Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Ständig öffnet sich weißes IE-Fenster / Trojan.Generic.6779472 gefunden / Outlook funktioniert nicht (https://www.trojaner-board.de/106770-staendig-oeffnet-weisses-ie-fenster-trojan-generic-6779472-gefunden-outlook-funktioniert.html)

interaktion 23.12.2011 03:30
Ständig öffnet sich weißes IE-Fenster / Trojan.Generic.6779472 gefunden / Outlook funktioniert nicht
 
Hallo,

nachdem sich bei mir seit heute ständig ein neues, weißes Fenster vom IE 9 öffnet, dachte ich, ich könnte mit BitDefender ja mal eine Tiefe Systemprüfung ausführen. Gesagt, getan. Gefunden wurde in meinem Outlook Mail Archiv dieses Ding da:

Trojan.Generic.6779472

Entfernen ging nicht, ignorieren wollte ich nicht und da ich nicht richtig gelesen habe, verschob ich das Ding in die Quarantäne (also das gesamte eMail-Archiv). Seitdem startet mein Outlook nicht mehr, es erscheint folgende Meldung:

Der Ordner kann nicht angezeigt werden. Auf den angegebenen Ordnerspeicherort kann von Microsoft Office Outlook nicht zugegriffen werden. Die Messaging-Programmschnittstelle hat einen unbekannten Fehler zurückgeliefert. Falls das Problem weiter besteht, starten Sie Outlook neu. Dieses Element kann von Outlook nicht geöffnet werden. Das Element ist möglicherweise beschädigt.

.pst Datei irgendwie beschädigt, nehme ich an, nachdem ich so ein bisschen gegoogled und allerlei Dinge ausprobiert hab.

Schritt 2 war ein Scann mit Malwarebytes, fand nichts. Dieser wiederum blockiert nun ständig eine schädliche Website mit der IP:

82.98.97.183 (und diversen anderen Endziffern).

defogger hat mich nicht gefragt, ob ich neu starten möchte, obwohl ich alles wie in der Anleitung beschrieben ausgeführt habe.

defogger_disable Log:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 03:14 on 23/12/2011 (Blubb)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-OTL Logfile:
Code:
OTL logfile created on: 12/23/2011 3:24:55 AM - Run 1
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\Blubb\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5.87 Gb Total Physical Memory | 3.37 Gb Available Physical Memory | 57.50% Memory free
11.73 Gb Paging File | 8.86 Gb Available in Paging File | 75.50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917.55 Gb Total Space | 725.71 Gb Free Space | 79.09% Space Free | Partition Type: NTFS
Drive D: | 13.87 Gb Total Space | 1.68 Gb Free Space | 12.10% Space Free | Partition Type: NTFS
 
Computer Name: BLUBB-NEU | User Name: Blubb | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011/12/23 03:23:49 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Blubb\Desktop\OTL.exe
PRC - [2011/12/10 12:53:44 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
PRC - [2011/12/08 21:15:20 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\java.exe
PRC - [2011/12/08 21:15:20 | 000,023,328 | ---- | M] (Sun Microsystems, Inc.) -- C:\PROGRA~2\Java\jre6\bin\jp2launcher.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/08/01 09:28:16 | 000,124,480 | ---- | M] (ICQ, LLC.) -- C:\Program Files (x86)\ICQ7.5\ICQ.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/09/28 16:09:28 | 001,119,768 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2010/04/23 20:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/23 20:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/23 20:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/02 10:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2010/03/04 04:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/04 04:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/10/01 05:02:50 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/10/01 05:02:48 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2008/11/20 18:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011/12/08 21:15:20 | 000,108,320 | ---- | M] () -- C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll
MOD - [2011/12/08 21:15:20 | 000,008,192 | ---- | M] () -- C:\Program Files (x86)\Java\jre6\bin\jp2native.dll
MOD - [2011/10/13 08:06:52 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\3c8f9ba115087754b5b1d8394fc818ba\IAStorUtil.ni.dll
MOD - [2011/10/13 08:01:33 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll
MOD - [2011/10/13 08:01:16 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/10/13 08:01:11 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/10/13 08:01:02 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011/10/13 08:00:58 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/10/13 08:00:56 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/10/13 08:00:55 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/13 08:00:52 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/04/06 04:54:22 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010/11/13 01:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011/05/19 05:37:01 | 000,409,672 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV)
SRV:64bit: - [2010/08/06 03:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/03/24 11:43:38 | 002,299,656 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe -- (VSSERV)
SRV:64bit: - [2010/03/12 15:42:40 | 000,393,728 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan)
SRV:64bit: - [2009/10/19 19:04:58 | 000,278,224 | ---- | M] (BitDefender S.R.L. hxxp://www.bitdefender.com) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe -- (Arrakis3)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/21 14:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/24 13:13:07 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/09/28 16:09:28 | 001,119,768 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2010/06/19 02:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/06/01 23:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/04 04:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009/10/01 05:02:50 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/10/01 05:02:48 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/05/19 05:37:12 | 000,089,680 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys -- (bdfwfpf)
DRV:64bit: - [2011/05/10 07:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/03 07:59:26 | 000,349,800 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/06/22 02:07:38 | 000,131,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/03/04 03:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/22 13:57:54 | 000,347,336 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV:64bit: - [2010/01/29 13:47:04 | 000,163,936 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\bdfm.sys -- (BDFM)
DRV:64bit: - [2009/09/17 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK/4
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Blubb\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
 
 
O1 HOSTS File: ([2011/05/29 13:38:12 | 000,434,670 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1        www.007guard.com
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        www.008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        www.00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        www.0scan.com
O1 - Hosts: 127.0.0.1        0scan.com
O1 - Hosts: 127.0.0.1        1000gratisproben.com
O1 - Hosts: 127.0.0.1        www.1000gratisproben.com
O1 - Hosts: 127.0.0.1        1001namen.com
O1 - Hosts: 127.0.0.1        www.1001namen.com
O1 - Hosts: 127.0.0.1        100888290cs.com
O1 - Hosts: 127.0.0.1        www.100888290cs.com
O1 - Hosts: 127.0.0.1        www.100sexlinks.com
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        www.10sek.com
O1 - Hosts: 127.0.0.1        www.1-2005-search.com
O1 - Hosts: 127.0.0.1        1-2005-search.com
O1 - Hosts: 127.0.0.1        123fporn.info
O1 - Hosts: 14957 more lines...
O3:64bit: - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\IEToolbar.dll (BitDefender S.R.L.)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\Antispam32\IEToolbar.dll (BitDefender S.R.L.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe (BitDefender S.R.L.)
O4:64bit: - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe (BitDefender S.R.L.)
O4:64bit: - HKLM..\Run: [BitDefender Antiphishing Helper 32] C:\Program Files\BitDefender\BitDefender 2010\Antispam32\IEShow.exe (BitDefender S.R.L.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [Corel Photo Downloader] C:\Program Files (x86)\Corel\Corel Snapfire\Corel Photo Downloader.exe (Corel, Inc.)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKCU..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Blubb\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O4 - Startup: C:\Users\Blubb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DieKuhIstWeg.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B863EC08-5BA9-4F6F-A3E8-A201DB2FFA90}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FED421C8-E781-4DF8-8530-40B09201897C}: DhcpNameServer = 10.111.81.129 10.129.32.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/12/23 03:23:39 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Blubb\Desktop\OTL.exe
[2011/12/23 01:55:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/23 01:55:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/12/15 00:36:26 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/12/15 00:35:01 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/12/15 00:35:01 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/12/15 00:35:00 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/12/15 00:35:00 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/12/15 00:35:00 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/12/15 00:35:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/12/15 00:34:59 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/12/15 00:34:59 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011/12/15 00:34:59 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011/12/15 00:34:59 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/12/15 00:34:59 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/12/15 00:31:42 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2011/12/15 00:31:36 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011/12/15 00:31:36 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011/12/12 17:15:41 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJScan
[2011/12/12 17:15:40 | 000,000,000 | ---D | C] -- C:\Users\Blubb\AppData\Roaming\Canon
[2011/12/08 21:31:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/12/08 21:31:27 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2011/12/08 21:15:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/12/08 21:15:25 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/12/08 21:15:25 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/12/08 21:15:25 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011/12/23 03:23:49 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Blubb\Desktop\OTL.exe
[2011/12/23 03:12:07 | 000,050,477 | ---- | M] () -- C:\Users\Blubb\Desktop\Defogger.exe
[2011/12/23 03:11:49 | 000,000,000 | ---- | M] () -- C:\Users\Blubb\defogger_reenable
[2011/12/23 02:16:15 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/23 02:16:15 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/23 02:13:18 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/12/23 02:13:18 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011/12/23 02:13:18 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/12/23 02:13:18 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011/12/23 02:13:18 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/12/23 02:08:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/23 02:08:44 | 429,191,167 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/23 02:08:18 | 000,000,052 | ---- | M] () -- C:\Windows\SysNative\ashttpstats.csv
[2011/12/23 01:55:57 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/23 01:32:02 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3701193968-2768520944-2608497257-1000UA.job
[2011/12/22 22:32:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3701193968-2768520944-2608497257-1000Core.job
[2011/12/20 13:29:13 | 002,008,352 | ---- | M] () -- C:\Users\Blubb\Desktop\IMG_0448.JPG
[2011/12/17 12:30:04 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBlubb.job
[2011/12/15 10:59:52 | 002,353,984 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/14 02:39:48 | 000,172,155 | ---- | M] () -- C:\Users\Blubb\Desktop\IMG_0446.PNG
[2011/12/10 12:53:44 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/12/08 21:31:28 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/12/08 21:15:20 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011/12/08 21:15:20 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/12/08 21:15:20 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/12/08 21:15:20 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/12/06 02:04:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBLUBB-NEU$.job
[2011/12/02 23:20:10 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_netaapl64_01009.Wdf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011/12/23 03:12:07 | 000,050,477 | ---- | C] () -- C:\Users\Blubb\Desktop\Defogger.exe
[2011/12/23 03:11:49 | 000,000,000 | ---- | C] () -- C:\Users\Blubb\defogger_reenable
[2011/12/23 01:55:57 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/20 13:30:58 | 002,008,352 | ---- | C] () -- C:\Users\Blubb\Desktop\IMG_0448.JPG
[2011/12/14 19:13:01 | 000,172,155 | ---- | C] () -- C:\Users\Blubb\Desktop\IMG_0446.PNG
[2011/12/08 21:31:28 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/12/02 23:20:10 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_netaapl64_01009.Wdf
[2011/08/17 17:21:54 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2011/08/17 17:21:48 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2011/07/08 20:28:06 | 000,000,020 | ---- | C] () -- C:\Windows\mafosav.INI
[2011/06/10 14:25:13 | 000,001,854 | ---- | C] () -- C:\Users\Blubb\AppData\Roaming\GhostObjGAFix.xml
[2011/05/29 03:43:33 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/05/29 03:43:33 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/04/22 16:27:42 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/04/21 16:42:01 | 000,000,121 | ---- | C] () -- C:\Windows\bdagent.INI
[2011/04/21 15:57:48 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/04/06 04:32:35 | 000,009,988 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2010/09/21 18:30:44 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2011/04/23 20:45:59 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Amazon
[2011/05/18 20:02:10 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\BitDefender
[2011/12/12 17:27:40 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Canon
[2011/12/07 21:31:54 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Dropbox
[2011/10/06 02:02:19 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\FreeHideIP
[2011/12/23 02:09:34 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\ICQ
[2011/10/21 21:48:38 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Origin
[2011/04/21 16:06:39 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\PictureMover
[2011/07/08 20:15:32 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Systweak
[2011/10/21 14:02:15 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\WinBatch
[2011/12/22 22:32:00 | 000,000,906 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3701193968-2768520944-2608497257-1000Core.job
[2011/12/23 01:32:02 | 000,000,928 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3701193968-2768520944-2608497257-1000UA.job
[2011/12/05 21:24:48 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---




OTL Logfile:
Code:
OTL Extras logfile created on: 12/23/2011 3:24:55 AM - Run 1
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\Blubb\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5.87 Gb Total Physical Memory | 3.37 Gb Available Physical Memory | 57.50% Memory free
11.73 Gb Paging File | 8.86 Gb Available in Paging File | 75.50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917.55 Gb Total Space | 725.71 Gb Free Space | 79.09% Space Free | Partition Type: NTFS
Drive D: | 13.87 Gb Total Space | 1.68 Gb Free Space | 12.10% Space Free | Partition Type: NTFS
 
Computer Name: BLUBB-NEU | User Name: Blubb | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series" = Canon MP280 series MP Drivers
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8D7A8160-B777-4073-B1BE-62CFDD14A1D3}" = BitDefender Antivirus 2010
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C98CA38-4C1A-4AC8-B55C-169497C8826B}" = Apple Mobile Device Support
"{9CD0F7D3-B67F-4BF8-8784-D73AD229FF1E}" = iTunes
"{A40F60B1-F1E1-452E-96A5-FF97F9A2D102}" = HP MediaSmart SmartMenu
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR 4.00 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EE4030A-8FD4-4798-A21D-17E525B1F7CF}" = Corel Snapfire
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1D7CE340-70C3-4848-BCCF-215950328A4C}" = Facebook Video Calling 1.0.0.8953
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{264FE20A-757B-492a-B0C3-4009E2997D8A}" = PictureMover
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}" = Brother MFL-Pro Suite MFC-7360N
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = Die Sims™ 3 Late Night
"{465210C4-595A-BD80-44E8-E0457D9D8432}" = Zinio Reader 4
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{53469506-A37E-4314-A9D9-38724EC23A75}" = HP Setup
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.1.0
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B11296A-F894-449C-8DF6-6AAAA7D4D118}" = Die Sims™ 3 Stadt-Accessoires
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}" = HP Support Information
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Die Sims™ 3 Traumkarrieren
"{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = Die Sims™ 3 Einfach tierisch
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}" = HP Support Assistant
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1C7EF5E-3A7B-4ED4-A48B-F70F1B36EAB4}" = Corel Paint Shop Pro Photo XI
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = Die Sims™ 3 Lebensfreude
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}" = LightScribe System Software
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Canon MP280 series Benutzerregistrierung" = Canon MP280 series Benutzerregistrierung
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"EasyBits Magic Desktop" = Magic Desktop
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Mario Forever 5.01" = Mario Forever 5.01
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"MusicStationNetstaller" = MusicStation
"My HP Game Console" = HP Game Console
"Origin" = Origin
"PDF Complete" = PDF Complete Special Edition
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WT087330" = Bounce Symphony
"WT087361" = FATE
"WT087380" = John Deere Drive Green
"WT087394" = Penguins!
"WT087396" = Polar Bowler
"WT087428" = Bejeweled 2 Deluxe
"WT087453" = Chuzzle Deluxe
"WT087480" = Insaniquarium Deluxe
"WT087485" = Jewel Quest II
"WT087490" = Jewel Quest Solitaire
"WT087501" = Plants vs. Zombies
"WT087510" = Slingo Deluxe
"WT087513" = Virtual Villagers - The Secret City
"WT087519" = Wedding Dash
"WT087533" = Zuma Deluxe
"WT087536" = Diner Dash 2 Restaurant Rescue
"WT089303" = Build-a-Lot - The Elizabethan Era
"WT089308" = Blasterball 3
"WT089328" = Farm Frenzy
"WT089359" = Cake Mania
"WT089362" = Agatha Christie - Peril at End House
"ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1" = Zinio Reader 4
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
--- --- ---



Ich hoffe, ich habe alles richtig gemacht.

cosinus 23.12.2011 18:00
Zitat:
verschob ich das Ding in die Quarantäne (also das gesamte eMail-Archiv). Seitdem startet mein Outlook nicht mehr, es erscheint folgende Meldung:
Deswegen ist es ja auch sinnfrei komplettte PST oder andere Mailboxdateien zu untersuchen.
Man sllte wissen, dass Virenscanner Fehlalarme haben oder gerade bei Postfächern logischerweise einige Anhänge finden können die Schadcode beinhalten. Diese Anhänge liegen aber einfach nur inaktiv in der Mailbox da muss nichts hysterisch sofort gelöscht werden. Stell die Mailboxdatei wieder her und lass sie in Ruhe also nicht mehr vom Virenscanner untersuchen. Wenn man Mails prüfen will mit einem Scanner braucht dieser Scanner extra eine Funktion für E-Mail Scans. Aber auf Dateiebene darauf losgehen kann nur in die Hose gehen!

Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

interaktion 23.12.2011 23:55
Hallo,

vielen lieben Dank, dass du dich mir DAU angenommen hast *g. Das sich ständig öffnende Fenster ist seit heute Morgen wundersamerweise nicht mehr aufgetreten. Malwarebytes blockt aber trotzdem weiterhin ab und zu diese IP da.

