0544 4548 FltMgr - ok
15:37:20.0575 4548 [ C9BE08664611DDAF98E2331E9288B00B ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:37:20.0591 4548 FontCache3.0.0.0 - ok
15:37:20.0591 4548 fpugudpo - ok
15:37:20.0606 4548 [ 65EA8B77B5851854F0C55C43FA51A198 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:37:20.0653 4548 Fs_Rec - ok
15:37:20.0669 4548 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
15:37:20.0700 4548 gagp30kx - ok
15:37:20.0747 4548 [ 5DC17164F66380CBFEFD895C18467773 ] GearAspiWDM C:\Windows\system32\drivers\GEARAspiWDM.sys
15:37:20.0762 4548 GearAspiWDM - ok
15:37:20.0778 4548 ggxxvjrb - ok
15:37:20.0794 4548 gksmkjpj - ok
15:37:20.0809 4548 gnkropup - ok
15:37:20.0825 4548 gnuwogzg - ok
15:37:20.0872 4548 [ D9F1113D9401185245573350712F92FC ] gpsvc C:\Windows\System32\gpsvc.dll
15:37:21.0074 4548 gpsvc - ok
15:37:21.0090 4548 gqtapwpm - ok
15:37:21.0230 4548 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1ca6af498de972d C:\Program Files\Google\Update\GoogleUpdate.exe
15:37:21.0246 4548 gupdate1ca6af498de972d - ok
15:37:21.0293 4548 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
15:37:21.0308 4548 gupdatem - ok
15:37:21.0355 4548 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
15:37:21.0371 4548 gusvc - ok
15:37:21.0386 4548 gvcruzyt - ok
15:37:21.0433 4548 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:37:21.0527 4548 HdAudAddService - ok
15:37:21.0542 4548 [ C87B1EE051C0464491C1A7B03FA0BC99 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
15:37:21.0574 4548 HDAudBus - ok
15:37:21.0605 4548 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
15:37:21.0698 4548 HidBth - ok
15:37:21.0745 4548 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
15:37:21.0823 4548 HidIr - ok
15:37:21.0870 4548 [ 8FA640195279ACE21BEA91396A0054FC ] hidserv C:\Windows\system32\hidserv.dll
15:37:21.0948 4548 hidserv - ok
15:37:21.0995 4548 [ 854CA287AB7FAF949617A788306D967E ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:37:22.0026 4548 HidUsb - ok
15:37:22.0057 4548 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:37:22.0104 4548 hkmsvc - ok
15:37:22.0104 4548 hmhwazky - ok
15:37:22.0120 4548 hmzcnucm - ok
15:37:22.0135 4548 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
15:37:22.0166 4548 HpCISSs - ok
15:37:22.0213 4548 [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS
15:37:22.0260 4548 HSFHWAZL - ok
15:37:22.0322 4548 [ EC36F1D542ED4252390D446BF6D4DFD0 ] HSF_DPV C:\Windows\system32\DRIVERS\VSTDPV3.SYS
15:37:22.0432 4548 HSF_DPV - ok
15:37:22.0478 4548 [ 96E241624C71211A79C84F50A8E71CAB ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:37:22.0510 4548 HTTP - ok
15:37:22.0510 4548 huotufyo - ok
15:37:22.0556 4548 hwdatacard - ok
15:37:22.0588 4548 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
15:37:22.0603 4548 i2omp - ok
15:37:22.0650 4548 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
15:37:22.0681 4548 i8042prt - ok
15:37:22.0728 4548 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
15:37:22.0759 4548 iaStorV - ok
15:37:22.0853 4548 [ 7B630ACAED64FEF0C3E1CF255CB56686 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:37:22.0915 4548 idsvc - ok
15:37:23.0227 4548 [ DCE0B53570703CCE580D066F89EF58CD ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
15:37:23.0648 4548 igfx - ok
15:37:23.0695 4548 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
15:37:23.0711 4548 iirsp - ok
15:37:23.0758 4548 [ 68E8C415E102E5D79FD7E4A765B8CBA4 ] IKEEXT C:\Windows\System32\ikeext.dll
15:37:23.0820 4548 IKEEXT - ok
15:37:23.0882 4548 [ C6E5276C00EBDEB096BB5EF4B797D1B6 ] int15 C:\Windows\system32\drivers\int15.sys
15:37:23.0898 4548 int15 - ok
15:37:23.0992 4548 [ CF2219A2FED4F8F2E0817A2BF1658799 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
15:37:24.0116 4548 IntcAzAudAddService - ok
15:37:24.0179 4548 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
15:37:24.0194 4548 intelide - ok
15:37:24.0241 4548 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:37:24.0304 4548 intelppm - ok
15:37:24.0335 4548 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:37:24.0491 4548 IPBusEnum - ok
15:37:24.0569 4548 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:37:24.0631 4548 IpFilterDriver - ok
15:37:24.0678 4548 [ 6A35D233693EDC29A12742049BC5E37F ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:37:24.0709 4548 iphlpsvc - ok
15:37:24.0725 4548 IpInIp - ok
15:37:24.0740 4548 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
15:37:24.0787 4548 IPMIDRV - ok
15:37:24.0834 4548 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
15:37:24.0881 4548 IPNAT - ok
15:37:24.0912 4548 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:37:24.0959 4548 IRENUM - ok
15:37:24.0990 4548 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:37:25.0006 4548 isapnp - ok
15:37:25.0037 4548 [ F247EEC28317F6C739C16DE420097301 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
15:37:25.0052 4548 iScsiPrt - ok
15:37:25.0084 4548 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
15:37:25.0099 4548 iteatapi - ok
15:37:25.0146 4548 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
15:37:25.0162 4548 iteraid - ok
15:37:25.0177 4548 iugnudez - ok
15:37:25.0271 4548 [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
15:37:25.0286 4548 IviRegMgr - ok
15:37:25.0302 4548 jmzsylmz - ok
15:37:25.0318 4548 jnbosovs - ok
15:37:25.0318 4548 jyftkbgr - ok
15:37:25.0349 4548 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:37:25.0364 4548 kbdclass - ok
15:37:25.0380 4548 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
15:37:25.0442 4548 kbdhid - ok
15:37:25.0489 4548 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] KeyIso C:\Windows\system32\lsass.exe
15:37:25.0520 4548 KeyIso - ok
15:37:25.0520 4548 klrntvnk - ok
15:37:25.0536 4548 kquxfouq - ok
15:37:25.0552 4548 [ 7A0CF7908B6824D6A2A1D313E5AE3DCA ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:37:25.0583 4548 KSecDD - ok
15:37:25.0630 4548 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
15:37:25.0708 4548 KtmRm - ok
15:37:25.0739 4548 [ 1925E63C91CF1610AE41BFD539062079 ] LanmanServer C:\Windows\system32\srvsvc.dll
15:37:25.0801 4548 LanmanServer - ok