Outlook.pst hatte ich gestern schon aus der Quarantäne entfernen wollen, was aber nicht funktioniert hat, also wählte ich die Option "zurücksetzen" - danach konnte ich es auch löschen. Outlook ließ sich trotzdem nicht starten und zeigte die genannte Nachricht an. Ich hab dann ein bisschen gegoogled und mit diesem ScanFixpst (oder wie das Ding heißt) versucht, meine .pst Datei zu retten. Sie war aber gar nicht mehr im Verzeichnis! Dann hab ich sie manuell gesucht und sie da reinkopiert... Dann versucht zu "fixen", hat aber trotzdem nicht geholfen... Hilft da noch irgendwas?

Malwarebytes von gerade eben:

Code:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 911122308

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

23.12.2011 20:22:33
mbam-log-2011-12-23 (20-22-33).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 411206
Laufzeit: 58 Minute(n), 43 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Malwarebytes von heute Nachmittag:

Code:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 911122307

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

23.12.2011 16:24:07
mbam-log-2011-12-23 (16-24-07).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 410959
Laufzeit: 53 Minute(n), 11 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Protection-Log:

Code:
01:56:57        Blubb        MESSAGE        Protection started successfully
01:57:00        Blubb        MESSAGE        IP Protection started successfully
02:05:45        Blubb        IP-BLOCK        82.98.97.200 (Type: outgoing, Port: 52353, Process: svchost.exe)
02:09:27        Blubb        MESSAGE        Protection started successfully
02:09:31        Blubb        MESSAGE        IP Protection started successfully
02:19:41        Blubb        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 49702, Process: svchost.exe)
02:19:41        Blubb        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 49703, Process: svchost.exe)
02:19:41        Blubb        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 49704, Process: svchost.exe)
02:19:41        Blubb        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 49705, Process: svchost.exe)
02:29:42        Blubb        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 50364, Process: svchost.exe)
02:29:42        Blubb        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 50365, Process: svchost.exe)
02:29:42        Blubb        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 50366, Process: svchost.exe)
02:29:42        Blubb        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 50367, Process: svchost.exe)
02:39:40        Blubb        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 50993, Process: svchost.exe)
02:39:40        Blubb        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 50994, Process: svchost.exe)
02:39:40        Blubb        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 50995, Process: svchost.exe)
02:39:40        Blubb        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 50996, Process: svchost.exe)
02:49:46        Blubb        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 51707, Process: svchost.exe)
02:49:46        Blubb        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 51708, Process: svchost.exe)
02:49:46        Blubb        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 51709, Process: svchost.exe)
02:49:46        Blubb        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 51710, Process: svchost.exe)
02:59:43        Blubb        IP-BLOCK        82.98.97.200 (Type: outgoing, Port: 52650, Process: svchost.exe)
03:09:39        Blubb        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 53245, Process: svchost.exe)
03:09:39        Blubb        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 53246, Process: svchost.exe)
03:09:39        Blubb        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 53247, Process: svchost.exe)
03:09:39        Blubb        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 53248, Process: svchost.exe)
03:19:41        Blubb        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 53817, Process: svchost.exe)
03:19:41        Blubb        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 53818, Process: svchost.exe)
03:19:41        Blubb        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 53819, Process: svchost.exe)
03:19:41        Blubb        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 53820, Process: svchost.exe)
03:29:43        Blubb        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 54246, Process: svchost.exe)
03:29:43        Blubb        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 54247, Process: svchost.exe)
03:29:43        Blubb        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 54248, Process: svchost.exe)
03:29:43        Blubb        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 54249, Process: svchost.exe)
03:39:45        Blubb        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 54670, Process: svchost.exe)
03:39:45        Blubb        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 54671, Process: svchost.exe)
03:39:45        Blubb        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 54672, Process: svchost.exe)
03:39:45        Blubb        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 54673, Process: svchost.exe)
03:49:46        Blubb        IP-BLOCK        82.98.97.200 (Type: outgoing, Port: 55329, Process: svchost.exe)
03:59:40        Blubb        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 56028, Process: svchost.exe)
03:59:40        Blubb        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 56029, Process: svchost.exe)
03:59:40        Blubb        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 56030, Process: svchost.exe)
03:59:40        Blubb        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 56031, Process: svchost.exe)
04:09:42        Blubb        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 57040, Process: svchost.exe)
04:09:42        Blubb        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 57041, Process: svchost.exe)
04:09:42        Blubb        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 57042, Process: svchost.exe)
04:09:42        Blubb        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 57043, Process: svchost.exe)
04:19:44        Blubb        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 58233, Process: svchost.exe)
04:19:44        Blubb        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 58234, Process: svchost.exe)
04:19:44        Blubb        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 58235, Process: svchost.exe)
04:19:44        Blubb        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 58236, Process: svchost.exe)
04:29:46        Blubb        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 59060, Process: svchost.exe)
04:29:46        Blubb        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 59061, Process: svchost.exe)
04:29:46        Blubb        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 59062, Process: svchost.exe)
04:29:46        Blubb        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 59063, Process: svchost.exe)
04:39:48        Blubb        IP-BLOCK        82.98.97.200 (Type: outgoing, Port: 59957, Process: svchost.exe)
04:49:43        Blubb        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 60909, Process: svchost.exe)
04:49:43        Blubb        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 60910, Process: svchost.exe)
04:49:43        Blubb        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 60911, Process: svchost.exe)
04:49:43        Blubb        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 60912, Process: svchost.exe)
04:59:44        Blubb        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 61410, Process: svchost.exe)
04:59:44        Blubb        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 61411, Process: svchost.exe)
04:59:45        Blubb        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 61412, Process: svchost.exe)
04:59:45        Blubb        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 61413, Process: svchost.exe)
05:09:46        Blubb        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 62350, Process: svchost.exe)
05:09:47        Blubb        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 62351, Process: svchost.exe)
05:09:47        Blubb        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 62352, Process: svchost.exe)
05:09:47        Blubb        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 62353, Process: svchost.exe)
05:19:48        Blubb        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 63479, Process: svchost.exe)
05:19:49        Blubb        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 63480, Process: svchost.exe)
05:19:49        Blubb        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 63481, Process: svchost.exe)
05:19:49        Blubb        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 63482, Process: svchost.exe)
05:29:43        Blubb        IP-BLOCK        82.98.97.200 (Type: outgoing, Port: 64508, Process: svchost.exe)
05:39:45        Blubb        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 49417, Process: svchost.exe)
05:39:45        Blubb        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 49418, Process: svchost.exe)
05:39:45        Blubb        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 49419, Process: svchost.exe)
05:39:45        Blubb        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 49420, Process: svchost.exe)
05:49:48        Blubb        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 50494, Process: svchost.exe)
05:49:48        Blubb        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 50495, Process: svchost.exe)
05:49:48        Blubb        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 50496, Process: svchost.exe)
05:49:48        Blubb        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 50497, Process: svchost.exe)
11:09:26        Blubb        MESSAGE        Protection started successfully
11:09:29        Blubb        MESSAGE        IP Protection started successfully
11:17:56        Blubb        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 50177, Process: svchost.exe)
11:17:56        Blubb        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 50178, Process: svchost.exe)
11:17:56        Blubb        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 50179, Process: svchost.exe)
11:17:56        Blubb        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 50180, Process: svchost.exe)
11:17:56        Blubb        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 50181, Process: svchost.exe)
11:27:57        Blubb        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 50688, Process: svchost.exe)
11:27:57        Blubb        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 50689, Process: svchost.exe)
11:27:57        Blubb        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 50690, Process: svchost.exe)
11:27:57        Blubb        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 50691, Process: svchost.exe)
11:27:57        Blubb        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 50692, Process: svchost.exe)
11:37:59        Blubb        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 51060, Process: svchost.exe)
11:37:59        Blubb        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 51061, Process: svchost.exe)
11:37:59        Blubb        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 51062, Process: svchost.exe)
11:37:59        Blubb        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 51063, Process: svchost.exe)
11:37:59        Blubb        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 51064, Process: svchost.exe)
11:48:00        Blubb        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 51425, Process: svchost.exe)
11:48:00        Blubb        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 51426, Process: svchost.exe)
11:48:00        Blubb        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 51427, Process: svchost.exe)
11:48:00        Blubb        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 51428, Process: svchost.exe)
11:48:00        Blubb        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 51429, Process: svchost.exe)
11:58:02        Blubb        IP-BLOCK        82.98.97.200 (Type: outgoing, Port: 51795, Process: svchost.exe)
12:07:57        Blubb        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 52727, Process: svchost.exe)
12:07:57        Blubb        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 52728, Process: svchost.exe)
12:07:57        Blubb        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 52729, Process: svchost.exe)
12:07:57        Blubb        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 52730, Process: svchost.exe)
12:17:59        Blubb        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 53407, Process: svchost.exe)
12:17:59        Blubb        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 53408, Process: svchost.exe)
12:17:59        Blubb        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 53409, Process: svchost.exe)
12:17:59        Blubb        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 53410, Process: svchost.exe)
12:28:01        Blubb        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 54079, Process: svchost.exe)
12:28:01        Blubb        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 54080, Process: svchost.exe)
12:28:01        Blubb        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 54081, Process: svchost.exe)
12:28:01        Blubb        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 54082, Process: svchost.exe)
12:38:02        Blubb        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 54690, Process: svchost.exe)
12:38:03        Blubb        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 54691, Process: svchost.exe)
12:38:03        Blubb        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 54692, Process: svchost.exe)
12:38:03        Blubb        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 54693, Process: svchost.exe)
12:47:56        Blubb        IP-BLOCK        82.98.97.200 (Type: outgoing, Port: 55266, Process: svchost.exe)
Ansonsten hat Malware bei mir noch nie irgendetwas gefunden; ich installiere das Ding immer nur, wenn ich Probleme habe, nutze ansonsten BitDefender. *g

Und das Ding dauerte ewig, war aber nich länger:

Code:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
Vielen lieben Dank für deine Hilfe! :)

interaktion 24.12.2011 13:42
Hi Arne,

ganz kurz: Ich bin bis 27.12. nicht zuhause und kann daher auch nicht an meinem PC sein (im Internet schon, aber halt leider nicht mit dem PC, mit dem ich die Schritte ausführen müsste *g).

Ich hoffe, das ist in Ordnung für dich und du machst hier nicht gleich zu.

Frohe Weihnachten dir!

cosinus 24.12.2011 15:14
Zitat:
hat aber trotzdem nicht geholfen... Hilft da noch irgendwas?
Wenn die PST-Datei mit all deinen Mails vom Virenscanner gelöscht wurde und auch nicht mehr in der Qurantäne zu sehen ist, ist sie weg. Und lt. deiner Aussage hast du deine Mails selbst ins Nirvana geschickt:

Zitat:
Outlook.pst hatte ich gestern schon aus der Quarantäne entfernen wollen, was aber nicht funktioniert hat, also wählte ich die Option "zurücksetzen" - danach konnte ich es auch löschen.
Hier würde nur ncoh ein Backup helfen, sofern man denn eins hätte. Daran denken aber viele einfach nicht.


ESET hast du falsch ausgeführt, wahrscheinlich wurde das hier mal wieder überlesen:

Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen

interaktion 27.12.2011 01:15
Hi,

sorry, ja, das hatte ich tatsächlich überlesen.

Hier:

Code:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=c186c7f7f169604fbbdbfe10af567a9e
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-27 12:14:08
# local_time=2011-12-27 01:14:08 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 298034 76566155 0 0
# compatibility_mode=8192 67108863 100 0 270769 270769 0 0
# scanned=252611
# found=0
# cleaned=0
# scan_time=8392

cosinus 27.12.2011 16:44
Keine Funde. Wurde nur ein angeblicher Schädling in der Outlook-PST gefunden oder in der Zwischenzeit bzw. Vergangenheit noch woanders?

Ein Backup der PST hast du wohl nicht, d.h. alle Mails sind jetzt weg?

interaktion 27.12.2011 17:06
Nee, hab keine BackUp der pst-Datei gehabt. Habe auch in der Zwischenzeit Office deinstalliert, neu gestartet, bin mit dem CCleaner drüber, damit auch alles weg ist. Office 2010 neu installiert, wieder das gleiche Spielchen, Outlook lässt sich nicht mehr starten, bzw. es startet durchaus, kann allerdings halt keine eMails mehr abrufen. Selbe Meldung.

Alle Mails scheinen weg zu sein. Aber das ist nicht schlimm (zumindest für mich nicht). Ansonsten werden bei mir täglich immer nur Cookie-Dinger gefunden, aber nie was Ernsthaftes. Dieses Trojan-Ding wurde auch nur dieses eine Mal gefunden, weil ich eine "tiefe Systemprüfung" machte. Da wurde das Mail-Archiv einfach automatisch mitüberprüft, denke ich. Ich hab dann a uch nicht recht gelesen und erst hinterher gecheckt, dass es sich um mein ganzes eMail-Archiv handelt, NACHDEM ich es schon in Quarantäne geschoben hatte... Seitdem geht auf jeden Fall nichts mehr. Selbst nach Neuinstallation nicht mehr. Das weiße Fenster öffnet sich nach wie vor ständig, die IPs werden immer noch geblockt. Was kann das sein? Das ist alles sehr seltsam...

:wtf:

----

Ähm, Update: Outlook funktioniert wieder. Habe Bitdefender mal deaktiviert und dann die Datei mit dem ScanDings repariert. Mails sind alle noch da.

cosinus 27.12.2011 17:40
Zitat:
Mails sind alle noch da.
Wurde die PST dann doch nicht gelöscht? Aus der Quarantäne wiederhergestellt?

interaktion 27.12.2011 17:41
Zitat:
Zitat von cosinus (Beitrag 742226)
Wurde die PST dann doch nicht gelöscht? Aus der Quarantäne wiederhergestellt?
Ja, wahrscheinlich. *wunder

Hm. ich <--- DAU.

Was soll ich weiter tun?

cosinus 27.12.2011 17:44
Zitat:
Was soll ich weiter tun?
Ich seh keinen weiteren Anlass was zu tun. Spfern keine Probleme mehr offen sind.

interaktion 27.12.2011 17:47
Hm, na doch, diese komische IP, die geblockt wird. Und eben das mit dem sich ständig öffnenden Fenster... :/

cosinus 28.12.2011 03:07
Du meinst diese IP? => 82.98.97.203 IP Address WHOIS | DomainTools.com

Sagt dir das irgendwas?

interaktion 28.12.2011 15:29
Ja, das sah ich mir auch schon an. Das sagt mir leider überhaupt nichts. Ich hab, soweit ich weiß, auch kein Produkt von dieser Firma auf dem PC (überlegte schon, ob das so ne Nutzungsdatenübertragung wär, was es ja manchmal gibt). Ich benutze keine Cracks, Keygens und nur wenig Freeware-Kram, lade eigentlich nur von chip.de, wenn...

Es kommt sehr selten vor, dass bei mir so viel Chaos auf dem PC ist. ;D

Was weiter tun?

P.S.: Ich hab mal gerade bei der Plus Line AG angerufen, die mir allerdings auch nicht weiterhelfen konnten. Der wird der Sache aber nachgehen, weil das ein Kunde von ihnen ist.

Kann das eigentlich ein privater Angriff gegen mich sein? Dass da irgendeine Privatperson sitzt, die Daten von meinem PC sammelt und mich evtl. kennt? Ich hätte (!) einen Verdacht, es ist aber eigentlich ziemlich abwegig...

Und was bedeutet es, dass svchost.exe auf diese Website zugreift?

interaktion 28.12.2011 19:33
AdAware Log:

Code:
Logfile created: 28.12.2011 16:29:04
Ad-Aware version: 9.6.0
Extended engine: 3
Extended engine version: 3.1.2770
User performing scan: Blubb

*********************** Definitions database information ***********************
Lavasoft definition file: 150.657
Genotype definition file version: 2011/09/21 13:56:01
Extended engine definition file: 11282.0

******************************** Scan results: *********************************
Scan profile name: Full Scan  (ID: full)
Objects scanned: 265958
Objects detected: 37


Type              Detected
==========================
Processes.......:        0
Registry entries:        0
Hostfile entries:        0
Files...........:        0
Folders.........:        0
LSPs............:        0
Cookies.........:      37
Browser hijacks.:        0
MRU objects.....:        0



Removed items:
Description: *adfarm1.adition* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409171 Family ID: 0
Description: *etracker* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409002 Family ID: 0
Description: *ivwbox* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409247 Family ID: 0
Description: *wunderloop* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 599639 Family ID: 0
Description: *adserver* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408737 Family ID: 0
Description: *adserv* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408921 Family ID: 0
Description: *adserve* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409020 Family ID: 0
Description: *serving-sys* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409130 Family ID: 0
Description: *ad.yieldmanager* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409172 Family ID: 0
Description: *adfarm1.adition* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409171 Family ID: 0
Description: *adserver* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408737 Family ID: 0
Description: *adserv* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408921 Family ID: 0
Description: *adtech* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409018 Family ID: 0
Description: *adserve* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409020 Family ID: 0
Description: *wunderloop* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 599639 Family ID: 0
Description: *.adform* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409300 Family ID: 0
Description: *revenue* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409138 Family ID: 0
Description: *statistik-gallup* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409367 Family ID: 0
Description: *adbrite* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409218 Family ID: 0
Description: *specificclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408807 Family ID: 0
Description: *ivwbox* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409247 Family ID: 0
Description: *rambler* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408818 Family ID: 0
Description: *serving-sys* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409130 Family ID: 0
Description: *.comclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409086 Family ID: 0
Description: *ad.yieldmanager* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409172 Family ID: 0
Description: *etracker* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409002 Family ID: 0
Description: *estat* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408873 Family ID: 0
Description: *webstat* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409228 Family ID: 0
Description: *adfarm1.adition* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409171 Family ID: 0
Description: *etracker* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409002 Family ID: 0
Description: *ivwbox* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409247 Family ID: 0
Description: *wunderloop* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 599639 Family ID: 0
Description: *adserver* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408737 Family ID: 0
Description: *adserv* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408921 Family ID: 0
Description: *adserve* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409020 Family ID: 0
Description: *serving-sys* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409130 Family ID: 0
Description: *ad.yieldmanager* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409172 Family ID: 0

Scan and cleaning complete: Finished correctly after 9295 seconds

*********************************** Settings ***********************************

Scan profile:
ID: full, enabled:1, value: Full Scan
  ID: folderstoscan, enabled:1, value: C:\,D:\
  ID: useantivirus, enabled:1, value: true
  ID: sections, enabled:1
    ID: scancriticalareas, enabled:1, value: true
    ID: scanrunningapps, enabled:1, value: true
    ID: scanregistry, enabled:1, value: true
    ID: scanlsp, enabled:1, value: true
    ID: scanads, enabled:1, value: true
    ID: scanhostsfile, enabled:1, value: true
    ID: scanmru, enabled:1, value: true
    ID: scanbrowserhijacks, enabled:1, value: true
    ID: scantrackingcookies, enabled:1, value: true
      ID: closebrowsers, enabled:1, value: false
  ID: filescanningoptions, enabled:1
    ID: archives, enabled:1, value: true
    ID: onlyexecutables, enabled:1, value: false
    ID: skiplargerthan, enabled:1, value: 20480
    ID: scanrootkits, enabled:1, value: true
      ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict
    ID: usespywareheuristics, enabled:1, value: true

Scan global:
ID: global, enabled:1
  ID: addtocontextmenu, enabled:1, value: true
  ID: playsoundoninfection, enabled:1, value: false
    ID: soundfile, enabled:0, value: N/A

Scheduled scan settings:
<Empty>

Update settings:
ID: updates, enabled:1
  ID: launchthreatworksafterscan, enabled:1, value: off, domain: normal,off,silently
  ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
  ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
  ID: schedules, enabled:1, value: true
    ID: updatedaily1, enabled:1, value: Daily 1
      ID: time, enabled:1, value: Wed Dec 28 16:25:00 2011
      ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
      ID: weekdays, enabled:1
        ID: monday, enabled:1, value: false
        ID: tuesday, enabled:1, value: false
        ID: wednesday, enabled:1, value: false
        ID: thursday, enabled:1, value: false
        ID: friday, enabled:1, value: false
        ID: saturday, enabled:1, value: false
        ID: sunday, enabled:1, value: false
      ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
      ID: scanprofile, enabled:1, value:
      ID: auto_deal_with_infections, enabled:1, value: false
    ID: updatedaily2, enabled:1, value: Daily 2
      ID: time, enabled:1, value: Wed Dec 28 22:25:00 2011
      ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
      ID: weekdays, enabled:1
        ID: monday, enabled:1, value: false
        ID: tuesday, enabled:1, value: false
        ID: wednesday, enabled:1, value: false
        ID: thursday, enabled:1, value: false
        ID: friday, enabled:1, value: false
        ID: saturday, enabled:1, value: false
        ID: sunday, enabled:1, value: false
      ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
      ID: scanprofile, enabled:1, value:
      ID: auto_deal_with_infections, enabled:1, value: false
    ID: updatedaily3, enabled:1, value: Daily 3
      ID: time, enabled:1, value: Wed Dec 28 04:25:00 2011
      ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
      ID: weekdays, enabled:1
        ID: monday, enabled:1, value: false
        ID: tuesday, enabled:1, value: false
        ID: wednesday, enabled:1, value: false
        ID: thursday, enabled:1, value: false
        ID: friday, enabled:1, value: false
        ID: saturday, enabled:1, value: false
        ID: sunday, enabled:1, value: false
      ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
      ID: scanprofile, enabled:1, value:
      ID: auto_deal_with_infections, enabled:1, value: false
    ID: updatedaily4, enabled:1, value: Daily 4
      ID: time, enabled:1, value: Wed Dec 28 10:25:00 2011
      ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
      ID: weekdays, enabled:1
        ID: monday, enabled:1, value: false
        ID: tuesday, enabled:1, value: false
        ID: wednesday, enabled:1, value: false
        ID: thursday, enabled:1, value: false
        ID: friday, enabled:1, value: false
        ID: saturday, enabled:1, value: false
        ID: sunday, enabled:1, value: false
      ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
      ID: scanprofile, enabled:1, value:
      ID: auto_deal_with_infections, enabled:1, value: false
    ID: updateweekly1, enabled:1, value: Weekly
      ID: time, enabled:1, value: Wed Dec 28 16:25:00 2011
      ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
      ID: weekdays, enabled:1
        ID: monday, enabled:1, value: false
        ID: tuesday, enabled:1, value: false
        ID: wednesday, enabled:1, value: true
        ID: thursday, enabled:1, value: false
        ID: friday, enabled:1, value: false
        ID: saturday, enabled:1, value: true
        ID: sunday, enabled:1, value: false
      ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
      ID: scanprofile, enabled:1, value:
      ID: auto_deal_with_infections, enabled:1, value: false

Appearance settings:
ID: appearance, enabled:1
  ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
  ID: showtrayicon, enabled:1, value: true
  ID: autoentertainmentmode, enabled:1, value: true
  ID: guimode, enabled:1, value: mode_simple, domain: mode_advanced,mode_simple
  ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language

Realtime protection settings:
ID: realtime, enabled:1
  ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant
  ID: modules, enabled:1
    ID: processprotection, enabled:1, value: true
    ID: onaccessprotection, enabled:1, value: true
    ID: registryprotection, enabled:1, value: true
    ID: networkprotection, enabled:1, value: true
  ID: layers, enabled:1
    ID: useantivirus, enabled:1, value: true
    ID: usespywareheuristics, enabled:1, value: true
    ID: maintainbackup, enabled:1, value: true


****************************** System information ******************************
Computer name: BLUBB-NEU
Processor name: Intel(R) Core(TM) i3 CPU        550  @ 3.20GHz
Processor identifier: Intel64 Family 6 Model 37 Stepping 5
Processor speed: ~3192MHZ
Raw info: processorarchitecture 9, processortype 8664, processorlevel 6, processor revision 9477, number of processors 4, processor features: [MMX,SSE,SSE2,SSE3]
Physical memory available: 2477453312 bytes
Physical memory total: 6298877952 bytes
Virtual memory available: 1862717440 bytes
Virtual memory total: 2147352576 bytes
Memory load: 60%
Microsoft  Service Pack 1 (build 7601)
Windows startup mode:

Running processes:
PID: 368 name: C:\Windows\System32\smss.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 532 name: C:\Windows\System32\csrss.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 592 name: C:\Windows\System32\wininit.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 612 name: C:\Windows\System32\csrss.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 660 name: C:\Windows\System32\services.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 668 name: C:\Windows\System32\lsass.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 676 name: C:\Windows\System32\lsm.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 804 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 864 name: C:\Windows\System32\nvvsvc.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 892 name: C:\Windows\System32\svchost.exe owner: NETZWERKDIENST domain: NT-AUTORITÄT
PID: 964 name: C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 996 name: C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1016 name: C:\Windows\System32\winlogon.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 648 name: C:\Windows\System32\svchost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT
PID: 1032 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1068 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1304 name: C:\Windows\System32\nvvsvc.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1316 name: C:\Windows\System32\svchost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT
PID: 1424 name: C:\Windows\System32\svchost.exe owner: NETZWERKDIENST domain: NT-AUTORITÄT
PID: 1676 name: C:\Windows\System32\spoolsv.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1712 name: C:\Windows\System32\svchost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT
PID: 1860 name: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1144 name: C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1324 name: C:\Program Files\Bonjour\mDNSResponder.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1500 name: C:\Windows\SysWOW64\ezSharedSvcHost.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1988 name: C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1952 name: C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 2052 name: C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 2076 name: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 2104 name: C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 2160 name: C:\Program Files (x86)\PDF Complete\pdfsvc.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 2296 name: C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE owner: SYSTEM domain: NT-AUTORITÄT
PID: 2504 name: C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE owner: SYSTEM domain: NT-AUTORITÄT
PID: 2764 name: C:\Windows\System32\svchost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT
PID: 2824 name: C:\Windows\System32\svchost.exe owner: NETZWERKDIENST domain: NT-AUTORITÄT
PID: 2868 name: C:\Windows\System32\WUDFHost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT
PID: 3460 name: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 3524 name: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 3584 name: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 3644 name: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 3724 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 3780 name: C:\Program Files\Windows Media Player\wmpnetwk.exe owner: NETZWERKDIENST domain: NT-AUTORITÄT
PID: 3936 name: C:\Windows\System32\SearchIndexer.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 548 name: C:\Windows\System32\taskhost.exe owner: Blubb domain: Blubb-Neu
PID: 2944 name: C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe owner: Blubb domain: Blubb-Neu
PID: 2800 name: C:\Windows\System32\dwm.exe owner: Blubb domain: Blubb-Neu
PID: 3376 name: C:\Windows\explorer.exe owner: Blubb domain: Blubb-Neu
PID: 3928 name: C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe owner: Blubb domain: Blubb-Neu
PID: 1784 name: C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe owner: Blubb domain: Blubb-Neu
PID: 1200 name: C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe owner: Blubb domain: Blubb-Neu
PID: 4080 name: C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE owner: Blubb domain: Blubb-Neu
PID: 1796 name: C:\Program Files (x86)\ICQ7.5\ICQ.exe owner: Blubb domain: Blubb-Neu
PID: 1888 name: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe owner: Blubb domain: Blubb-Neu
PID: 3932 name: C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe owner: Blubb domain: Blubb-Neu
PID: 1216 name: C:\Program Files (x86)\iTunes\iTunesHelper.exe owner: Blubb domain: Blubb-Neu
PID: 3632 name: C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE owner: Blubb domain: Blubb-Neu
PID: 1268 name: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe owner: Blubb domain: Blubb-Neu
PID: 3400 name: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe owner: Blubb domain: Blubb-Neu
PID: 4128 name: C:\Windows\System32\svchost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT
PID: 4284 name: C:\Windows\splwow64.exe owner: Blubb domain: Blubb-Neu
PID: 4668 name: C:\Program Files\iPod\bin\iPodService.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 4880 name: C:\Windows\System32\WUDFHost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT
PID: 924 name: C:\Program Files (x86)\Internet Explorer\iexplore.exe owner: Blubb domain: Blubb-Neu
PID: 4140 name: C:\Program Files (x86)\Internet Explorer\iexplore.exe owner: Blubb domain: Blubb-Neu
PID: 3760 name: C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE owner: NETZWERKDIENST domain: NT-AUTORITÄT
PID: 5812 name: C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe owner: Blubb domain: Blubb-Neu
PID: 2280 name: C:\Program Files (x86)\Java\jre6\bin\jp2launcher.exe owner: Blubb domain: Blubb-Neu
PID: 5504 name: C:\Program Files (x86)\Java\jre6\bin\java.exe owner: Blubb domain: Blubb-Neu
PID: 5772 name: C:\Windows\System32\conhost.exe owner: Blubb domain: Blubb-Neu
PID: 6068 name: C:\Program Files (x86)\Internet Explorer\iexplore.exe owner: Blubb domain: Blubb-Neu
PID: 5768 name: C:\Program Files (x86)\iTunes\iTunes.exe owner: Blubb domain: Blubb-Neu
PID: 4044 name: C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe owner: Blubb domain: Blubb-Neu
PID: 4512 name: C:\Windows\System32\conhost.exe owner: Blubb domain: Blubb-Neu
PID: 3332 name: C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe owner: Blubb domain: Blubb-Neu
PID: 4584 name: C:\Windows\System32\conhost.exe owner: Blubb domain: Blubb-Neu
PID: 3264 name: C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe owner: Blubb domain: Blubb-Neu
PID: 5560 name: C:\Windows\System32\conhost.exe owner: Blubb domain: Blubb-Neu
PID: 2436 name: C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe owner: Blubb domain: Blubb-Neu
PID: 4772 name: C:\Windows\System32\conhost.exe owner: Blubb domain: Blubb-Neu
PID: 5160 name: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe owner: Blubb domain: Blubb-Neu
PID: 5276 name: C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe owner: LOKALER DIENST domain: NT-AUTORITÄT
PID: 920 name: C:\Program Files\BitDefender\BitDefender 2010\uiscan.exe owner: Blubb domain: Blubb-Neu
PID: 5292 name: C:\Program Files (x86)\Internet Explorer\iexplore.exe owner: Blubb domain: Blubb-Neu
PID: 5720 name: C:\Windows\servicing\TrustedInstaller.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 6020 name: C:\Windows\System32\msiexec.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 5156 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1196 name: C:\Windows\System32\wbem\WmiPrvSE.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 6908 name: C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-Aware.exe owner: Blubb domain: Blubb-Neu
PID: 3516 name: C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 3112 name: C:\Windows\System32\wbem\unsecapp.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 6456 name: C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe owner: Blubb domain: Blubb-Neu

Startup items:
Name: WebCheck
          imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Name: IAStorIcon
          imagepath: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
Name: HP Software Update
          imagepath: c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
Name: PDF Complete
          imagepath: C:\Program Files (x86)\PDF Complete\pdfsty.exe
Name: Norton Online Backup
          imagepath: C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
Name: Easybits Recovery
          imagepath: C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
Name: Adobe ARM
          imagepath: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Name: APSDaemon
          imagepath: "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
Name: iTunesHelper
          imagepath: "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
Name: QuickTime Task
          imagepath: "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
Name: CanonSolutionMenuEx
          imagepath: C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
Name: SunJavaUpdateSched
          imagepath: "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Name: Malwarebytes' Anti-Malware
          imagepath: "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
Name:
          imagepath: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
Name:
          location: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish PictureMover.lnk
          imagepath: C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe

Bootexecute items:
Name:
          imagepath: autocheck autochk *

Running services:
Name: AdobeARMservice
          displayname: Adobe Acrobat Update Service
Name: AeLookupSvc
          displayname: Anwendungserfahrung
Name: Appinfo
          displayname: Anwendungsinformationen
Name: Apple Mobile Device
          displayname: Apple Mobile Device
Name: AudioEndpointBuilder
          displayname: Windows-Audio-Endpunkterstellung
Name: AudioSrv
          displayname: Windows-Audio
Name: BFE
          displayname: Basisfiltermodul
Name: BITS
          displayname: Intelligenter Hintergrundübertragungsdienst
Name: Bonjour Service
          displayname: Dienst "Bonjour"
Name: CryptSvc
          displayname: Kryptografiedienste
Name: DcomLaunch
          displayname: DCOM-Server-Prozessstart
Name: Dhcp
          displayname: DHCP-Client
Name: Dnscache
          displayname: DNS-Client
Name: DPS
          displayname: Diagnoserichtliniendienst
Name: eventlog
          displayname: Windows-Ereignisprotokoll
Name: EventSystem
          displayname: COM+-Ereignissystem
Name: ezSharedSvc
          displayname: Easybits Services for Windows
Name: FontCache
          displayname: Windows-Dienst für Schriftartencache
Name: FontCache3.0.0.0
          displayname: Windows Presentation Foundation-Schriftartcache 3.0.0.0
Name: gpsvc
          displayname: Gruppenrichtlinienclient
Name: hidserv
          displayname: Zugriff auf Eingabegeräte
Name: HP Support Assistant Service
          displayname: HP Support Assistant Service
Name: HPClientSvc
          displayname: HP Client Services
Name: HPDrvMntSvc.exe
          displayname: HP Quick Synchronization Service
Name: IAStorDataMgrSvc
          displayname: Intel(R) Rapid Storage Technology
Name: IKEEXT
          displayname: IKE- und AuthIP IPsec-Schlüsselerstellungsmodule
Name: iphlpsvc
          displayname: IP-Hilfsdienst
Name: iPod Service
          displayname: iPod-Dienst
Name: LanmanServer
          displayname: Server
Name: LanmanWorkstation
          displayname: Arbeitsstationsdienst
Name: LightScribeService
          displayname: LightScribeService Direct Disc Labeling Service
Name: LIVESRV
          displayname: BitDefender Desktop Update Service
Name: lmhosts
          displayname: TCP/IP-NetBIOS-Hilfsdienst
Name: LMS
          displayname: Intel(R) Management and Security Application Local Management Service
Name: MBAMService
          displayname: MBAMService
Name: MMCSS
          displayname: Multimediaklassenplaner
Name: MpsSvc
          displayname: Windows-Firewall
Name: msiserver
          displayname: Windows Installer
Name: Netman
          displayname: Netzwerkverbindungen
Name: netprofm
          displayname: Netzwerklistendienst
Name: NlaSvc
          displayname: NLA (Network Location Awareness)
Name: NOBU
          displayname: Norton Online Backup
Name: nsi
          displayname: Netzwerkspeicher-Schnittstellendienst
Name: nvsvc
          displayname: NVIDIA Display Driver Service
Name: osppsvc
          displayname: Office Software Protection Platform
Name: PcaSvc
          displayname: Programmkompatibilitäts-Assistent-Dienst
Name: pdfcDispatcher
          displayname: PDF Document Manager
Name: PlugPlay
          displayname: Plug & Play
Name: PolicyAgent
          displayname: IPsec-Richtlinien-Agent
Name: Power
          displayname: Stromversorgung
Name: ProfSvc
          displayname: Benutzerprofildienst
Name: ProtectedStorage
          displayname: Geschützter Speicher
Name: RasMan
          displayname: RAS-Verbindungsverwaltung
Name: RpcEptMapper
          displayname: RPC-Endpunktzuordnung
Name: RpcSs
          displayname: Remoteprozeduraufruf (RPC)
Name: SamSs
          displayname: Sicherheitskonto-Manager
Name: Schedule
          displayname: Aufgabenplanung
Name: SENS
          displayname: Benachrichtigungsdienst für Systemereignisse
Name: ShellHWDetection
          displayname: Shellhardwareerkennung
Name: Spooler
          displayname: Druckwarteschlange
Name: SSDPSRV
          displayname: SSDP-Suche
Name: SstpSvc
          displayname: SSTP-Dienst
Name: stisvc
          displayname: Windows-Bilderfassung (WIA)
Name: swprv
          displayname: Microsoft-Softwareschattenkopie-Anbieter
Name: SysMain
          displayname: Superfetch
Name: TapiSrv
          displayname: Telefonie
Name: Themes
          displayname: Designs
Name: TrkWks
          displayname: Überwachung verteilter Verknüpfungen (Client)
Name: TrustedInstaller
          displayname: Windows Modules Installer
Name: UNS
          displayname: Intel(R) Management & Security Application User Notification Service
Name: upnphost
          displayname: UPnP-Gerätehost
Name: UxSms
          displayname: Sitzungs-Manager für Desktopfenster-Manager
Name: VSSERV
          displayname: BitDefender Virus Shield
Name: WdiServiceHost
          displayname: Diagnosediensthost
Name: WinDefend
          displayname: Windows Defender
Name: WinHttpAutoProxySvc
          displayname: WinHTTP-Web Proxy Auto-Discovery-Dienst
Name: Winmgmt
          displayname: Windows-Verwaltungsinstrumentation
Name: wlidsvc
          displayname: Windows Live ID Sign-in Assistant
Name: WMPNetworkSvc
          displayname: Windows Media Player-Netzwerkfreigabedienst
Name: WPDBusEnum
          displayname: Enumeratordienst für tragbare Geräte
Name: wscsvc
          displayname: Sicherheitscenter
Name: WSearch
          displayname: Windows Search
Name: wuauserv
          displayname: Windows Update
Name: wudfsvc
          displayname: Windows Driver Foundation - Benutzermodus-Treiberframework
Name: Lavasoft Ad-Aware Service
          displayname: Lavasoft Ad-Aware Service

cosinus 28.12.2011 23:08
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

interaktion 28.12.2011 23:39
Hey,

here you go:

Code:
OTL logfile created on: 12/28/2011 11:20:37 PM - Run 2
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\Blubb\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5.87 Gb Total Physical Memory | 3.79 Gb Available Physical Memory | 64.62% Memory free
11.73 Gb Paging File | 9.64 Gb Available in Paging File | 82.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917.55 Gb Total Space | 724.29 Gb Free Space | 78.94% Space Free | Partition Type: NTFS
Drive D: | 13.87 Gb Total Space | 1.68 Gb Free Space | 12.10% Space Free | Partition Type: NTFS
Drive E: | 677.69 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: BLUBB-NEU | User Name: Blubb | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011/12/23 03:23:49 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Blubb\Desktop\OTL.exe
PRC - [2011/12/10 12:53:44 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/09/28 16:09:28 | 001,119,768 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2010/04/23 20:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/23 20:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/03/04 04:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/04 04:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/10/01 05:02:50 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/10/01 05:02:48 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2008/11/20 18:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011/10/13 08:06:52 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\3c8f9ba115087754b5b1d8394fc818ba\IAStorUtil.ni.dll
MOD - [2011/10/13 08:01:38 | 011,819,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\8e7909ef6b5f953d49244c6b9f5f5100\System.Web.ni.dll
MOD - [2011/10/13 08:01:33 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll
MOD - [2011/10/13 08:01:16 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/10/13 08:01:11 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/10/13 08:01:02 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011/10/13 08:00:58 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/10/13 08:00:56 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/10/13 08:00:55 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/13 08:00:52 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/04/06 04:54:22 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010/11/13 01:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011/08/12 00:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2011/05/19 05:37:01 | 000,409,672 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV)
SRV:64bit: - [2010/08/06 03:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/03/24 11:43:38 | 002,299,656 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe -- (VSSERV)
SRV:64bit: - [2010/03/12 15:42:40 | 000,393,728 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan)
SRV:64bit: - [2009/10/19 19:04:58 | 000,278,224 | ---- | M] (BitDefender S.R.L. hxxp://www.bitdefender.com) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe -- (Arrakis3)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2011/10/28 19:35:26 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/21 14:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/24 13:13:07 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/09/28 16:09:28 | 001,119,768 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2010/06/19 02:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/06/01 23:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/04 04:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009/10/01 05:02:50 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/10/01 05:02:48 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/10/28 19:35:28 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2011/07/22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS -- (SASDIFSV)
DRV:64bit: - [2011/07/12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS -- (SASKUTIL)
DRV:64bit: - [2011/05/19 05:37:12 | 000,089,680 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys -- (bdfwfpf)
DRV:64bit: - [2011/05/10 07:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/03 07:59:26 | 000,349,800 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/06/22 02:07:38 | 000,131,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/03/04 03:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/22 13:57:54 | 000,347,336 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV:64bit: - [2010/01/29 13:47:04 | 000,163,936 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\bdfm.sys -- (BDFM)
DRV:64bit: - [2009/09/17 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK/4
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Blubb\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
 
 
O1 HOSTS File: ([2011/05/29 13:38:12 | 000,434,670 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1        www.007guard.com
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        www.008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        www.00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        www.0scan.com
O1 - Hosts: 127.0.0.1        0scan.com
O1 - Hosts: 127.0.0.1        1000gratisproben.com
O1 - Hosts: 127.0.0.1        www.1000gratisproben.com
O1 - Hosts: 127.0.0.1        1001namen.com
O1 - Hosts: 127.0.0.1        www.1001namen.com
O1 - Hosts: 127.0.0.1        100888290cs.com
O1 - Hosts: 127.0.0.1        www.100888290cs.com
O1 - Hosts: 127.0.0.1        www.100sexlinks.com
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        www.10sek.com
O1 - Hosts: 127.0.0.1        www.1-2005-search.com
O1 - Hosts: 127.0.0.1        1-2005-search.com
O1 - Hosts: 127.0.0.1        123fporn.info
O1 - Hosts: 14957 more lines...
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\IEToolbar.dll (BitDefender S.R.L.)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\Antispam32\IEToolbar.dll (BitDefender S.R.L.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe (BitDefender S.R.L.)
O4:64bit: - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe (BitDefender S.R.L.)
O4:64bit: - HKLM..\Run: [BitDefender Antiphishing Helper 32] C:\Program Files\BitDefender\BitDefender 2010\Antispam32\IEShow.exe (BitDefender S.R.L.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [Corel Photo Downloader] C:\Program Files (x86)\Corel\Corel Snapfire\Corel Photo Downloader.exe (Corel, Inc.)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKCU..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Blubb\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\Windows\is-FDPDN.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B863EC08-5BA9-4F6F-A3E8-A201DB2FFA90}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FED421C8-E781-4DF8-8530-40B09201897C}: DhcpNameServer = 10.111.81.129 10.129.32.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/22 16:17:27 | 000,000,175 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{d32e8ecf-600d-11e0-99ba-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d32e8ecf-600d-11e0-99ba-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe -- [2010/03/12 07:05:38 | 001,377,656 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{d32e8ecf-600d-11e0-99ba-806e6f6e6963}\Shell\configure\command - "" = E:\setup.exe -- [2010/03/12 07:05:38 | 001,377,656 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{d32e8ecf-600d-11e0-99ba-806e6f6e6963}\Shell\install\command - "" = E:\setup.exe -- [2010/03/12 07:05:38 | 001,377,656 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
 
SafeBootMin:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker 2.6
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/12/28 19:55:38 | 000,000,000 | ---D | C] -- C:\Users\Blubb\AppData\Roaming\SUPERAntiSpyware.com
[2011/12/28 19:55:21 | 000,000,000 | ---D | C] -- C:\Users\Blubb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/12/28 19:55:16 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/12/28 19:55:16 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/12/28 16:25:39 | 000,069,376 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2011/12/28 16:25:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011/12/28 16:25:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2011/12/27 02:18:45 | 000,000,000 | ---D | C] -- C:\Users\Blubb\AppData\Local\WMTools Downloaded Files
[2011/12/27 01:43:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011/12/27 01:43:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/12/27 01:40:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2011/12/27 01:40:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2011/12/27 01:40:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2011/12/27 01:39:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/12/27 01:39:43 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011/12/27 00:51:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Movie Maker 2.6
[2011/12/27 00:47:10 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011/12/26 23:11:00 | 000,000,000 | ---D | C] -- C:\Windows\de
[2011/12/26 23:09:54 | 000,000,000 | ---D | C] -- C:\Windows\en
[2011/12/26 23:07:01 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2011/12/26 23:03:33 | 000,000,000 | ---D | C] -- C:\Users\Blubb\AppData\Local\Windows Live
[2011/12/23 20:38:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/12/23 15:23:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/23 15:23:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/12/23 03:23:39 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Blubb\Desktop\OTL.exe
[2011/12/12 17:15:41 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJScan
[2011/12/12 17:15:40 | 000,000,000 | ---D | C] -- C:\Users\Blubb\AppData\Roaming\Canon
[2011/12/08 21:31:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/12/08 21:31:27 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2011/12/08 21:15:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011/12/28 22:32:02 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3701193968-2768520944-2608497257-1000UA.job
[2011/12/28 22:32:01 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3701193968-2768520944-2608497257-1000Core.job
[2011/12/28 21:05:01 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/28 21:05:01 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/28 20:56:30 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/12/28 20:56:30 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011/12/28 20:56:30 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/12/28 20:56:30 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011/12/28 20:56:30 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/12/28 20:53:35 | 000,709,968 | ---- | M] () -- C:\Windows\is-FDPDN.exe
[2011/12/28 20:53:35 | 000,012,782 | ---- | M] () -- C:\Windows\is-FDPDN.msg
[2011/12/28 20:53:35 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/28 20:53:35 | 000,000,459 | ---- | M] () -- C:\Windows\is-FDPDN.lst
[2011/12/28 20:50:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/28 20:50:31 | 429,191,167 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/28 20:50:05 | 000,000,052 | ---- | M] () -- C:\Windows\SysNative\ashttpstats.csv
[2011/12/28 19:55:21 | 000,001,810 | ---- | M] () -- C:\Users\Blubb\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/12/28 16:28:52 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/12/28 16:28:51 | 000,016,432 | ---- | M] () -- C:\Windows\SysNative\lsdelete.exe
[2011/12/28 16:25:40 | 000,001,062 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/12/27 14:08:34 | 002,350,352 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/27 02:10:39 | 000,003,584 | ---- | M] () -- C:\Users\Blubb\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/27 00:50:11 | 000,003,029 | ---- | M] () -- C:\Users\Blubb\Desktop\Microsoft Word 2010.lnk
[2011/12/27 00:50:08 | 000,003,231 | ---- | M] () -- C:\Users\Blubb\Desktop\Microsoft Outlook 2010.lnk
[2011/12/23 12:53:25 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBlubb.job
[2011/12/23 03:23:49 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Blubb\Desktop\OTL.exe
[2011/12/23 03:11:49 | 000,000,000 | ---- | M] () -- C:\Users\Blubb\defogger_reenable
[2011/12/20 13:29:13 | 002,008,352 | ---- | M] () -- C:\Users\Blubb\Desktop\IMG_0448.JPG
[2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/12/08 21:31:28 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/12/08 10:57:08 | 154,528,034 | ---- | M] () -- C:\Users\Blubb\Desktop\Oberstdorf-11-2011.wmv
[2011/12/06 02:04:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBLUBB-NEU$.job
[2011/12/02 23:20:10 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_netaapl64_01009.Wdf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011/12/28 20:53:35 | 000,709,968 | ---- | C] () -- C:\Windows\is-FDPDN.exe
[2011/12/28 20:53:35 | 000,012,782 | ---- | C] () -- C:\Windows\is-FDPDN.msg
[2011/12/28 20:53:35 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/28 20:53:35 | 000,000,459 | ---- | C] () -- C:\Windows\is-FDPDN.lst
[2011/12/28 19:55:21 | 000,001,810 | ---- | C] () -- C:\Users\Blubb\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/12/28 19:04:05 | 000,016,432 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe
[2011/12/28 16:25:40 | 000,001,062 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/12/27 02:10:39 | 000,003,584 | ---- | C] () -- C:\Users\Blubb\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/27 00:51:13 | 000,002,507 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker 2.6.lnk
[2011/12/27 00:50:11 | 000,003,029 | ---- | C] () -- C:\Users\Blubb\Desktop\Microsoft Word 2010.lnk
[2011/12/27 00:50:08 | 000,003,231 | ---- | C] () -- C:\Users\Blubb\Desktop\Microsoft Outlook 2010.lnk
[2011/12/26 23:01:36 | 154,528,034 | ---- | C] () -- C:\Users\Blubb\Desktop\Oberstdorf-11-2011.wmv
[2011/12/23 03:11:49 | 000,000,000 | ---- | C] () -- C:\Users\Blubb\defogger_reenable
[2011/12/20 13:30:58 | 002,008,352 | ---- | C] () -- C:\Users\Blubb\Desktop\IMG_0448.JPG
[2011/12/08 21:31:28 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/12/02 23:20:10 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_netaapl64_01009.Wdf
[2011/08/17 17:21:54 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2011/08/17 17:21:48 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2011/07/08 20:28:06 | 000,000,020 | ---- | C] () -- C:\Windows\mafosav.INI
[2011/06/10 14:25:13 | 000,001,854 | ---- | C] () -- C:\Users\Blubb\AppData\Roaming\GhostObjGAFix.xml
[2011/05/29 03:43:33 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/05/29 03:43:33 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/04/22 16:27:42 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/04/21 16:42:01 | 000,000,121 | ---- | C] () -- C:\Windows\bdagent.INI
[2011/04/21 15:57:48 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/04/06 04:32:35 | 000,009,988 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2010/09/21 18:30:44 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2011/04/23 20:45:59 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Amazon
[2011/05/18 20:02:10 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\BitDefender
[2011/12/12 17:27:40 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Canon
[2011/12/07 21:31:54 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Dropbox
[2011/10/06 02:02:19 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\FreeHideIP
[2011/12/28 23:20:01 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\ICQ
[2011/10/21 21:48:38 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Origin
[2011/04/21 16:06:39 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\PictureMover
[2011/07/08 20:15:32 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Systweak
[2011/10/21 14:02:15 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\WinBatch
[2011/12/28 22:32:01 | 000,000,906 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3701193968-2768520944-2608497257-1000Core.job
[2011/12/28 22:32:02 | 000,000,928 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3701193968-2768520944-2608497257-1000UA.job
[2011/12/05 21:24:48 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011/09/30 13:20:57 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Adobe
[2011/04/23 20:45:59 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Amazon
[2011/07/25 21:35:33 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Apple Computer
[2011/05/18 20:02:10 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\BitDefender
[2011/08/17 17:22:56 | 000,000,000 | R--D | M] -- C:\Users\Blubb\AppData\Roaming\Brother
[2011/12/12 17:27:40 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Canon
[2011/12/07 19:11:43 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Corel
[2011/05/14 19:15:17 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\CyberLink
[2011/12/07 21:31:54 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Dropbox
[2011/10/06 02:02:19 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\FreeHideIP
[2011/10/21 13:57:31 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Hewlett-Packard
[2011/12/23 12:08:46 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\HP Support Assistant
[2011/10/21 14:04:11 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\hpqLog
[2011/12/23 12:08:46 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\HpUpdate
[2011/12/28 23:20:01 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\ICQ
[2011/04/21 16:05:24 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Identities
[2011/08/17 17:21:00 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\InstallShield
[2011/04/21 16:05:39 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Intel Corporation
[2011/04/06 04:37:02 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Macromedia
[2011/05/30 02:30:16 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Malwarebytes
[2009/07/14 08:44:38 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Media Center Programs
[2011/12/23 11:12:28 | 000,000,000 | --SD | M] -- C:\Users\Blubb\AppData\Roaming\Microsoft
[2011/05/27 15:30:06 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Mozilla
[2011/10/21 21:48:38 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Origin
[2011/04/21 16:06:39 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\PictureMover
[2011/12/22 01:03:06 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Skype
[2011/12/28 19:55:38 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\SUPERAntiSpyware.com
[2011/07/08 20:15:32 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Systweak
[2011/10/21 14:02:15 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\WinBatch
[2011/04/22 15:46:12 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2011/09/30 13:22:08 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Blubb\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011/04/21 18:14:13 | 000,010,134 | R--- | M] () -- C:\Users\Blubb\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20776_none_39c28c74544f69e8\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2009/06/25 15:06:52 | 000,001,024 | ---- | M] () MD5=231CD46A29C26A58BDE1C7146B702399 -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\lib\eventlog.dll
[2008/06/06 22:03:52 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll
 