15:37:25.0848 4548 [ 2AE2E1628C5D3F1C0A46A67C9FA1DF15 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:37:25.0879 4548 LanmanWorkstation - ok
15:37:25.0895 4548 lfssgnvy - ok
15:37:25.0910 4548 lguaqttw - ok
15:37:25.0988 4548 [ 793FF718477345CD5D232C50BED1E452 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
15:37:26.0020 4548 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
15:37:26.0020 4548 LightScribeService - detected UnsignedFile.Multi.Generic (1)
15:37:26.0035 4548 lksnseyp - ok
15:37:26.0066 4548 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:37:26.0113 4548 lltdio - ok
15:37:26.0144 4548 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:37:26.0222 4548 lltdsvc - ok
15:37:26.0254 4548 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:37:26.0332 4548 lmhosts - ok
15:37:26.0332 4548 loctzsie - ok
15:37:26.0347 4548 lpptswil - ok
15:37:26.0347 4548 lqybegeo - ok
15:37:26.0378 4548 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
15:37:26.0394 4548 LSI_FC - ok
15:37:26.0425 4548 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
15:37:26.0441 4548 LSI_SAS - ok
15:37:26.0472 4548 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
15:37:26.0488 4548 LSI_SCSI - ok
15:37:26.0504 4548 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
15:37:26.0567 4548 luafv - ok
15:37:26.0598 4548 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:37:26.0613 4548 Mcx2Svc - ok
15:37:26.0660 4548 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
15:37:26.0676 4548 megasas - ok
15:37:26.0723 4548 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
15:37:26.0754 4548 MegaSR - ok
15:37:26.0801 4548 mfjmcbdz - ok
15:37:26.0832 4548 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
15:37:26.0894 4548 MMCSS - ok
15:37:26.0925 4548 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
15:37:26.0988 4548 Modem - ok
15:37:27.0035 4548 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:37:27.0081 4548 monitor - ok
15:37:27.0097 4548 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:37:27.0113 4548 mouclass - ok
15:37:27.0128 4548 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:37:27.0206 4548 mouhid - ok
15:37:27.0237 4548 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
15:37:27.0253 4548 MountMgr - ok
15:37:27.0331 4548 [ 5C5E45DDABEFBC9F564F1D5C83258B8F ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
15:37:27.0347 4548 MozillaMaintenance - ok
15:37:27.0362 4548 mpelvrzl - ok
15:37:27.0425 4548 [ CF105EE42E3F71E648CEBB3F666E1CF0 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
15:37:27.0440 4548 MpFilter - ok
15:37:27.0503 4548 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
15:37:27.0518 4548 mpio - ok
15:37:27.0659 4548 [ A69630D039C38018689190234F866D77 ] MpKsl923e2562 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9DD092A5-6812-4506-9248-127974941C9B}\MpKsl923e2562.sys
15:37:27.0674 4548 MpKsl923e2562 - ok
15:37:27.0705 4548 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:37:27.0737 4548 mpsdrv - ok
15:37:27.0783 4548 [ D1639BA315B0D79DEC49A4B0E1FB929B ] MpsSvc C:\Windows\system32\mpssvc.dll
15:37:27.0861 4548 MpsSvc - ok
15:37:27.0893 4548 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
15:37:27.0908 4548 Mraid35x - ok
15:37:27.0939 4548 [ AE3DE84536B6799D2267443CEC8EDBB9 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:37:27.0971 4548 MRxDAV - ok
15:37:28.0002 4548 [ 5734A0F2BE7E495F7D3ED6EFD4B9F5A1 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:37:28.0033 4548 mrxsmb - ok
15:37:28.0064 4548 [ 6B5FA5ADFACAC9DBBE0991F4566D7D55 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:37:28.0080 4548 mrxsmb10 - ok
15:37:28.0111 4548 [ 5C80D8159181C7ABF1B14BA703B01E0B ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:37:28.0127 4548 mrxsmb20 - ok
15:37:28.0142 4548 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
15:37:28.0158 4548 msahci - ok
15:37:28.0205 4548 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:37:28.0220 4548 msdsm - ok
15:37:28.0283 4548 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
15:37:28.0345 4548 MSDTC - ok
15:37:28.0361 4548 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:37:28.0407 4548 Msfs - ok
15:37:28.0470 4548 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:37:28.0485 4548 msisadrv - ok
15:37:28.0517 4548 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:37:28.0579 4548 MSiSCSI - ok
15:37:28.0595 4548 msiserver - ok
15:37:28.0626 4548 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:37:28.0704 4548 MSKSSRV - ok
15:37:28.0782 4548 [ C1F19D2BACBEE9AB64D9AE69E9859AC0 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
15:37:28.0797 4548 MsMpSvc - ok
15:37:28.0829 4548 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:37:28.0875 4548 MSPCLOCK - ok
15:37:28.0907 4548 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:37:28.0953 4548 MSPQM - ok
15:37:28.0969 4548 [ B5614AECB05A9340AA0FB55BF561CC63 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:37:29.0000 4548 MsRPC - ok
15:37:29.0016 4548 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
15:37:29.0031 4548 mssmbios - ok
15:37:29.0047 4548 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:37:29.0094 4548 MSTEE - ok
15:37:29.0109 4548 [ 6DFD1D322DE55B0B7DB7D21B90BEC49C ] Mup C:\Windows\system32\Drivers\mup.sys
15:37:29.0125 4548 Mup - ok
15:37:29.0156 4548 [ C43B25863FBD65B6D2A142AF3AE320CA ] napagent C:\Windows\system32\qagentRT.dll
15:37:29.0203 4548 napagent - ok
15:37:29.0250 4548 [ 3C21CE48FF529BB73DADB98770B54025 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:37:29.0265 4548 NativeWifiP - ok
15:37:29.0312 4548 [ 9BDC71790FA08F0A0B5F10462B1BD0B1 ] NDIS C:\Windows\system32\drivers\ndis.sys
15:37:29.0359 4548 NDIS - ok
15:37:29.0375 4548 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:37:29.0406 4548 NdisTapi - ok
15:37:29.0421 4548 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:37:29.0453 4548 Ndisuio - ok
15:37:29.0484 4548 [ 3D14C3B3496F88890D431E8AA022A411 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:37:29.0515 4548 NdisWan - ok
15:37:29.0531 4548 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:37:29.0562 4548 NDProxy - ok
15:37:29.0577 4548 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:37:29.0624 4548 NetBIOS - ok
15:37:29.0640 4548 [ 7C5FEE5B1C5728507CD96FB4A13E7A02 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
15:37:29.0687 4548 netbt - ok
15:37:29.0702 4548 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] Netlogon C:\Windows\system32\lsass.exe
15:37:29.0733 4548 Netlogon - ok
15:37:29.0765 4548 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
15:37:29.0811 4548 Netman - ok
15:37:29.0843 4548 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
15:37:29.0905 4548 netprofm - ok
15:37:29.0967 4548 [ 0AD5876EF4E9EB77C8F93EB5B2FFF386 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:37:29.0983 4548 NetTcpPortSharing - ok
15:37:30.0061 4548 [ 450D0D2062C54DDA23583A78C0EB63D9 ] Netzmanager Service C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
15:37:30.0061 4548 Netzmanager Service ( UnsignedFile.Multi.Generic ) - warning
15:37:30.0061 4548 Netzmanager Service - detected UnsignedFile.Multi.Generic (1)
15:37:30.0092 4548 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
15:37:30.0108 4548 nfrd960 - ok
15:37:30.0155 4548 [ 832E098BCA8235436FE2D8AE50AC3718 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
15:37:30.0170 4548 NisDrv - ok
15:37:30.0217 4548 [ E570ECA850F30EB740C2E9699DF3D2BD ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
15:37:30.0248 4548 NisSrv - ok
15:37:30.0279 4548 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:37:30.0326 4548 NlaSvc - ok
15:37:30.0342 4548 nmakobim - ok
15:37:30.0357 4548 [ ECB5003F484F9ED6C608D6D6C7886CBB ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:37:30.0404 4548 Npfs - ok
15:37:30.0435 4548 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
15:37:30.0482 4548 nsi - ok
15:37:30.0498 4548 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:37:30.0545 4548 nsiproxy - ok
15:37:30.0607 4548 [ B4EFFE29EB4F15538FD8A9681108492D ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:37:30.0654 4548 Ntfs - ok
15:37:30.0716 4548 [ CB76F68BA0D57C5D25B538981B1C611C ] NTIBackupSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
15:37:30.0716 4548 NTIBackupSvc - ok
15:37:30.0747 4548 [ 2757D2BA59AEE155209E24942AB127C9 ] NTIDrvr C:\Windows\system32\DRIVERS\NTIDrvr.sys
15:37:30.0763 4548 NTIDrvr - ok
15:37:30.0779 4548 [ DF1C10A75DF7E50195FC417F88A33227 ] NTISchedulerSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
15:37:30.0794 4548 NTISchedulerSvc ( UnsignedFile.Multi.Generic ) - warning
15:37:30.0794 4548 NTISchedulerSvc - detected UnsignedFile.Multi.Generic (1)
15:37:30.0825 4548 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
15:37:30.0935 4548 ntrigdigi - ok
15:37:30.0997 4548 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
15:37:31.0059 4548 Null - ok
15:37:31.0091 4548 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:37:31.0122 4548 nvraid - ok
15:37:31.0153 4548 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:37:31.0169 4548 nvstor - ok
15:37:31.0184 4548 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:37:31.0215 4548 nv_agp - ok
15:37:31.0215 4548 NwlnkFlt - ok
15:37:31.0231 4548 NwlnkFwd - ok
15:37:31.0247 4548 nzmbgvme - ok
15:37:31.0325 4548 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:37:31.0356 4548 odserv - ok
15:37:31.0418 4548 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
15:37:31.0496 4548 ohci1394 - ok
15:37:31.0496 4548 ojutlavf - ok
15:37:31.0512 4548 ookslhnv - ok
15:37:31.0527 4548 oqvnraux - ok
15:37:31.0559 4548 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:37:31.0574 4548 ose - ok
15:37:31.0638 4548 [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2pimsvc C:\Windows\system32\p2psvc.dll
15:37:31.0684 4548 p2pimsvc - ok
15:37:31.0716 4548 [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2psvc C:\Windows\system32\p2psvc.dll
15:37:31.0747 4548 p2psvc - ok
15:37:31.0778 4548 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
15:37:31.0856 4548 Parport - ok
15:37:31.0872 4548 [ 3B38467E7C3DAED009DFE359E17F139F ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:37:31.0887 4548 partmgr - ok
15:37:31.0918 4548 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
15:37:31.0996 4548 Parvdm - ok
15:37:32.0043 4548 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
15:37:32.0074 4548 PcaSvc - ok
15:37:32.0074 4548 pcbiiwiv - ok
15:37:32.0106 4548 [ 01B94418DEB235DFF777CC80076354B4 ] pci C:\Windows\system32\drivers\pci.sys
15:37:32.0121 4548 pci - ok
15:37:32.0152 4548 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
15:37:32.0168 4548 pciide - ok
15:37:32.0215 4548 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
15:37:32.0230 4548 pcmcia - ok
15:37:32.0293 4548 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:37:32.0402 4548 PEAUTH - ok
15:37:32.0496 4548 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
15:37:32.0667 4548 pla - ok
15:37:32.0730 4548 [ 78F975CB6D18265BE6F492EDB2D7BC7B ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:37:32.0823 4548 PlugPlay - ok
15:37:32.0870 4548 [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
15:37:32.0932 4548 PNRPAutoReg - ok
15:37:32.0964 4548 [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPsvc C:\Windows\system32\p2psvc.dll
15:37:33.0057 4548 PNRPsvc - ok
15:37:33.0135 4548 [ 47B8F37AA18B74D8C2E1BC1A7A2C8F8A ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:37:33.0166 4548 PolicyAgent - ok
15:37:33.0213 4548 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:37:33.0260 4548 PptpMiniport - ok
15:37:33.0260 4548 pqjnmqma - ok
15:37:33.0307 4548 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
15:37:33.0369 4548 Processor - ok
15:37:33.0400 4548 [ B627E4FC8585E8843C5905D4D3587A90 ] ProfSvc C:\Windows\system32\profsvc.dll
15:37:33.0478 4548 ProfSvc - ok
15:37:33.0510 4548 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:37:33.0525 4548 ProtectedStorage - ok
15:37:33.0556 4548 [ BFEF604508A0ED1EAE2A73E872555FFB ] PSched C:\Windows\system32\DRIVERS\pacer.sys
15:37:33.0572 4548 PSched - ok
15:37:33.0572 4548 pyofpkri - ok
15:37:33.0588 4548 qaguxzum - ok
15:37:33.0603 4548 qhqacqdw - ok
15:37:33.0619 4548 qikqudhb - ok
15:37:33.0619 4548 qkvropkb - ok
15:37:33.0697 4548 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
15:37:33.0806 4548 ql2300 - ok
15:37:33.0900 4548 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