< MD5 for: IASTOR.SYS  >
[2010/03/04 03:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\swsetup\DRV\Storage\Intel\RST\9.6\x64\iaStor.sys
[2010/03/04 03:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\Windows\SysNative\drivers\iaStor.sys
[2010/03/04 03:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_78ebae21a80aa2b4\iaStor.sys
[2010/03/04 03:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_d73865c94450cce1\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010/11/20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/04/06 05:08:57 | 000,410,504 | ---- | M] (Intel Corporation) MD5=513DC087CFED7D2BB82F005385D3531F -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16592_none_0af87721a183cb70\iaStorV.sys
[2011/03/11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
[2011/04/06 05:08:57 | 000,410,496 | ---- | M] (Intel Corporation) MD5=E353CF970C5D4D6A092911E15FB78C07 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20712_none_0bd89532ba6088d9\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009/07/14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010/11/20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011/04/06 05:08:57 | 000,166,280 | ---- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_95c1e7d0d8ba7548\nvstor.sys
[2009/07/14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011/04/06 05:08:57 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=CE76755AF933E728CEBA6C7A970838A4 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_96a205e1f19732b1\nvstor.sys
[2011/03/11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010/11/20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010/11/20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010/11/20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009/07/14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010/11/20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010/11/20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2011/04/06 05:04:20 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2011/04/06 05:04:20 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009/07/14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<          >

< End of report >

cosinus 29.12.2011 00:26
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/22 16:17:27 | 000,000,175 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{d32e8ecf-600d-11e0-99ba-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d32e8ecf-600d-11e0-99ba-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe -- [2010/03/12 07:05:38 | 001,377,656 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{d32e8ecf-600d-11e0-99ba-806e6f6e6963}\Shell\configure\command - "" = E:\setup.exe -- [2010/03/12 07:05:38 | 001,377,656 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{d32e8ecf-600d-11e0-99ba-806e6f6e6963}\Shell\install\command - "" = E:\setup.exe -- [2010/03/12 07:05:38 | 001,377,656 | R--- | M] (Microsoft Corporation)
[2011/12/28 20:53:35 | 000,709,968 | ---- | C] () -- C:\Windows\is-FDPDN.exe
[2011/12/28 20:53:35 | 000,012,782 | ---- | C] () -- C:\Windows\is-FDPDN.msg
[2011/12/28 20:53:35 | 000,000,459 | ---- | C] () -- C:\Windows\is-FDPDN.lst
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

interaktion 29.12.2011 01:40
Code:
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File move failed. E:\autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d32e8ecf-600d-11e0-99ba-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d32e8ecf-600d-11e0-99ba-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d32e8ecf-600d-11e0-99ba-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d32e8ecf-600d-11e0-99ba-806e6f6e6963}\ not found.
File move failed. E:\setup.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d32e8ecf-600d-11e0-99ba-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d32e8ecf-600d-11e0-99ba-806e6f6e6963}\ not found.
File move failed. E:\setup.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d32e8ecf-600d-11e0-99ba-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d32e8ecf-600d-11e0-99ba-806e6f6e6963}\ not found.
File move failed. E:\setup.exe scheduled to be moved on reboot.
File C:\Windows\is-FDPDN.exe not found.
File C:\Windows\is-FDPDN.msg not found.
File C:\Windows\is-FDPDN.lst not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Blubb
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 3016849692 bytes
->Java cache emptied: 756126 bytes
->Apple Safari cache emptied: 14491648 bytes
->Flash cache emptied: 58891 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 709968 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 29605 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
RecycleBin emptied: 7646970 bytes
 
Total Files Cleaned = 2,900.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 12292011_013307

Files\Folders moved on Reboot...
File move failed. E:\autorun.inf scheduled to be moved on reboot.
File move failed. E:\setup.exe scheduled to be moved on reboot.

Registry entries deleted on Reboot...
Die IP wird immer noch geblockt...