15:37:33.0915 4548 ql40xx - ok
15:37:33.0915 4548 qpqgvjav - ok
15:37:33.0931 4548 qstzxuhm - ok
15:37:33.0978 4548 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
15:37:34.0009 4548 QWAVE - ok
15:37:34.0024 4548 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:37:34.0040 4548 QWAVEdrv - ok
15:37:34.0056 4548 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:37:34.0102 4548 RasAcd - ok
15:37:34.0134 4548 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
15:37:34.0180 4548 RasAuto - ok
15:37:34.0212 4548 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:37:34.0243 4548 Rasl2tp - ok
15:37:34.0290 4548 [ 6E7C284FC5C4EC07AD164D93810385A6 ] RasMan C:\Windows\System32\rasmans.dll
15:37:34.0368 4548 RasMan - ok
15:37:34.0399 4548 [ 3E9D9B048107B40D87B97DF2E48E0744 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:37:34.0446 4548 RasPppoe - ok
15:37:34.0461 4548 [ A7D141684E9500AC928A772ED8E6B671 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:37:34.0586 4548 RasSstp - ok
15:37:34.0602 4548 [ 6E1C5D0457622F9EE35F683110E93D14 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:37:34.0648 4548 rdbss - ok
15:37:34.0680 4548 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:37:34.0711 4548 RDPCDD - ok
15:37:34.0758 4548 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
15:37:34.0804 4548 rdpdr - ok
15:37:34.0820 4548 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:37:34.0867 4548 RDPENCDD - ok
15:37:34.0898 4548 [ E1C18F4097A5ABCEC941DC4B2F99DB7E ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:37:34.0960 4548 RDPWD - ok
15:37:35.0023 4548 [ 001B4278407F4303EFC902A2B16F2453 ] regi C:\Windows\system32\drivers\regi.sys
15:37:35.0038 4548 regi - ok
15:37:35.0070 4548 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:37:35.0116 4548 RemoteAccess - ok
15:37:35.0148 4548 [ CC4E32400F3C7253400CF8F3F3A0B676 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:37:35.0194 4548 RemoteRegistry - ok
15:37:35.0210 4548 rgxkmttj - ok
15:37:35.0226 4548 rhkplgwu - ok
15:37:35.0241 4548 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
15:37:35.0272 4548 RpcLocator - ok
15:37:35.0319 4548 [ 301AE00E12408650BADDC04DBC832830 ] RpcSs C:\Windows\system32\rpcss.dll
15:37:35.0366 4548 RpcSs - ok
15:37:35.0366 4548 rpxapolq - ok
15:37:35.0397 4548 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:37:35.0444 4548 rspndr - ok
15:37:35.0475 4548 [ 2D19A7469EA19993D0C12E627F4530BC ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
15:37:35.0506 4548 RTL8169 - ok
15:37:35.0506 4548 rulvxbun - ok
15:37:35.0522 4548 saeacjqj - ok
15:37:35.0538 4548 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] SamSs C:\Windows\system32\lsass.exe
15:37:35.0553 4548 SamSs - ok
15:37:35.0584 4548 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:37:35.0600 4548 sbp2port - ok
15:37:35.0631 4548 [ 11387E32642269C7E62E8B52C060B3C6 ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:37:35.0709 4548 SCardSvr - ok
15:37:35.0772 4548 [ 7B587B8A6D4A99F79D2902D0385F29BD ] Schedule C:\Windows\system32\schedsvc.dll
15:37:35.0818 4548 Schedule - ok
15:37:35.0850 4548 [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] SCPolicySvc C:\Windows\System32\certprop.dll
15:37:35.0896 4548 SCPolicySvc - ok
15:37:35.0928 4548 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:37:35.0974 4548 SDRSVC - ok
15:37:35.0974 4548 sdyslqfg - ok
15:37:36.0021 4548 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:37:36.0099 4548 secdrv - ok
15:37:36.0115 4548 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
15:37:36.0193 4548 seclogon - ok
15:37:36.0193 4548 sejafszk - ok
15:37:36.0224 4548 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
15:37:36.0286 4548 SENS - ok
15:37:36.0333 4548 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
15:37:36.0411 4548 Serenum - ok
15:37:36.0427 4548 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
15:37:36.0520 4548 Serial - ok
15:37:36.0552 4548 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
15:37:36.0598 4548 sermouse - ok
15:37:36.0645 4548 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
15:37:36.0692 4548 SessionEnv - ok
15:37:36.0723 4548 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:37:36.0754 4548 sffdisk - ok
15:37:36.0770 4548 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:37:36.0832 4548 sffp_mmc - ok
15:37:36.0895 4548 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:37:36.0926 4548 sffp_sd - ok
15:37:36.0942 4548 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
15:37:37.0035 4548 sfloppy - ok
15:37:37.0098 4548 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:37:37.0176 4548 SharedAccess - ok
15:37:37.0207 4548 [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:37:37.0238 4548 ShellHWDetection - ok
15:37:37.0269 4548 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
15:37:37.0285 4548 sisagp - ok
15:37:37.0316 4548 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
15:37:37.0332 4548 SiSRaid2 - ok
15:37:37.0363 4548 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
15:37:37.0394 4548 SiSRaid4 - ok
15:37:37.0472 4548 [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
15:37:37.0488 4548 SkypeUpdate - ok
15:37:37.0597 4548 [ 0BA91E1358AD25236863039BB2609A2E ] slsvc C:\Windows\system32\SLsvc.exe
15:37:37.0846 4548 slsvc - ok
15:37:37.0878 4548 [ 7C6DC44CA0BFA6291629AB764200D1D4 ] SLUINotify C:\Windows\system32\SLUINotify.dll
15:37:37.0924 4548 SLUINotify - ok
15:37:37.0956 4548 [ 031E6BCD53C9B2B9ACE111EAFEC347B6 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:37:38.0002 4548 Smb - ok
15:37:38.0018 4548 smdnbrfu - ok
15:37:38.0049 4548 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:37:38.0080 4548 SNMPTRAP - ok
15:37:38.0096 4548 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
15:37:38.0112 4548 spldr - ok
15:37:38.0143 4548 [ 3665F79026A3F91FBCA63F2C65A09B19 ] Spooler C:\Windows\System32\spoolsv.exe
15:37:38.0158 4548 Spooler - ok
15:37:38.0190 4548 [ 2252AEF839B1093D16761189F45AF885 ] srv C:\Windows\system32\DRIVERS\srv.sys
15:37:38.0221 4548 srv - ok
15:37:38.0252 4548 [ B7FF59408034119476B00A81BB53D5D1 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:37:38.0268 4548 srv2 - ok
15:37:38.0283 4548 [ 2ACCC9B12AF02030F531E6CCA6F8B76E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:37:38.0314 4548 srvnet - ok
15:37:38.0346 4548 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:37:38.0392 4548 SSDPSRV - ok
15:37:38.0439 4548 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:37:38.0455 4548 SstpSvc - ok
15:37:38.0502 4548 [ 7DD08A597BC56051F320DA0BAF69E389 ] stisvc C:\Windows\System32\wiaservc.dll
15:37:38.0548 4548 stisvc - ok
15:37:38.0548 4548 sukifpdx - ok
15:37:38.0595 4548 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
15:37:38.0611 4548 swenum - ok
15:37:38.0673 4548 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
15:37:38.0720 4548 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
15:37:38.0720 4548 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
15:37:38.0767 4548 [ B36C7CDB86F7F7A8E884479219766950 ] swprv C:\Windows\System32\swprv.dll
15:37:38.0860 4548 swprv - ok
15:37:38.0907 4548 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
15:37:38.0923 4548 Symc8xx - ok
15:37:38.0954 4548 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
15:37:38.0970 4548 Sym_hi - ok
15:37:39.0001 4548 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
15:37:39.0016 4548 Sym_u3 - ok
15:37:39.0063 4548 [ 8710A92D0024B03B5FB9540DF1F71F1D ] SysMain C:\Windows\system32\sysmain.dll
15:37:39.0141 4548 SysMain - ok
15:37:39.0141 4548 szfeofbd - ok
15:37:39.0157 4548 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:37:39.0204 4548 TabletInputService - ok
15:37:39.0266 4548 [ 680916BB09EE0F3A6ACA7C274B0D633F ] TapiSrv C:\Windows\System32\tapisrv.dll
15:37:39.0313 4548 TapiSrv - ok
15:37:39.0328 4548 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
15:37:39.0375 4548 TBS - ok
15:37:39.0438 4548 [ 6216A954ED7045B62880A92D6C9B9FC7 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:37:39.0484 4548 Tcpip - ok
15:37:39.0516 4548 [ 6216A954ED7045B62880A92D6C9B9FC7 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
15:37:39.0562 4548 Tcpip6 - ok
15:37:39.0594 4548 [ D4A2E4A4B011F3A883AF77315A5AE76B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:37:39.0625 4548 tcpipreg - ok
15:37:39.0656 4548 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:37:39.0703 4548 TDPIPE - ok
15:37:39.0734 4548 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:37:39.0765 4548 TDTCP - ok
15:37:39.0796 4548 [ D09276B1FAB033CE1D40DCBDF303D10F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:37:39.0828 4548 tdx - ok
15:37:39.0874 4548 [ A048056F5E1A96A9BF3071B91741A5AA ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
15:37:39.0890 4548 TermDD - ok
15:37:39.0921 4548 [ D605031E225AACCBCEB5B76A4F1603A6 ] TermService C:\Windows\System32\termsrv.dll
15:37:40.0030 4548 TermService - ok
15:37:40.0062 4548 [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] Themes C:\Windows\system32\shsvcs.dll
15:37:40.0077 4548 Themes - ok
15:37:40.0108 4548 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
15:37:40.0140 4548 THREADORDER - ok
15:37:40.0171 4548 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
15:37:40.0249 4548 TrkWks - ok
15:37:40.0296 4548 [ 16613A1BAD034D4ECF957AF18B7C2FF5 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:37:40.0342 4548 TrustedInstaller - ok
15:37:40.0374 4548 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:37:40.0436 4548 tssecsrv - ok
15:37:40.0498 4548 [ 195664ACFB0DD5A296672E0A7B20F380 ] TuneUp.Defrag C:\Windows\System32\TuneUpDefragService.exe
15:37:40.0530 4548 TuneUp.Defrag - ok
15:37:40.0576 4548 [ F21C3B0BD8CF9509CBB333001BC6C24D ] TuneUp.ProgramStatisticsSvc C:\Windows\System32\TUProgSt.exe
15:37:40.0623 4548 TuneUp.ProgramStatisticsSvc - ok
15:37:40.0670 4548 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
15:37:40.0686 4548 tunmp - ok
15:37:40.0701 4548 [ 6042505FF6FA9AC1EF7684D0E03B6940 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:37:40.0717 4548 tunnel - ok
15:37:40.0748 4548 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
15:37:40.0764 4548 uagp35 - ok
15:37:40.0795 4548 [ F763E070843EE2803DE1395002B42938 ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
15:37:40.0810 4548 UBHelper - ok
15:37:40.0842 4548 [ 8B5088058FA1D1CD897A2113CCFF6C58 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:37:40.0888 4548 udfs - ok
15:37:40.0904 4548 uepbqtfa - ok
15:37:40.0951 4548 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:37:40.0998 4548 UI0Detect - ok
15:37:41.0013 4548 ujaqhsqy - ok
15:37:41.0044 4548 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:37:41.0076 4548 uliagpkx - ok
15:37:41.0185 4548 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
15:37:41.0200 4548 uliahci - ok
15:37:41.0247 4548 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
15:37:41.0263 4548 UlSata - ok
15:37:41.0294 4548 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
15:37:41.0325 4548 ulsata2 - ok
15:37:41.0356 4548 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
15:37:41.0403 4548 umbus - ok
15:37:41.0450 4548 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
15:37:41.0497 4548 upnphost - ok
15:37:41.0544 4548 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:37:41.0590 4548 usbccgp - ok
15:37:41.0606 4548 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:37:41.0685 4548 usbcir - ok
15:37:41.0716 4548 [ CEBE90821810E76320155BEBA722FCF9 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
15:37:41.0763 4548 usbehci - ok
15:37:41.0794 4548 [ CC6B28E4CE39951357963119CE47B143 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:37:41.0841 4548 usbhub - ok
15:37:41.0872 4548 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
15:37:41.0950 4548 usbohci - ok
15:37:41.0981 4548 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
15:37:42.0028 4548 usbprint - ok
15:37:42.0044 4548 [ 87BA6B83C5D19B69160968D07D6E2982 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:37:42.0106 4548 USBSTOR - ok
15:37:42.0153 4548 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
15:37:42.0184 4548 usbuhci - ok
15:37:42.0215 4548 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
15:37:42.0262 4548 usbvideo - ok
15:37:42.0293 4548 [ 032A0ACC3909AE7215D524E29D536797 ] UxSms C:\Windows\System32\uxsms.dll
15:37:42.0371 4548 UxSms - ok