cosinus 29.12.2011 01:50
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

interaktion 29.12.2011 14:31
Code:
14:29:04.0565 3280        TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
14:29:05.0181 3280        ============================================================
14:29:05.0181 3280        Current date / time: 2011/12/29 14:29:05.0181
14:29:05.0181 3280        SystemInfo:
14:29:05.0181 3280       
14:29:05.0181 3280        OS Version: 6.1.7601 ServicePack: 1.0
14:29:05.0181 3280        Product type: Workstation
14:29:05.0182 3280        ComputerName: BLUBB-NEU
14:29:05.0182 3280        UserName: Blubb
14:29:05.0182 3280        Windows directory: C:\Windows
14:29:05.0182 3280        System windows directory: C:\Windows
14:29:05.0182 3280        Running under WOW64
14:29:05.0182 3280        Processor architecture: Intel x64
14:29:05.0182 3280        Number of processors: 4
14:29:05.0182 3280        Page size: 0x1000
14:29:05.0182 3280        Boot type: Normal boot
14:29:05.0182 3280        ============================================================
14:29:05.0490 3280        Initialize success
14:29:27.0536 5200        ============================================================
14:29:27.0536 5200        Scan started
14:29:27.0536 5200        Mode: Manual; SigCheck; TDLFS;
14:29:27.0537 5200        ============================================================
14:29:29.0012 5200        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
14:29:29.0121 5200        1394ohci - ok
14:29:29.0169 5200        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:29:29.0197 5200        ACPI - ok
14:29:29.0214 5200        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:29:29.0245 5200        AcpiPmi - ok
14:29:29.0337 5200        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
14:29:29.0373 5200        adp94xx - ok
14:29:29.0397 5200        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
14:29:29.0418 5200        adpahci - ok
14:29:29.0448 5200        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
14:29:29.0465 5200        adpu320 - ok
14:29:29.0526 5200        AFD            (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
14:29:29.0577 5200        AFD - ok
14:29:29.0601 5200        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:29:29.0622 5200        agp440 - ok
14:29:29.0649 5200        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:29:29.0668 5200        aliide - ok
14:29:29.0697 5200        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:29:29.0710 5200        amdide - ok
14:29:29.0729 5200        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
14:29:29.0755 5200        AmdK8 - ok
14:29:29.0771 5200        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
14:29:29.0811 5200        AmdPPM - ok
14:29:29.0840 5200        amdsata        (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
14:29:29.0858 5200        amdsata - ok
14:29:29.0886 5200        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
14:29:29.0908 5200        amdsbs - ok
14:29:29.0934 5200        amdxata        (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
14:29:29.0942 5200        amdxata - ok
14:29:29.0986 5200        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:29:30.0053 5200        AppID - ok
14:29:30.0103 5200        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
14:29:30.0127 5200        arc - ok
14:29:30.0141 5200        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
14:29:30.0169 5200        arcsas - ok
14:29:30.0253 5200        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:29:30.0320 5200        AsyncMac - ok
14:29:30.0344 5200        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:29:30.0356 5200        atapi - ok
14:29:30.0388 5200        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
14:29:30.0426 5200        b06bdrv - ok
14:29:30.0472 5200        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:29:30.0523 5200        b57nd60a - ok
14:29:30.0573 5200        BDFM            (f050e487a787239c182c279ca97e8cf4) C:\Windows\system32\DRIVERS\bdfm.sys
14:29:30.0610 5200        BDFM - ok
14:29:30.0628 5200        bdfsfltr        (abd97bfb299713a51fe36aaab71f73a2) C:\Windows\system32\DRIVERS\bdfsfltr.sys
14:29:30.0643 5200        bdfsfltr - ok
14:29:30.0706 5200        bdfwfpf        (1d634cdb4f742ac282d5265d46829ff6) C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys
14:29:30.0726 5200        bdfwfpf - ok
14:29:30.0753 5200        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:29:30.0828 5200        Beep - ok
14:29:30.0879 5200        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:29:30.0909 5200        blbdrive - ok
14:29:30.0973 5200        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
14:29:31.0007 5200        bowser - ok
14:29:31.0023 5200        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:29:31.0055 5200        BrFiltLo - ok
14:29:31.0076 5200        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:29:31.0093 5200        BrFiltUp - ok
14:29:31.0110 5200        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:29:31.0149 5200        Brserid - ok
14:29:31.0165 5200        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:29:31.0187 5200        BrSerWdm - ok
14:29:31.0206 5200        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:29:31.0241 5200        BrUsbMdm - ok
14:29:31.0258 5200        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:29:31.0286 5200        BrUsbSer - ok
14:29:31.0309 5200        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
14:29:31.0346 5200        BTHMODEM - ok
14:29:31.0366 5200        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:29:31.0402 5200        cdfs - ok
14:29:31.0440 5200        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
14:29:31.0507 5200        cdrom - ok
14:29:31.0551 5200        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
14:29:31.0604 5200        circlass - ok
14:29:31.0637 5200        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:29:31.0660 5200        CLFS - ok
14:29:31.0688 5200        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
14:29:31.0717 5200        CmBatt - ok
14:29:31.0749 5200        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:29:31.0770 5200        cmdide - ok
14:29:31.0808 5200        CNG            (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
14:29:31.0842 5200        CNG - ok
14:29:31.0861 5200        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
14:29:31.0873 5200        Compbatt - ok
14:29:31.0902 5200        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
14:29:31.0945 5200        CompositeBus - ok
14:29:31.0978 5200        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
14:29:31.0993 5200        crcdisk - ok
14:29:32.0032 5200        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:29:32.0088 5200        DfsC - ok
14:29:32.0111 5200        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:29:32.0143 5200        discache - ok
14:29:32.0157 5200        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
14:29:32.0166 5200        Disk - ok
14:29:32.0188 5200        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:29:32.0204 5200        drmkaud - ok
14:29:32.0247 5200        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
14:29:32.0272 5200        DXGKrnl - ok
14:29:32.0348 5200        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
14:29:32.0470 5200        ebdrv - ok
14:29:32.0517 5200        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
14:29:32.0544 5200        elxstor - ok
14:29:32.0558 5200        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:29:32.0579 5200        ErrDev - ok
14:29:32.0600 5200        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:29:32.0641 5200        exfat - ok
14:29:32.0665 5200        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:29:32.0724 5200        fastfat - ok
14:29:32.0756 5200        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
14:29:32.0794 5200        fdc - ok
14:29:32.0818 5200        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:29:32.0829 5200        FileInfo - ok
14:29:32.0844 5200        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:29:32.0886 5200        Filetrace - ok
14:29:32.0905 5200        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
14:29:32.0919 5200        flpydisk - ok
14:29:32.0949 5200        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
14:29:32.0966 5200        FltMgr - ok
14:29:32.0980 5200        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:29:32.0992 5200        FsDepends - ok
14:29:33.0010 5200        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
14:29:33.0021 5200        Fs_Rec - ok
14:29:33.0058 5200        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:29:33.0075 5200        fvevol - ok
14:29:33.0097 5200        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
14:29:33.0112 5200        gagp30kx - ok
14:29:33.0145 5200        GEARAspiWDM    (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:29:33.0151 5200        GEARAspiWDM - ok
14:29:33.0171 5200        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:29:33.0183 5200        hcw85cir - ok
14:29:33.0222 5200        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
14:29:33.0262 5200        HdAudAddService - ok
14:29:33.0284 5200        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
14:29:33.0327 5200        HDAudBus - ok
14:29:33.0364 5200        HECIx64        (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
14:29:33.0383 5200        HECIx64 - ok
14:29:33.0402 5200        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
14:29:33.0430 5200        HidBatt - ok
14:29:33.0445 5200        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
14:29:33.0484 5200        HidBth - ok
14:29:33.0505 5200        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
14:29:33.0543 5200        HidIr - ok
14:29:33.0583 5200        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
14:29:33.0621 5200        HidUsb - ok
14:29:33.0677 5200        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
14:29:33.0693 5200        HpSAMD - ok
14:29:33.0726 5200        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
14:29:33.0781 5200        HTTP - ok
14:29:33.0807 5200        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
14:29:33.0817 5200        hwpolicy - ok
14:29:33.0863 5200        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
14:29:33.0880 5200        i8042prt - ok
14:29:33.0918 5200        iaStor          (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
14:29:33.0935 5200        iaStor - ok
14:29:33.0959 5200        iaStorV        (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
14:29:33.0983 5200        iaStorV - ok
14:29:33.0997 5200        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
14:29:34.0008 5200        iirsp - ok
14:29:34.0084 5200        IntcAzAudAddService (3c4b4ee54febb09f7e9f58776de96dca) C:\Windows\system32\drivers\RTKVHD64.sys
14:29:34.0157 5200        IntcAzAudAddService - ok
14:29:34.0183 5200        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:29:34.0204 5200        intelide - ok
14:29:34.0219 5200        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:29:34.0246 5200        intelppm - ok
14:29:34.0285 5200        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:29:34.0338 5200        IpFilterDriver - ok
14:29:34.0358 5200        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
14:29:34.0382 5200        IPMIDRV - ok
14:29:34.0403 5200        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:29:34.0459 5200        IPNAT - ok
14:29:34.0513 5200        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:29:34.0561 5200        IRENUM - ok
14:29:34.0580 5200        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:29:34.0592 5200        isapnp - ok
14:29:34.0615 5200        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
14:29:34.0635 5200        iScsiPrt - ok
14:29:34.0649 5200        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
14:29:34.0660 5200        kbdclass - ok
14:29:34.0685 5200        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
14:29:34.0713 5200        kbdhid - ok
14:29:34.0748 5200        KSecDD          (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
14:29:34.0769 5200        KSecDD - ok
14:29:34.0801 5200        KSecPkg        (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
14:29:34.0817 5200        KSecPkg - ok
14:29:34.0833 5200        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:29:34.0889 5200        ksthunk - ok
14:29:34.0959 5200        Lbd            (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys
14:29:34.0978 5200        Lbd - ok
14:29:35.0023 5200        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:29:35.0107 5200        lltdio - ok
14:29:35.0141 5200        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
14:29:35.0153 5200        LSI_FC - ok
14:29:35.0171 5200        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
14:29:35.0184 5200        LSI_SAS - ok
14:29:35.0205 5200        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:29:35.0217 5200        LSI_SAS2 - ok
14:29:35.0226 5200        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:29:35.0240 5200        LSI_SCSI - ok
14:29:35.0263 5200        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:29:35.0330 5200        luafv - ok
14:29:35.0360 5200        MBAMProtector  (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
14:29:35.0370 5200        MBAMProtector - ok
14:29:35.0388 5200        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
14:29:35.0403 5200        megasas - ok
14:29:35.0433 5200        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
14:29:35.0465 5200        MegaSR - ok
14:29:35.0484 5200        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:29:35.0523 5200        Modem - ok
14:29:35.0536 5200        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:29:35.0583 5200        monitor - ok
14:29:35.0646 5200        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
14:29:35.0666 5200        mouclass - ok
14:29:35.0693 5200        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:29:35.0724 5200        mouhid - ok
14:29:35.0756 5200        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
14:29:35.0772 5200        mountmgr - ok
14:29:35.0795 5200        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
14:29:35.0814 5200        mpio - ok
14:29:35.0823 5200        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:29:35.0865 5200        mpsdrv - ok
14:29:35.0898 5200        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
14:29:35.0931 5200        MRxDAV - ok
14:29:35.0963 5200        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:29:35.0995 5200        mrxsmb - ok
14:29:36.0029 5200        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:29:36.0059 5200        mrxsmb10 - ok
14:29:36.0077 5200        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:29:36.0096 5200        mrxsmb20 - ok
14:29:36.0123 5200        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
14:29:36.0139 5200        msahci - ok
14:29:36.0160 5200        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
14:29:36.0178 5200        msdsm - ok
14:29:36.0199 5200        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:29:36.0236 5200        Msfs - ok
14:29:36.0262 5200        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:29:36.0314 5200        mshidkmdf - ok
14:29:36.0330 5200        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:29:36.0339 5200        msisadrv - ok
14:29:36.0365 5200        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:29:36.0408 5200        MSKSSRV - ok
14:29:36.0434 5200        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:29:36.0469 5200        MSPCLOCK - ok
14:29:36.0479 5200        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:29:36.0560 5200        MSPQM - ok
14:29:36.0587 5200        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
14:29:36.0603 5200        MsRPC - ok
14:29:36.0619 5200        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
14:29:36.0627 5200        mssmbios - ok
14:29:36.0640 5200        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:29:36.0683 5200        MSTEE - ok
14:29:36.0705 5200        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
14:29:36.0740 5200        MTConfig - ok
14:29:36.0758 5200        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:29:36.0769 5200        Mup - ok
14:29:36.0805 5200        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:29:36.0843 5200        NativeWifiP - ok
14:29:36.0905 5200        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
14:29:36.0946 5200        NDIS - ok
14:29:36.0977 5200        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:29:37.0018 5200        NdisCap - ok
14:29:37.0041 5200        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:29:37.0079 5200        NdisTapi - ok
14:29:37.0105 5200        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
14:29:37.0144 5200        Ndisuio - ok
14:29:37.0175 5200        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
14:29:37.0244 5200        NdisWan - ok
14:29:37.0281 5200        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
14:29:37.0330 5200        NDProxy - ok
14:29:37.0380 5200        Netaapl        (6f4607e2333fe21e9e3ff8133a88b35b) C:\Windows\system32\DRIVERS\netaapl64.sys
14:29:37.0399 5200        Netaapl - ok
14:29:37.0415 5200        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:29:37.0473 5200        NetBIOS - ok
14:29:37.0498 5200        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
14:29:37.0548 5200        NetBT - ok
14:29:37.0584 5200        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
14:29:37.0596 5200        nfrd960 - ok
14:29:37.0625 5200        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:29:37.0662 5200        Npfs - ok
14:29:37.0675 5200        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:29:37.0720 5200        nsiproxy - ok
14:29:37.0767 5200        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
14:29:37.0819 5200        Ntfs - ok
14:29:37.0833 5200        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:29:37.0893 5200        Null - ok
14:29:37.0931 5200        NVHDA          (e20abd5b229760158f753ca90b97e090) C:\Windows\system32\drivers\nvhda64v.sys
14:29:37.0953 5200        NVHDA - ok
14:29:38.0132 5200        nvlddmkm        (2f1bc5c1320b07a7480240c4ca6f6387) C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:29:38.0291 5200        nvlddmkm - ok
14:29:38.0331 5200        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
14:29:38.0344 5200        nvraid - ok
14:29:38.0358 5200        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
14:29:38.0372 5200        nvstor - ok
14:29:38.0399 5200        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:29:38.0414 5200        nv_agp - ok
14:29:38.0433 5200        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:29:38.0451 5200        ohci1394 - ok
14:29:38.0502 5200        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
14:29:38.0520 5200        Parport - ok
14:29:38.0547 5200        partmgr        (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
14:29:38.0559 5200        partmgr - ok
14:29:38.0597 5200        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
14:29:38.0611 5200        pci - ok
14:29:38.0632 5200        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:29:38.0646 5200        pciide - ok
14:29:38.0661 5200        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
14:29:38.0696 5200        pcmcia - ok
14:29:38.0726 5200        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:29:38.0737 5200        pcw - ok
14:29:38.0761 5200        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:29:38.0816 5200        PEAUTH - ok
14:29:38.0861 5200        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
14:29:38.0897 5200        PptpMiniport - ok
14:29:38.0916 5200        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
14:29:38.0943 5200        Processor - ok
14:29:38.0973 5200        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
14:29:39.0022 5200        Psched - ok
14:29:39.0050 5200        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
14:29:39.0102 5200        ql2300 - ok
14:29:39.0119 5200        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
14:29:39.0133 5200        ql40xx - ok
14:29:39.0150 5200        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:29:39.0186 5200        QWAVEdrv - ok
14:29:39.0206 5200        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:29:39.0259 5200        RasAcd - ok
14:29:39.0294 5200        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:29:39.0333 5200        RasAgileVpn - ok
14:29:39.0370 5200        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:29:39.0442 5200        Rasl2tp - ok
14:29:39.0463 5200        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:29:39.0519 5200        RasPppoe - ok
14:29:39.0546 5200        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:29:39.0588 5200        RasSstp - ok
14:29:39.0619 5200        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
14:29:39.0660 5200        rdbss - ok
14:29:39.0689 5200        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
14:29:39.0718 5200        rdpbus - ok
14:29:39.0739 5200        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:29:39.0777 5200        RDPCDD - ok
14:29:39.0800 5200        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:29:39.0879 5200        RDPENCDD - ok
14:29:39.0902 5200        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:29:39.0937 5200        RDPREFMP - ok
14:29:39.0970 5200        RDPWD          (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
14:29:40.0027 5200        RDPWD - ok
14:29:40.0062 5200        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
14:29:40.0090 5200        rdyboost - ok
14:29:40.0136 5200        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:29:40.0211 5200        rspndr - ok
14:29:40.0252 5200        RTL8167        (b15c021c2c9bb217a799d9532e8f04d4) C:\Windows\system32\DRIVERS\Rt64win7.sys
14:29:40.0267 5200        RTL8167 - ok
14:29:40.0345 5200        SASDIFSV        (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
14:29:40.0361 5200        SASDIFSV - ok
14:29:40.0374 5200        SASKUTIL        (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
14:29:40.0388 5200        SASKUTIL - ok
14:29:40.0413 5200        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
14:29:40.0435 5200        sbp2port - ok
14:29:40.0464 5200        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
14:29:40.0502 5200        scfilter - ok
14:29:40.0526 5200        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:29:40.0568 5200        secdrv - ok
14:29:40.0588 5200        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
14:29:40.0602 5200        Serenum - ok
14:29:40.0620 5200        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
14:29:40.0635 5200        Serial - ok
14:29:40.0652 5200        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
14:29:40.0675 5200        sermouse - ok
14:29:40.0701 5200        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:29:40.0727 5200        sffdisk - ok
14:29:40.0759 5200        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:29:40.0790 5200        sffp_mmc - ok
14:29:40.0808 5200        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
14:29:40.0853 5200        sffp_sd - ok
14:29:40.0871 5200        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
14:29:40.0902 5200        sfloppy - ok
14:29:40.0933 5200        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:29:40.0948 5200        SiSRaid2 - ok
14:29:40.0963 5200        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
14:29:40.0979 5200        SiSRaid4 - ok
14:29:41.0007 5200        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:29:41.0058 5200        Smb - ok
14:29:41.0092 5200        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:29:41.0101 5200        spldr - ok
14:29:41.0129 5200        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
14:29:41.0150 5200        srv - ok
14:29:41.0179 5200        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
14:29:41.0211 5200        srv2 - ok
14:29:41.0237 5200        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
14:29:41.0270 5200        srvnet - ok
14:29:41.0299 5200        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
14:29:41.0313 5200        stexstor - ok
14:29:41.0345 5200        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
14:29:41.0359 5200        swenum - ok
14:29:41.0422 5200        Tcpip          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
14:29:41.0506 5200        Tcpip - ok
14:29:41.0572 5200        TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
14:29:41.0621 5200        TCPIP6 - ok
14:29:41.0657 5200        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
14:29:41.0742 5200        tcpipreg - ok
14:29:41.0785 5200        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:29:41.0829 5200        TDPIPE - ok
14:29:41.0855 5200        TDTCP          (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
14:29:41.0921 5200        TDTCP - ok
14:29:41.0962 5200        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
14:29:41.0996 5200        tdx - ok
14:29:42.0014 5200        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
14:29:42.0024 5200        TermDD - ok
14:29:42.0060 5200        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:29:42.0102 5200        tssecsrv - ok
14:29:42.0138 5200        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
14:29:42.0155 5200        TsUsbFlt - ok
14:29:42.0203 5200        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
14:29:42.0251 5200        tunnel - ok
14:29:42.0268 5200        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
14:29:42.0280 5200        uagp35 - ok
14:29:42.0319 5200        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
14:29:42.0375 5200        udfs - ok
14:29:42.0394 5200        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:29:42.0407 5200        uliagpkx - ok
14:29:42.0425 5200        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
14:29:42.0450 5200        umbus - ok
14:29:42.0469 5200        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
14:29:42.0496 5200        UmPass - ok
14:29:42.0545 5200        USBAAPL64      (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
14:29:42.0577 5200        USBAAPL64 - ok
14:29:42.0600 5200        usbccgp        (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
14:29:42.0632 5200        usbccgp - ok
14:29:42.0653 5200        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:29:42.0683 5200        usbcir - ok
14:29:42.0699 5200        usbehci        (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
14:29:42.0724 5200        usbehci - ok
14:29:42.0749 5200        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
14:29:42.0772 5200        usbhub - ok
14:29:42.0812 5200        usbohci        (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
14:29:42.0846 5200        usbohci - ok
14:29:42.0867 5200        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:29:42.0893 5200        usbprint - ok
14:29:42.0924 5200        usbscan        (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
14:29:42.0963 5200        usbscan - ok
14:29:42.0983 5200        USBSTOR        (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:29:42.0996 5200        USBSTOR - ok
14:29:43.0004 5200        usbuhci        (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
14:29:43.0019 5200        usbuhci - ok
14:29:43.0053 5200        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:29:43.0071 5200        vdrvroot - ok
14:29:43.0096 5200        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:29:43.0123 5200        vga - ok
14:29:43.0145 5200        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:29:43.0188 5200        VgaSave - ok
14:29:43.0220 5200        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
14:29:43.0233 5200        vhdmp - ok
14:29:43.0250 5200        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:29:43.0260 5200        viaide - ok
14:29:43.0268 5200        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
14:29:43.0278 5200        volmgr - ok
14:29:43.0308 5200        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
14:29:43.0323 5200        volmgrx - ok
14:29:43.0341 5200        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
14:29:43.0356 5200        volsnap - ok
14:29:43.0381 5200        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
14:29:43.0399 5200        vsmraid - ok
14:29:43.0425 5200        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
14:29:43.0446 5200        vwifibus - ok
14:29:43.0469 5200        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
14:29:43.0495 5200        WacomPen - ok
14:29:43.0512 5200        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:29:43.0573 5200        WANARP - ok
14:29:43.0576 5200        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:29:43.0609 5200        Wanarpv6 - ok
14:29:43.0633 5200        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
14:29:43.0644 5200        Wd - ok
14:29:43.0673 5200        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:29:43.0694 5200        Wdf01000 - ok
14:29:43.0728 5200        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:29:43.0764 5200        WfpLwf - ok
14:29:43.0784 5200        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:29:43.0795 5200        WIMMount - ok
14:29:43.0850 5200        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
14:29:43.0882 5200        WinUsb - ok
14:29:43.0907 5200        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
14:29:43.0921 5200        WmiAcpi - ok
14:29:43.0940 5200        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:29:43.0996 5200        ws2ifsl - ok
14:29:44.0031 5200        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
14:29:44.0084 5200        WudfPf - ok
14:29:44.0094 5200        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:29:44.0133 5200        WUDFRd - ok
14:29:44.0168 5200        MBR (0x1B8)    (0b4635f994e242ce8183dd05a7e028e5) \Device\Harddisk0\DR0
14:29:44.0349 5200        \Device\Harddisk0\DR0 - ok
14:29:44.0353 5200        Boot (0x1200)  (827353e27a3c09c8d813aefbe632a082) \Device\Harddisk0\DR0\Partition0
14:29:44.0354 5200        \Device\Harddisk0\DR0\Partition0 - ok
14:29:44.0385 5200        Boot (0x1200)  (ef9e8de7232a8495f564e9b20ad793ac) \Device\Harddisk0\DR0\Partition1