15:37:42.0418 4548 [ A98E8E3CF1E8375B7E13596DE52F558C ] UxTuneUp C:\Windows\System32\uxtuneup.dll
15:37:42.0434 4548 UxTuneUp - ok
15:37:42.0465 4548 [ B13BC395B9D6116628F5AF47E0802AC4 ] vds C:\Windows\System32\vds.exe
15:37:42.0543 4548 vds - ok
15:37:42.0559 4548 vewtcbpb - ok
15:37:42.0605 4548 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:37:42.0637 4548 vga - ok
15:37:42.0652 4548 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
15:37:42.0699 4548 VgaSave - ok
15:37:42.0699 4548 vhmlfgnv - ok
15:37:42.0730 4548 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
15:37:42.0746 4548 viaagp - ok
15:37:42.0777 4548 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
15:37:42.0824 4548 ViaC7 - ok
15:37:42.0871 4548 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
15:37:42.0886 4548 viaide - ok
15:37:42.0886 4548 vildfska - ok
15:37:42.0902 4548 vlqoefga - ok
15:37:42.0917 4548 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:37:42.0933 4548 volmgr - ok
15:37:42.0964 4548 [ 98F5FFE6316BD74E9E2C97206C190196 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:37:42.0995 4548 volmgrx - ok
15:37:43.0011 4548 [ D8B4A53DD2769F226B3EB374374987C9 ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:37:43.0027 4548 volsnap - ok
15:37:43.0058 4548 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
15:37:43.0073 4548 vsmraid - ok
15:37:43.0136 4548 [ D5FB73D19C46ADE183F968E13F186B23 ] VSS C:\Windows\system32\vssvc.exe
15:37:43.0261 4548 VSS - ok
15:37:43.0307 4548 [ 1CF9206966A8458CDA9A8B20DF8AB7D3 ] W32Time C:\Windows\system32\w32time.dll
15:37:43.0370 4548 W32Time - ok
15:37:43.0417 4548 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
15:37:43.0495 4548 WacomPen - ok
15:37:43.0526 4548 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
15:37:43.0573 4548 Wanarp - ok
15:37:43.0573 4548 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:37:43.0604 4548 Wanarpv6 - ok
15:37:43.0651 4548 [ F3A5C2E1A6533192B070D06ECF6BE796 ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:37:43.0682 4548 wcncsvc - ok
15:37:43.0697 4548 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:37:43.0775 4548 WcsPlugInService - ok
15:37:43.0822 4548 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
15:37:43.0838 4548 Wd - ok
15:37:43.0869 4548 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:37:43.0900 4548 Wdf01000 - ok
15:37:43.0931 4548 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:37:44.0025 4548 WdiServiceHost - ok
15:37:44.0025 4548 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:37:44.0072 4548 WdiSystemHost - ok
15:37:44.0072 4548 wduvamgn - ok
15:37:44.0119 4548 [ CF9A5F41789B642DB967021DE06A2713 ] WebClient C:\Windows\System32\webclnt.dll
15:37:44.0165 4548 WebClient - ok
15:37:44.0212 4548 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:37:44.0243 4548 Wecsvc - ok
15:37:44.0259 4548 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:37:44.0306 4548 wercplsupport - ok
15:37:44.0353 4548 [ FD1965AAA112C6818A30AB02742D0461 ] WerSvc C:\Windows\System32\WerSvc.dll
15:37:44.0399 4548 WerSvc - ok
15:37:44.0415 4548 wgriqhda - ok
15:37:44.0415 4548 whqdilhl - ok
15:37:44.0446 4548 wikoztsj - ok
15:37:44.0509 4548 [ 5C7BDCF5864DB00323FE2D90FA26A8A2 ] winachsf C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
15:37:44.0602 4548 winachsf - ok
15:37:44.0649 4548 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
15:37:44.0665 4548 WinDefend - ok
15:37:44.0680 4548 WinHttpAutoProxySvc - ok
15:37:44.0727 4548 [ 00B79A7C984678F24CF052E5BEB3A2F5 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:37:44.0774 4548 Winmgmt - ok
15:37:44.0852 4548 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
15:37:44.0914 4548 WinRM - ok
15:37:44.0977 4548 [ 275F4346E569DF56CFB95243BD6F6FF0 ] Wlansvc C:\Windows\System32\wlansvc.dll
15:37:45.0101 4548 Wlansvc - ok
15:37:45.0133 4548 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
15:37:45.0164 4548 WmiAcpi - ok
15:37:45.0242 4548 [ ABA4CF9F856D9A3A25F4DDD7690A6E9D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:37:45.0304 4548 wmiApSrv - ok
15:37:45.0382 4548 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
15:37:45.0445 4548 WMPNetworkSvc - ok
15:37:45.0507 4548 [ 5D94CD167751294962BA238D82DD1BB8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:37:45.0538 4548 WPCSvc - ok
15:37:45.0554 4548 [ 396D406292B0CD26E3504FFE82784702 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:37:45.0601 4548 WPDBusEnum - ok
15:37:45.0616 4548 wpddpvvm - ok
15:37:45.0679 4548 [ 0CEC23084B51B8288099EB710224E955 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
15:37:45.0710 4548 WpdUsb - ok
15:37:45.0803 4548 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:37:45.0866 4548 WPFFontCache_v0400 - ok
15:37:45.0866 4548 wpmqlqgd - ok
15:37:45.0897 4548 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:37:45.0928 4548 ws2ifsl - ok
15:37:45.0959 4548 [ 683DD16B590372F2C9661D277F35E49C ] wscsvc C:\Windows\System32\wscsvc.dll
15:37:45.0991 4548 wscsvc - ok
15:37:45.0991 4548 WSearch - ok
15:37:46.0084 4548 [ 6298277B73C77FA99106B271A7525163 ] wuauserv C:\Windows\system32\wuaueng.dll
15:37:46.0225 4548 wuauserv - ok
15:37:46.0318 4548 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:37:46.0365 4548 WUDFRd - ok
15:37:46.0396 4548 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:37:46.0443 4548 wudfsvc - ok
15:37:46.0459 4548 xvysrriv - ok
15:37:46.0474 4548 ycqhnloq - ok
15:37:46.0474 4548 zhhohjdn - ok
15:37:46.0505 4548 zpnnlqgu - ok
15:37:46.0505 4548 ================ Scan global ===============================
15:37:46.0537 4548 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
15:37:46.0583 4548 [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll
15:37:46.0615 4548 [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll
15:37:46.0661 4548 [ 2B336AB6286D6C81FA02CBAB914E3C6C ] C:\Windows\system32\services.exe
15:37:46.0677 4548 [Global] - ok
15:37:46.0677 4548 ================ Scan MBR ==================================
15:37:46.0693 4548 [ EF9CDC51B437D322D54016B68F003416 ] \Device\Harddisk0\DR0
15:37:51.0170 4548 \Device\Harddisk0\DR0 - ok
15:37:51.0310 4548 ================ Scan VBR ==================================
15:37:51.0310 4548 [ 2BA19E89FC27223F78C3776947104B88 ] \Device\Harddisk0\DR0\Partition1
15:37:51.0310 4548 \Device\Harddisk0\DR0\Partition1 - ok
15:37:51.0341 4548 ============================================================
15:37:51.0341 4548 Scan finished
15:37:51.0341 4548 ============================================================
15:37:51.0373 5388 Detected object count: 6
15:37:51.0373 5388 Actual detected object count: 6
15:38:20.0358 5388 BUNAgentSvc ( UnsignedFile.Multi.Generic ) - skipped by user
15:38:20.0358 5388 BUNAgentSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:38:20.0374 5388 ETService ( UnsignedFile.Multi.Generic ) - skipped by user
15:38:20.0374 5388 ETService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:38:20.0374 5388 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
15:38:20.0374 5388 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:38:20.0374 5388 Netzmanager Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:38:20.0374 5388 Netzmanager Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:38:20.0374 5388 NTISchedulerSvc ( UnsignedFile.Multi.Generic ) - skipped by user
15:38:20.0374 5388 NTISchedulerSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:38:20.0390 5388 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
15:38:20.0390 5388 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip

Alt 04.07.2013, 15:08   #14
markusg
/// Malware-holic
 
Trojanisches Pferd "zeus2" auf meinem Computer - Standard

Trojanisches Pferd "zeus2" auf meinem Computer



Hi,
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 04.07.2013, 15:34   #15
Connemara
 
Trojanisches Pferd "zeus2" auf meinem Computer - Standard

Trojanisches Pferd "zeus2" auf meinem Computer



Combofix Logfile:
Code:
ATTFilter
ComboFix 13-07-04.01 - Hanna 04.07.2013  16:19:01.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.49.1031.18.3001.1241 [GMT 2:00]
ausgeführt von:: c:\users\Hanna\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\0tbpw.pad
c:\users\Hanna\AppData\Roaming\14001.004
c:\users\Hanna\AppData\Roaming\14001.004\chrome.manifest
c:\users\Hanna\AppData\Roaming\14001.004\components\AcroFF.txt
c:\users\Hanna\AppData\Roaming\14001.004\install.rdf
c:\users\Hanna\AppData\Roaming\14001.005
c:\users\Hanna\AppData\Roaming\14001.005\chrome.manifest
c:\users\Hanna\AppData\Roaming\14001.005\components\AcroFF.txt
c:\users\Hanna\AppData\Roaming\14001.005\install.rdf
c:\users\Hanna\AppData\Roaming\14001.006
c:\users\Hanna\AppData\Roaming\14001.006\chrome.manifest
c:\users\Hanna\AppData\Roaming\14001.006\components\AcroFF.txt
c:\users\Hanna\AppData\Roaming\14001.006\install.rdf
c:\users\Hanna\AppData\Roaming\14001.008
c:\users\Hanna\AppData\Roaming\14001.008\chrome.manifest
c:\users\Hanna\AppData\Roaming\14001.008\components\AcroFF.txt
c:\users\Hanna\AppData\Roaming\14001.008\install.rdf
c:\users\Hanna\AppData\Roaming\14001.009
c:\users\Hanna\AppData\Roaming\14001.009\chrome.manifest
c:\users\Hanna\AppData\Roaming\14001.009\components\AcroFF.txt
c:\users\Hanna\AppData\Roaming\14001.009\install.rdf
c:\users\Hanna\AppData\Roaming\14001.010
c:\users\Hanna\AppData\Roaming\14001.010\chrome.manifest
c:\users\Hanna\AppData\Roaming\14001.010\components\AcroFF.txt
c:\users\Hanna\AppData\Roaming\14001.010\install.rdf
c:\users\Hanna\AppData\Roaming\14001.011
c:\users\Hanna\AppData\Roaming\14001.011\chrome.manifest
c:\users\Hanna\AppData\Roaming\14001.011\components\AcroFF.txt
c:\users\Hanna\AppData\Roaming\14001.011\install.rdf
c:\users\Hanna\AppData\Roaming\14001.012
c:\users\Hanna\AppData\Roaming\14001.012\chrome.manifest
c:\users\Hanna\AppData\Roaming\14001.012\components\AcroFF.txt
c:\users\Hanna\AppData\Roaming\14001.012\install.rdf
c:\users\Hanna\AppData\Roaming\14001.016
c:\users\Hanna\AppData\Roaming\14001.016\chrome.manifest
c:\users\Hanna\AppData\Roaming\14001.016\components\AcroFF.txt
c:\users\Hanna\AppData\Roaming\14001.016\install.rdf
c:\users\Hanna\AppData\Roaming\14001.017
c:\users\Hanna\AppData\Roaming\14001.017\chrome.manifest
c:\users\Hanna\AppData\Roaming\14001.017\components\AcroFF.txt
c:\users\Hanna\AppData\Roaming\14001.017\install.rdf
c:\users\Hanna\AppData\Roaming\14001.018
c:\users\Hanna\AppData\Roaming\14001.018\chrome.manifest
c:\users\Hanna\AppData\Roaming\14001.018\components\AcroFF.txt
c:\users\Hanna\AppData\Roaming\14001.018\install.rdf
c:\users\Hanna\AppData\Roaming\14001.019
c:\users\Hanna\AppData\Roaming\14001.019\chrome.manifest
c:\users\Hanna\AppData\Roaming\14001.019\components\AcroFF.txt
c:\users\Hanna\AppData\Roaming\14001.019\components\AcroFF019.dll
c:\users\Hanna\AppData\Roaming\14001.019\install.rdf
c:\users\Hanna\AppData\Roaming\AcroIEHelpe.txt
c:\users\Hanna\AppData\Roaming\i9p06hy1.default.tmp
c:\users\Hanna\AppData\Roaming\Qaifu\soidl.exe
c:\users\Hanna\AppData\Roaming\srvblck5.tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-06-04 bis 2013-07-04  ))))))))))))))))))))))))))))))
.
.
2013-07-04 14:28 . 2013-07-04 14:28	--------	d-----w-	c:\users\Gast\AppData\Local\temp
2013-07-04 14:28 . 2013-07-04 14:28	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-07-04 12:58 . 2013-07-04 12:58	29904	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9DD092A5-6812-4506-9248-127974941C9B}\MpKsl923e2562.sys
2013-07-04 12:47 . 2013-07-04 12:54	--------	dc----w-	C:\_OTL
2013-07-04 11:04 . 2013-06-12 04:18	7068072	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9DD092A5-6812-4506-9248-127974941C9B}\mpengine.dll
2013-07-02 21:51 . 2013-06-12 04:18	7068072	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-27 07:56 . 2013-07-01 18:57	--------	d-----w-	c:\program files\Mozilla Thunderbird
2013-06-21 08:50 . 2013-06-21 08:46	724464	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{94E0AFD7-D92C-462B-8B3A-748C25C1395D}\gapaengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 11:25 . 2013-04-14 14:13	692104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-06-12 11:25 . 2011-08-18 18:00	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-26 10:30 . 2011-04-01 14:18	724464	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-05-02 15:28 . 2009-10-11 18:23	238872	------w-	c:\windows\system32\MpSigStub.exe
2013-02-16 00:34 . 2012-02-11 08:48	263064	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files\DVDVideoSoft\tbDVDV.dll" [2009-11-09 2331672]
.