14:29:44.0386 5200        \Device\Harddisk0\DR0\Partition1 - ok
14:29:44.0411 5200        Boot (0x1200)  (151b777de72af199f17c558e70697b3c) \Device\Harddisk0\DR0\Partition2
14:29:44.0412 5200        \Device\Harddisk0\DR0\Partition2 - ok
14:29:44.0414 5200        ============================================================
14:29:44.0414 5200        Scan finished
14:29:44.0414 5200        ============================================================
14:29:44.0430 5672        Detected object count: 0
14:29:44.0430 5672        Actual detected object count: 0
14:30:17.0624 1560        ============================================================
14:30:17.0624 1560        Scan started
14:30:17.0624 1560        Mode: Manual; SigCheck; TDLFS;
14:30:17.0624 1560        ============================================================
14:30:18.0672 1560        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
14:30:18.0706 1560        1394ohci - ok
14:30:18.0753 1560        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:30:18.0776 1560        ACPI - ok
14:30:18.0816 1560        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:30:18.0845 1560        AcpiPmi - ok
14:30:18.0888 1560        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
14:30:18.0905 1560        adp94xx - ok
14:30:18.0940 1560        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
14:30:18.0955 1560        adpahci - ok
14:30:18.0991 1560        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
14:30:19.0008 1560        adpu320 - ok
14:30:19.0052 1560        AFD            (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
14:30:19.0075 1560        AFD - ok
14:30:19.0111 1560        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:30:19.0124 1560        agp440 - ok
14:30:19.0167 1560        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:30:19.0177 1560        aliide - ok
14:30:19.0207 1560        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:30:19.0217 1560        amdide - ok
14:30:19.0247 1560        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
14:30:19.0262 1560        AmdK8 - ok
14:30:19.0314 1560        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
14:30:19.0333 1560        AmdPPM - ok
14:30:19.0367 1560        amdsata        (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
14:30:19.0382 1560        amdsata - ok
14:30:19.0421 1560        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
14:30:19.0444 1560        amdsbs - ok
14:30:19.0477 1560        amdxata        (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
14:30:19.0490 1560        amdxata - ok
14:30:19.0546 1560        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:30:19.0609 1560        AppID - ok
14:30:19.0638 1560        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
14:30:19.0646 1560        arc - ok
14:30:19.0684 1560        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
14:30:19.0704 1560        arcsas - ok
14:30:19.0730 1560        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:30:19.0778 1560        AsyncMac - ok
14:30:19.0804 1560        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:30:19.0825 1560        atapi - ok
14:30:19.0856 1560        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
14:30:19.0871 1560        b06bdrv - ok
14:30:19.0890 1560        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:30:19.0904 1560        b57nd60a - ok
14:30:19.0925 1560        BDFM            (f050e487a787239c182c279ca97e8cf4) C:\Windows\system32\DRIVERS\bdfm.sys
14:30:19.0937 1560        BDFM - ok
14:30:19.0955 1560        bdfsfltr        (abd97bfb299713a51fe36aaab71f73a2) C:\Windows\system32\DRIVERS\bdfsfltr.sys
14:30:19.0969 1560        bdfsfltr - ok
14:30:20.0033 1560        bdfwfpf        (1d634cdb4f742ac282d5265d46829ff6) C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys
14:30:20.0048 1560        bdfwfpf - ok
14:30:20.0063 1560        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:30:20.0108 1560        Beep - ok
14:30:20.0123 1560        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:30:20.0134 1560        blbdrive - ok
14:30:20.0175 1560        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
14:30:20.0197 1560        bowser - ok
14:30:20.0217 1560        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:30:20.0232 1560        BrFiltLo - ok
14:30:20.0270 1560        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:30:20.0283 1560        BrFiltUp - ok
14:30:20.0304 1560        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:30:20.0318 1560        Brserid - ok
14:30:20.0334 1560        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:30:20.0349 1560        BrSerWdm - ok
14:30:20.0366 1560        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:30:20.0380 1560        BrUsbMdm - ok
14:30:20.0393 1560        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:30:20.0405 1560        BrUsbSer - ok
14:30:20.0436 1560        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
14:30:20.0453 1560        BTHMODEM - ok
14:30:20.0468 1560        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:30:20.0499 1560        cdfs - ok
14:30:20.0534 1560        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
14:30:20.0547 1560        cdrom - ok
14:30:20.0569 1560        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
14:30:20.0585 1560        circlass - ok
14:30:20.0613 1560        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:30:20.0630 1560        CLFS - ok
14:30:20.0657 1560        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
14:30:20.0668 1560        CmBatt - ok
14:30:20.0727 1560        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:30:20.0743 1560        cmdide - ok
14:30:20.0777 1560        CNG            (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
14:30:20.0804 1560        CNG - ok
14:30:20.0821 1560        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
14:30:20.0831 1560        Compbatt - ok
14:30:20.0846 1560        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
14:30:20.0863 1560        CompositeBus - ok
14:30:20.0889 1560        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
14:30:20.0899 1560        crcdisk - ok
14:30:20.0934 1560        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:30:20.0975 1560        DfsC - ok
14:30:20.0988 1560        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:30:21.0020 1560        discache - ok
14:30:21.0034 1560        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
14:30:21.0043 1560        Disk - ok
14:30:21.0065 1560        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:30:21.0079 1560        drmkaud - ok
14:30:21.0116 1560        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
14:30:21.0139 1560        DXGKrnl - ok
14:30:21.0210 1560        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
14:30:21.0264 1560        ebdrv - ok
14:30:21.0302 1560        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
14:30:21.0319 1560        elxstor - ok
14:30:21.0335 1560        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:30:21.0348 1560        ErrDev - ok
14:30:21.0369 1560        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:30:21.0408 1560        exfat - ok
14:30:21.0426 1560        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:30:21.0459 1560        fastfat - ok
14:30:21.0484 1560        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
14:30:21.0495 1560        fdc - ok
14:30:21.0521 1560        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:30:21.0531 1560        FileInfo - ok
14:30:21.0547 1560        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:30:21.0584 1560        Filetrace - ok
14:30:21.0607 1560        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
14:30:21.0620 1560        flpydisk - ok
14:30:21.0652 1560        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
14:30:21.0666 1560        FltMgr - ok
14:30:21.0683 1560        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:30:21.0693 1560        FsDepends - ok
14:30:21.0705 1560        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
14:30:21.0715 1560        Fs_Rec - ok
14:30:21.0760 1560        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:30:21.0786 1560        fvevol - ok
14:30:21.0808 1560        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
14:30:21.0819 1560        gagp30kx - ok
14:30:21.0847 1560        GEARAspiWDM    (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:30:21.0855 1560        GEARAspiWDM - ok
14:30:21.0873 1560        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:30:21.0887 1560        hcw85cir - ok
14:30:21.0915 1560        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
14:30:21.0936 1560        HdAudAddService - ok
14:30:21.0953 1560        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
14:30:21.0967 1560        HDAudBus - ok
14:30:22.0000 1560        HECIx64        (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
14:30:22.0015 1560        HECIx64 - ok
14:30:22.0030 1560        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
14:30:22.0050 1560        HidBatt - ok
14:30:22.0065 1560        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
14:30:22.0089 1560        HidBth - ok
14:30:22.0107 1560        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
14:30:22.0123 1560        HidIr - ok
14:30:22.0144 1560        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
14:30:22.0158 1560        HidUsb - ok
14:30:22.0197 1560        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
14:30:22.0207 1560        HpSAMD - ok
14:30:22.0245 1560        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
14:30:22.0299 1560        HTTP - ok
14:30:22.0335 1560        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
14:30:22.0346 1560        hwpolicy - ok
14:30:22.0366 1560        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
14:30:22.0383 1560        i8042prt - ok
14:30:22.0423 1560        iaStor          (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
14:30:22.0451 1560        iaStor - ok
14:30:22.0480 1560        iaStorV        (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
14:30:22.0506 1560        iaStorV - ok
14:30:22.0524 1560        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
14:30:22.0533 1560        iirsp - ok
14:30:22.0612 1560        IntcAzAudAddService (3c4b4ee54febb09f7e9f58776de96dca) C:\Windows\system32\drivers\RTKVHD64.sys
14:30:22.0663 1560        IntcAzAudAddService - ok
14:30:22.0677 1560        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:30:22.0684 1560        intelide - ok
14:30:22.0705 1560        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:30:22.0717 1560        intelppm - ok
14:30:22.0763 1560        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:30:22.0812 1560        IpFilterDriver - ok
14:30:22.0828 1560        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
14:30:22.0838 1560        IPMIDRV - ok
14:30:22.0856 1560        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:30:22.0890 1560        IPNAT - ok
14:30:22.0916 1560        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:30:22.0930 1560        IRENUM - ok
14:30:22.0950 1560        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:30:22.0958 1560        isapnp - ok
14:30:22.0993 1560        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
14:30:23.0006 1560        iScsiPrt - ok
14:30:23.0027 1560        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
14:30:23.0037 1560        kbdclass - ok
14:30:23.0079 1560        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
14:30:23.0102 1560        kbdhid - ok
14:30:23.0118 1560        KSecDD          (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
14:30:23.0136 1560        KSecDD - ok
14:30:23.0154 1560        KSecPkg        (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
14:30:23.0166 1560        KSecPkg - ok
14:30:23.0178 1560        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:30:23.0221 1560        ksthunk - ok
14:30:23.0270 1560        Lbd            (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys
14:30:23.0279 1560        Lbd - ok
14:30:23.0309 1560        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:30:23.0348 1560        lltdio - ok
14:30:23.0377 1560        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
14:30:23.0386 1560        LSI_FC - ok
14:30:23.0415 1560        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
14:30:23.0425 1560        LSI_SAS - ok
14:30:23.0441 1560        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:30:23.0451 1560        LSI_SAS2 - ok
14:30:23.0465 1560        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:30:23.0476 1560        LSI_SCSI - ok
14:30:23.0491 1560        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:30:23.0524 1560        luafv - ok
14:30:23.0546 1560        MBAMProtector  (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
14:30:23.0555 1560        MBAMProtector - ok
14:30:23.0574 1560        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
14:30:23.0583 1560        megasas - ok
14:30:23.0602 1560        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
14:30:23.0615 1560        MegaSR - ok
14:30:23.0629 1560        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:30:23.0669 1560        Modem - ok
14:30:23.0690 1560        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:30:23.0702 1560        monitor - ok
14:30:23.0732 1560        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
14:30:23.0748 1560        mouclass - ok
14:30:23.0763 1560        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:30:23.0777 1560        mouhid - ok
14:30:23.0809 1560        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
14:30:23.0822 1560        mountmgr - ok
14:30:23.0857 1560        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
14:30:23.0879 1560        mpio - ok
14:30:23.0889 1560        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:30:23.0926 1560        mpsdrv - ok
14:30:23.0943 1560        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
14:30:23.0960 1560        MRxDAV - ok
14:30:23.0991 1560        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:30:24.0004 1560        mrxsmb - ok
14:30:24.0041 1560        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:30:24.0067 1560        mrxsmb10 - ok
14:30:24.0097 1560        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:30:24.0115 1560        mrxsmb20 - ok
14:30:24.0134 1560        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
14:30:24.0144 1560        msahci - ok
14:30:24.0188 1560        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
14:30:24.0209 1560        msdsm - ok
14:30:24.0235 1560        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:30:24.0280 1560        Msfs - ok
14:30:24.0307 1560        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:30:24.0337 1560        mshidkmdf - ok
14:30:24.0350 1560        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:30:24.0358 1560        msisadrv - ok
14:30:24.0385 1560        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:30:24.0418 1560        MSKSSRV - ok
14:30:24.0437 1560        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:30:24.0469 1560        MSPCLOCK - ok
14:30:24.0482 1560        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:30:24.0514 1560        MSPQM - ok
14:30:24.0540 1560        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
14:30:24.0552 1560        MsRPC - ok
14:30:24.0589 1560        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
14:30:24.0598 1560        mssmbios - ok
14:30:24.0619 1560        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:30:24.0660 1560        MSTEE - ok
14:30:24.0675 1560        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
14:30:24.0686 1560        MTConfig - ok
14:30:24.0703 1560        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:30:24.0713 1560        Mup - ok
14:30:24.0759 1560        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:30:24.0792 1560        NativeWifiP - ok
14:30:24.0831 1560        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
14:30:24.0858 1560        NDIS - ok
14:30:24.0880 1560        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:30:24.0918 1560        NdisCap - ok
14:30:24.0936 1560        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:30:24.0967 1560        NdisTapi - ok
14:30:24.0990 1560        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
14:30:25.0024 1560        Ndisuio - ok
14:30:25.0052 1560        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
14:30:25.0090 1560        NdisWan - ok
14:30:25.0117 1560        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
14:30:25.0149 1560        NDProxy - ok
14:30:25.0174 1560        Netaapl        (6f4607e2333fe21e9e3ff8133a88b35b) C:\Windows\system32\DRIVERS\netaapl64.sys
14:30:25.0185 1560        Netaapl - ok
14:30:25.0201 1560        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:30:25.0238 1560        NetBIOS - ok
14:30:25.0258 1560        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
14:30:25.0293 1560        NetBT - ok
14:30:25.0320 1560        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
14:30:25.0328 1560        nfrd960 - ok
14:30:25.0360 1560        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:30:25.0392 1560        Npfs - ok
14:30:25.0402 1560        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:30:25.0435 1560        nsiproxy - ok
14:30:25.0502 1560        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
14:30:25.0549 1560        Ntfs - ok
14:30:25.0560 1560        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:30:25.0594 1560        Null - ok
14:30:25.0625 1560        NVHDA          (e20abd5b229760158f753ca90b97e090) C:\Windows\system32\drivers\nvhda64v.sys
14:30:25.0643 1560        NVHDA - ok
14:30:25.0834 1560        nvlddmkm        (2f1bc5c1320b07a7480240c4ca6f6387) C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:30:25.0994 1560        nvlddmkm - ok
14:30:26.0034 1560        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
14:30:26.0042 1560        nvraid - ok
14:30:26.0060 1560        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
14:30:26.0069 1560        nvstor - ok
14:30:26.0093 1560        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:30:26.0103 1560        nv_agp - ok
14:30:26.0152 1560        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:30:26.0175 1560        ohci1394 - ok
14:30:26.0205 1560        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
14:30:26.0218 1560        Parport - ok
14:30:26.0250 1560        partmgr        (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
14:30:26.0265 1560        partmgr - ok
14:30:26.0283 1560        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
14:30:26.0297 1560        pci - ok
14:30:26.0318 1560        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:30:26.0329 1560        pciide - ok
14:30:26.0364 1560        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
14:30:26.0378 1560        pcmcia - ok
14:30:26.0395 1560        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:30:26.0406 1560        pcw - ok
14:30:26.0447 1560        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:30:26.0501 1560        PEAUTH - ok
14:30:26.0539 1560        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
14:30:26.0570 1560        PptpMiniport - ok
14:30:26.0593 1560        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
14:30:26.0605 1560        Processor - ok
14:30:26.0635 1560        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
14:30:26.0668 1560        Psched - ok
14:30:26.0718 1560        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
14:30:26.0775 1560        ql2300 - ok
14:30:26.0788 1560        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
14:30:26.0799 1560        ql40xx - ok
14:30:26.0819 1560        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:30:26.0835 1560        QWAVEdrv - ok
14:30:26.0850 1560        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:30:26.0882 1560        RasAcd - ok
14:30:26.0913 1560        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:30:26.0972 1560        RasAgileVpn - ok
14:30:27.0006 1560        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:30:27.0057 1560        Rasl2tp - ok
14:30:27.0074 1560        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:30:27.0105 1560        RasPppoe - ok
14:30:27.0124 1560        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:30:27.0157 1560        RasSstp - ok
14:30:27.0188 1560        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
14:30:27.0225 1560        rdbss - ok
14:30:27.0241 1560        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
14:30:27.0257 1560        rdpbus - ok
14:30:27.0276 1560        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:30:27.0314 1560        RDPCDD - ok
14:30:27.0328 1560        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:30:27.0365 1560        RDPENCDD - ok
14:30:27.0380 1560        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:30:27.0411 1560        RDPREFMP - ok
14:30:27.0439 1560        RDPWD          (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
14:30:27.0475 1560        RDPWD - ok
14:30:27.0506 1560        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
14:30:27.0516 1560        rdyboost - ok
14:30:27.0539 1560        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:30:27.0574 1560        rspndr - ok
14:30:27.0622 1560        RTL8167        (b15c021c2c9bb217a799d9532e8f04d4) C:\Windows\system32\DRIVERS\Rt64win7.sys
14:30:27.0646 1560        RTL8167 - ok
14:30:27.0707 1560        SASDIFSV        (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
14:30:27.0720 1560        SASDIFSV - ok
14:30:27.0727 1560        SASKUTIL        (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
14:30:27.0739 1560        SASKUTIL - ok
14:30:27.0782 1560        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
14:30:27.0802 1560        sbp2port - ok
14:30:27.0834 1560        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
14:30:27.0871 1560        scfilter - ok
14:30:27.0888 1560        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:30:27.0927 1560        secdrv - ok
14:30:27.0949 1560        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
14:30:27.0960 1560        Serenum - ok
14:30:27.0989 1560        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
14:30:28.0003 1560        Serial - ok
14:30:28.0030 1560        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
14:30:28.0043 1560        sermouse - ok
14:30:28.0062 1560        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:30:28.0073 1560        sffdisk - ok
14:30:28.0087 1560        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:30:28.0098 1560        sffp_mmc - ok
14:30:28.0119 1560        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
14:30:28.0135 1560        sffp_sd - ok
14:30:28.0149 1560        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
14:30:28.0162 1560        sfloppy - ok
14:30:28.0195 1560        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:30:28.0205 1560        SiSRaid2 - ok
14:30:28.0225 1560        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
14:30:28.0234 1560        SiSRaid4 - ok
14:30:28.0260 1560        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:30:28.0303 1560        Smb - ok
14:30:28.0328 1560        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:30:28.0339 1560        spldr - ok
14:30:28.0373 1560        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
14:30:28.0392 1560        srv - ok
14:30:28.0424 1560        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
14:30:28.0442 1560        srv2 - ok
14:30:28.0465 1560        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
14:30:28.0482 1560        srvnet - ok
14:30:28.0502 1560        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
14:30:28.0513 1560        stexstor - ok
14:30:28.0532 1560        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
14:30:28.0543 1560        swenum - ok
14:30:28.0608 1560        Tcpip          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
14:30:28.0657 1560        Tcpip - ok
14:30:28.0692 1560        TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
14:30:28.0726 1560        TCPIP6 - ok
14:30:28.0760 1560        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
14:30:28.0793 1560        tcpipreg - ok
14:30:28.0813 1560        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:30:28.0844 1560        TDPIPE - ok
14:30:28.0858 1560        TDTCP          (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
14:30:28.0891 1560        TDTCP - ok
14:30:28.0932 1560        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
14:30:28.0985 1560        tdx - ok
14:30:29.0001 1560        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
14:30:29.0013 1560        TermDD - ok
14:30:29.0055 1560        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:30:29.0100 1560        tssecsrv - ok
14:30:29.0133 1560        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
14:30:29.0154 1560        TsUsbFlt - ok
14:30:29.0173 1560        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
14:30:29.0208 1560        tunnel - ok
14:30:29.0230 1560        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
14:30:29.0239 1560        uagp35 - ok
14:30:29.0299 1560        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
14:30:29.0376 1560        udfs - ok
14:30:29.0405 1560        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:30:29.0423 1560        uliagpkx - ok
14:30:29.0445 1560        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
14:30:29.0461 1560        umbus - ok
14:30:29.0481 1560        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
14:30:29.0495 1560        UmPass - ok
14:30:29.0533 1560        USBAAPL64      (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
14:30:29.0545 1560        USBAAPL64 - ok
14:30:29.0562 1560        usbccgp        (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
14:30:29.0577 1560        usbccgp - ok
14:30:29.0607 1560        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:30:29.0628 1560        usbcir - ok
14:30:29.0653 1560        usbehci        (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
14:30:29.0664 1560        usbehci - ok
14:30:29.0678 1560        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
14:30:29.0693 1560        usbhub - ok
14:30:29.0708 1560        usbohci        (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
14:30:29.0721 1560        usbohci - ok
14:30:29.0747 1560        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:30:29.0762 1560        usbprint - ok
14:30:29.0786 1560        usbscan        (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
14:30:29.0803 1560        usbscan - ok
14:30:29.0829 1560        USBSTOR        (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:30:29.0842 1560        USBSTOR - ok
14:30:29.0863 1560        usbuhci        (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
14:30:29.0876 1560        usbuhci - ok
14:30:29.0899 1560        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:30:29.0911 1560        vdrvroot - ok
14:30:29.0934 1560        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:30:29.0952 1560        vga - ok
14:30:29.0975 1560        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:30:30.0016 1560        VgaSave - ok
14:30:30.0033 1560        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
14:30:30.0043 1560        vhdmp - ok
14:30:30.0062 1560        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:30:30.0071 1560        viaide - ok
14:30:30.0092 1560        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
14:30:30.0102 1560        volmgr - ok
14:30:30.0137 1560        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
14:30:30.0151 1560        volmgrx - ok
14:30:30.0170 1560        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
14:30:30.0183 1560        volsnap - ok
14:30:30.0202 1560        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
14:30:30.0214 1560        vsmraid - ok
14:30:30.0229 1560        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
14:30:30.0245 1560        vwifibus - ok
14:30:30.0273 1560        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
14:30:30.0284 1560        WacomPen - ok
14:30:30.0308 1560        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:30:30.0343 1560        WANARP - ok
14:30:30.0349 1560        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:30:30.0379 1560        Wanarpv6 - ok
14:30:30.0413 1560        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
14:30:30.0421 1560        Wd - ok
14:30:30.0463 1560        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:30:30.0493 1560        Wdf01000 - ok
14:30:30.0525 1560        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:30:30.0564 1560        WfpLwf - ok
14:30:30.0580 1560        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:30:30.0588 1560        WIMMount - ok
14:30:30.0622 1560        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
14:30:30.0635 1560        WinUsb - ok
14:30:30.0653 1560        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
14:30:30.0663 1560        WmiAcpi - ok
14:30:30.0688 1560        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:30:30.0722 1560        ws2ifsl - ok
14:30:30.0760 1560        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
14:30:30.0795 1560        WudfPf - ok
14:30:30.0805 1560        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:30:30.0837 1560        WUDFRd - ok
14:30:30.0856 1560        MBR (0x1B8)    (0b4635f994e242ce8183dd05a7e028e5) \Device\Harddisk0\DR0
14:30:31.0034 1560        \Device\Harddisk0\DR0 - ok
14:30:31.0038 1560        Boot (0x1200)  (827353e27a3c09c8d813aefbe632a082) \Device\Harddisk0\DR0\Partition0
14:30:31.0039 1560        \Device\Harddisk0\DR0\Partition0 - ok
14:30:31.0073 1560        Boot (0x1200)  (ef9e8de7232a8495f564e9b20ad793ac) \Device\Harddisk0\DR0\Partition1
14:30:31.0074 1560        \Device\Harddisk0\DR0\Partition1 - ok
14:30:31.0099 1560        Boot (0x1200)  (151b777de72af199f17c558e70697b3c) \Device\Harddisk0\DR0\Partition2
14:30:31.0100 1560        \Device\Harddisk0\DR0\Partition2 - ok
14:30:31.0101 1560        ============================================================
14:30:31.0101 1560        Scan finished
14:30:31.0101 1560        ============================================================
14:30:31.0113 1564        Detected object count: 0
14:30:31.0113 1564        Actual detected object count: 0
Nachricht von der "Plus Line AG":