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
2009-11-09 17:38	2331672	-c--a-w-	c:\program files\DVDVideoSoft\tbDVDV.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files\DVDVideoSoft\tbDVDV.dll" [2009-11-09 2331672]
.
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}"= "c:\program files\DVDVideoSoft\tbDVDV.dll" [2009-11-09 2331672]
.
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\Hanna\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\Hanna\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\Hanna\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-18 68856]
"FilterHost"="c:\users\Hanna\AppData\Roaming\mmserver\FilterHost.exe" [2010-01-18 827392]
"SearchEngineProtection"="c:\program files\Gamesbar\SearchEngineProtection.exe" [2010-07-05 544768]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-02-28 18642024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-21 159744]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-27 6244896]
"WarReg_PopUp"="c:\program files\eMachines\WR_PopUp\WarReg_PopUp.exe" [2008-05-09 49152]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-25 652624]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-06 1848648]
"AirPort Base Station Agent"="c:\program files\AirPort\APAgent.exe" [2009-11-11 771360]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
"PDFPrint"="c:\program files\PDF24\pdf24.exe" [2012-12-12 163000]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
c:\users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\users\Hanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Hanna\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
Netzmanager.lnk - c:\program files\Netzmanager\netzmanager.exe /Autostart [2010-3-22 1540096]
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 67016256
*NewlyCreated* - MPKSL923E2562
*Deregistered* - 67016256
*Deregistered* - ugloipog
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-14 11:25]
.
2013-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-21 21:49]
.
2013-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-21 21:49]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2431245
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vp32&d=0209&m=e720
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\users\Hanna\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Hanna\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C5DE2AF7-7FDA-4FA8-87BF-290CD98962D2}: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\Hanna\AppData\Roaming\Mozilla\Firefox\Profiles\i9p06hy1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2866295&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/webhp?rls=ig
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
URLSearchHooks-{872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)
HKCU-Run-NvCplDaemonTool - c:\users\Hanna\floadu1C.dll
HKCU-Run-{0C6A3A70-0304-0E2A-A1CE-9AA25A0A27EE} - c:\users\Hanna\AppData\Roaming\Qaifu\soidl.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-07-04 16:28
Windows 6.0.6001 Service Pack 1 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
.
c:\users\Hanna\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-07-04  16:31:12
ComboFix-quarantined-files.txt  2013-07-04 14:31
.
Vor Suchlauf: 11 Verzeichnis(se), 211.392.888.832 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 211.360.600.064 Bytes frei
.
- - End Of File - - 00CCBA36B1CE9CE7DFE942B7DA9CFB6E
         
--- --- ---
EF9CDC51B437D322D54016B68F003416

Antwort

Themen zu Trojanisches Pferd "zeus2" auf meinem Computer
brief, compu, computer, dankbar, gesperrt, gestern, nichts, pferd, troja, trojanische, trojanische pferd, trojanisches, trojanisches pferd, zeus2



Ähnliche Themen: Trojanisches Pferd "zeus2" auf meinem Computer


  1. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  2. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  3. Bundestrojaner Variante: "Ihr Computer wurde gesperrt"; " Ihr Computer wurde durch das Speichern der autom. Informationskontrolle gesperrt"
    Log-Analyse und Auswertung - 25.11.2012 (10)
  4. "Postetikett" Trojanisches Pferd TR/Dldr.Kuluoz.B.64 u.a.
    Plagegeister aller Art und deren Bekämpfung - 24.10.2012 (26)
  5. BKA Trojaner auf meinem Laptop "Ihr Computer wurde gesperrt" Benötige Hilfe
    Plagegeister aller Art und deren Bekämpfung - 20.07.2012 (10)
  6. Trojanisches Pferd TR/Patched.Gen //// Trojanisches Pferd TR/Refroso.ayol
    Überwachung, Datenschutz und Spam - 26.12.2010 (6)
  7. Logfile - nach Versuch von "twgg.org" meinen Computer zu "reinigen"
    Log-Analyse und Auswertung - 28.05.2010 (5)
  8. trojanisches pferd in meinem forum wie kann ichs entfernen?
    Plagegeister aller Art und deren Bekämpfung - 19.01.2010 (1)
  9. Avira AntiVirus meldet Trojanisches Pferd "TR\Vapsup.uvj
    Plagegeister aller Art und deren Bekämpfung - 07.07.2009 (16)
  10. Trojanisches Pferd, Maleware, Your computer is infected!
    Log-Analyse und Auswertung - 19.11.2008 (1)
  11. Kann nichts mehr runterladen, auch nicht "HiJack This"! ("Your Computer is infected")
    Plagegeister aller Art und deren Bekämpfung - 21.10.2008 (9)
  12. Habe "Trojanisches Pferd TR/Dldr.Dyfuca.DB"
    Plagegeister aller Art und deren Bekämpfung - 29.11.2006 (3)
  13. Habe "Trojanisches Pferd TR/Dldr.Dyfuca.DB"
    Mülltonne - 28.11.2006 (0)
  14. Trojanisches Pferd "TR/Dldr.Baido"
    Plagegeister aller Art und deren Bekämpfung - 20.09.2006 (8)
  15. Hilfe! Trojanisches Pferd "TR/Dldr.Zlob.aav.1"
    Log-Analyse und Auswertung - 25.08.2006 (1)
  16. Trojanisches Pferd "Startpage.ARD"
    Plagegeister aller Art und deren Bekämpfung - 19.08.2005 (7)
  17. Trojanisches Pferd "Click.Verzil.A.3"
    Plagegeister aller Art und deren Bekämpfung - 18.11.2004 (13)

Zum Thema Trojanisches Pferd "zeus2" auf meinem Computer - Hallo, ich habe gestern einen Brief von der Bank bekommen, dass mein Online-Bankingzugang gesperrt wurde, weil von einem Computer auf das Online-Banking zugegriffen wurde, auf dem das Trojanische Pferd "zeus2" - Trojanisches Pferd "zeus2" auf meinem Computer...
Archiv
Du betrachtest: Trojanisches Pferd "zeus2" auf meinem Computer auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.