Sehr geehrt xxxxxx

vielen Dank für Ihre Mitteilung bzgl. der Trojaner-Software, die
anscheinend aus den IP-Bereichen 82.98.97.176/28 und 82.98.97.192/28
verteilt wird. Wir haben unseren direkten Kunden informiert und ihn gebeten, seinerseits seinen Endkunden (Consumer Benefit) zu veranlassen, so schnell wie möglich geeignete Maßnahmen zu ergreifen.

Mit freundlichen Grüßen

xxxxx
(um den armen Mann ein wenig zu schützen ;D)


Zumindest seit ich heute den PC anschaltete, trat die Meldung nicht mehr auf... Aber who knows.

cosinus 29.12.2011 16:49
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

interaktion 29.12.2011 17:40
Code:
ComboFix 11-12-29.04 - Blubb 29.12.2011  17:13:11.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.6007.4082 [GMT 1:00]
ausgeführt von:: c:\users\Blubb\Desktop\ComboFix.exe
AV: BitDefender Antivirus *Disabled/Updated* {982ADE23-275B-0766-37C5-DE01A484098E}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: BitDefender AntiSpyware *Disabled/Updated* {234B3FC7-0161-08E8-0D75-E573DF034333}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Thumbs.db
c:\windows\security\Database\tmp.edb
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-11-28 bis 2011-12-29  ))))))))))))))))))))))))))))))
.
.
2011-12-29 16:17 . 2011-12-29 16:17        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-12-29 00:33 . 2011-12-29 00:33        --------        d-----w-        C:\_OTL
2011-12-28 18:55 . 2011-12-28 18:55        --------        d-----w-        c:\users\Blubb\AppData\Roaming\SUPERAntiSpyware.com
2011-12-28 18:55 . 2011-12-28 18:55        --------        d-----w-        c:\program files\SUPERAntiSpyware
2011-12-28 18:55 . 2011-12-28 18:55        --------        d-----w-        c:\programdata\SUPERAntiSpyware.com
2011-12-28 18:04 . 2011-12-28 15:28        16432        ----a-w-        c:\windows\system32\lsdelete.exe
2011-12-28 15:25 . 2011-10-28 18:35        69376        ----a-w-        c:\windows\system32\drivers\Lbd.sys
2011-12-28 15:25 . 2011-12-28 15:25        --------        d-----w-        c:\program files (x86)\Lavasoft
2011-12-27 16:19 . 2011-12-29 13:13        69000        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{BEF6ADA9-BFB7-4CAC-80D4-648757204F94}\offreg.dll
2011-12-27 16:19 . 2011-11-21 11:40        8822856        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{BEF6ADA9-BFB7-4CAC-80D4-648757204F94}\mpengine.dll
2011-12-27 01:18 . 2011-12-27 01:32        --------        d-----w-        c:\users\Blubb\AppData\Local\WMTools Downloaded Files
2011-12-27 00:40 . 2011-12-27 00:40        --------        d-----w-        c:\program files\Microsoft Analysis Services
2011-12-27 00:40 . 2011-12-27 00:40        --------        d-----w-        c:\program files (x86)\Microsoft Analysis Services
2011-12-27 00:39 . 2011-12-27 00:39        --------        d-----r-        C:\MSOCache
2011-12-26 23:51 . 2011-12-26 23:51        --------        d-----w-        c:\program files (x86)\Movie Maker 2.6
2011-12-26 23:47 . 2011-12-26 23:47        --------        d-----w-        c:\windows\PCHEALTH
2011-12-26 22:11 . 2011-12-26 22:11        --------        d-----w-        c:\windows\de
2011-12-26 22:09 . 2011-12-26 22:09        --------        d-----w-        c:\windows\en
2011-12-26 22:07 . 2011-12-26 22:07        --------        d-----w-        c:\program files\Windows Live
2011-12-26 22:06 . 2011-12-26 22:06        18328        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-12-26 22:03 . 2011-12-26 22:03        --------        d-----w-        c:\users\Blubb\AppData\Local\Windows Live
2011-12-23 19:38 . 2011-12-23 19:38        --------        d-----w-        c:\program files (x86)\ESET
2011-12-23 14:23 . 2011-12-28 22:49        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-14 23:34 . 2011-11-04 01:53        2309120        ----a-w-        c:\windows\system32\jscript9.dll
2011-12-14 23:34 . 2011-11-04 01:44        1493504        ----a-w-        c:\windows\system32\inetcpl.cpl
2011-12-14 23:34 . 2011-11-03 22:47        1798144        ----a-w-        c:\windows\SysWow64\jscript9.dll
2011-12-14 23:34 . 2011-11-03 22:40        1427456        ----a-w-        c:\windows\SysWow64\inetcpl.cpl
2011-12-14 23:34 . 2011-11-04 01:48        887296        ----a-w-        c:\program files\Internet Explorer\iedvtool.dll
2011-12-14 23:34 . 2011-11-03 22:42        678912        ----a-w-        c:\program files (x86)\Internet Explorer\iedvtool.dll
2011-12-14 23:33 . 2011-11-05 05:32        2048        ----a-w-        c:\windows\system32\tzres.dll
2011-12-14 23:33 . 2011-11-05 04:26        2048        ----a-w-        c:\windows\SysWow64\tzres.dll
2011-12-14 23:31 . 2011-10-26 05:21        43520        ----a-w-        c:\windows\system32\csrsrv.dll
2011-12-14 23:31 . 2011-10-15 06:31        723456        ----a-w-        c:\windows\system32\EncDec.dll
2011-12-14 23:31 . 2011-10-15 05:38        534528        ----a-w-        c:\windows\SysWow64\EncDec.dll
2011-12-14 23:31 . 2011-11-24 04:52        3145216        ----a-w-        c:\windows\system32\win32k.sys
2011-12-12 16:15 . 2011-12-12 16:15        --------        d--h--w-        c:\programdata\CanonIJScan
2011-12-12 16:15 . 2011-12-12 16:27        --------        d-----w-        c:\users\Blubb\AppData\Roaming\Canon
2011-12-08 20:31 . 2011-12-08 20:31        --------        d-----r-        c:\program files (x86)\Skype
2011-12-08 20:15 . 2011-12-08 20:15        --------        d-----w-        c:\program files (x86)\Common Files\Java
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-28 15:28 . 2011-05-29 02:41        55384        ----a-w-        c:\windows\system32\drivers\SBREDrv.sys
2011-12-10 14:24 . 2011-05-30 01:30        23152        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-12-10 11:53 . 2011-05-20 18:13        414368        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-08 20:15 . 2011-05-19 19:11        472808        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2011-10-24 13:29 . 2011-10-24 13:29        94208        ----a-w-        c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 13:29 . 2011-10-24 13:29        69632        ----a-w-        c:\windows\SysWow64\QuickTime.qts
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\program files (x86)\ICQ7.5\ICQ.exe" [2011-08-01 124480]
"Facebook Update"="c:\users\Blubb\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-09-12 137536]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2011-10-20 28651144]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-12-09 5486464]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2010-09-28 664600]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2010-08-30 61112]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-9-28 1040952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer8"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2009-10-19 278224]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [2011-05-19 89680]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-10-28 2152152]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2010-09-28 1119768]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S3 BDFM;BDFM;c:\windows\system32\DRIVERS\bdfm.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-12-28 17152]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - LAVASOFT_KERNEXPLORER
.
Inhalt des "geplante Tasks" Ordners
.
2011-12-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3701193968-2768520944-2608497257-1000Core.job
- c:\users\Blubb\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-12 20:27]
.
2011-12-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3701193968-2768520944-2608497257-1000UA.job
- c:\users\Blubb\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-12 20:27]
.
2011-12-06 c:\windows\Tasks\HPCeeScheduleForBLUBB-NEU$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2011-12-23 c:\windows\Tasks\HPCeeScheduleForBlubb.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-09-15 611896]
"Corel Photo Downloader"="c:\program files (x86)\Corel\Corel Snapfire\Corel Photo Downloader.exe" [2006-08-04 462336]
"BitDefender Antiphishing Helper 32"="c:\program files\BitDefender\BitDefender 2010\Antispam32\IEShow.exe" [2009-10-19 71152]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2010\IEShow.exe" [2009-10-19 76296]
"BDAgent"="c:\program files\BitDefender\BitDefender 2010\bdagent.exe" [2011-05-19 1699152]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.178.1
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-12-29  17:23:45 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-12-29 16:23
.
Vor Suchlauf: 14 Verzeichnis(se), 780.469.669.888 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 779.842.330.624 Bytes frei
.
- - End Of File - - D2492D13DC426778D1676991F217061F
Website wird immer noch geblockt...

cosinus 29.12.2011 22:52
Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

interaktion 29.12.2011 23:43
Code:
aswMBR version 0.9.9.1124 Copyright(c) 2011 AVAST Software
Run date: 2011-12-29 23:30:33
-----------------------------
23:30:33.701    OS Version: Windows x64 6.1.7601 Service Pack 1
23:30:33.701    Number of processors: 4 586 0x2505
23:30:33.702    ComputerName: BLUBB-NEU  UserName: Blubb
23:30:35.532    Initialize success
23:31:48.767    AVAST engine defs: 11122900
23:31:55.092    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:31:55.097    Disk 0 Vendor: ST310005 HP35 Size: 953869MB BusType: 8
23:31:55.116    Disk 0 MBR read successfully
23:31:55.119    Disk 0 MBR scan
23:31:55.126    Disk 0 unknown MBR code
23:31:55.138    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
23:31:55.157    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS      939569 MB offset 206848
23:31:55.191    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS        14198 MB offset 1924444160
23:31:55.202    Service scanning
23:31:58.490    Modules scanning
23:31:58.498    Disk 0 trace - called modules:
23:31:58.520    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
23:31:58.526    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006346060]
23:31:58.534    3 CLASSPNP.SYS[fffff88001b6743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8006082050]
23:32:02.681    AVAST engine scan C:\Windows
23:32:05.502    AVAST engine scan C:\Windows\system32
23:33:45.705    AVAST engine scan C:\Windows\system32\drivers
23:33:59.876    AVAST engine scan C:\Users\Blubb
23:39:20.320    AVAST engine scan C:\ProgramData
23:41:07.483    Scan finished successfully
23:41:43.443    Disk 0 MBR has been saved successfully to "C:\Users\Blubb\Desktop\MBR.dat"
23:41:43.448    The log file has been saved successfully to "C:\Users\Blubb\Desktop\aswMBR.txt"

cosinus 30.12.2011 00:44
Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.

Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar.

Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.
Anschließend Windows neu starten und ein neues Log mit aswMBR machen.

interaktion 30.12.2011 02:16
Hab ich gemacht!

interaktion 30.12.2011 14:29
Log:

Code:
aswMBR version 0.9.9.1124 Copyright(c) 2011 AVAST Software
Run date: 2011-12-30 14:14:52
-----------------------------
14:14:52.817    OS Version: Windows x64 6.1.7601 Service Pack 1
14:14:52.817    Number of processors: 4 586 0x2505
14:14:52.817    ComputerName: BLUBB-NEU  UserName: Blubb
14:14:57.771    Initialize success
14:15:02.471    AVAST engine defs: 11122900
14:15:05.978    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:15:05.982    Disk 0 Vendor: ST310005 HP35 Size: 953869MB BusType: 8
14:15:05.998    Disk 0 MBR read successfully
14:15:06.001    Disk 0 MBR scan
14:15:06.088    Disk 0 Windows 7 default MBR code
14:15:06.096    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
14:15:06.122    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS      939569 MB offset 206848
14:15:06.165    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS        14198 MB offset 1924444160
14:15:06.177    Service scanning
14:15:09.389    Modules scanning
14:15:09.396    Disk 0 trace - called modules:
14:15:09.427    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
14:15:09.433    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800631d060]
14:15:09.767    3 CLASSPNP.SYS[fffff88001bb143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005f93050]
14:15:14.813    AVAST engine scan C:\Windows
14:15:23.112    AVAST engine scan C:\Windows\system32
14:17:48.604    AVAST engine scan C:\Windows\system32\drivers
14:18:02.951    AVAST engine scan C:\Users\Blubb
14:24:26.630    AVAST engine scan C:\ProgramData
14:26:34.787    Scan finished successfully
14:27:06.260    Disk 0 MBR has been saved successfully to "C:\Users\Blubb\Desktop\MBR.dat"
14:27:06.318    The log file has been saved successfully to "C:\Users\Blubb\Desktop\aswMBR.txt"
Problem tritt immer noch auf :(

cosinus 30.12.2011 19:22
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!


Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


interaktion 30.12.2011 22:17
Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 12/30/2011 at 10:13 PM

Application Version : 5.0.1142

Core Rules Database Version : 8091
Trace Rules Database Version: 5903

Scan type      : Complete Scan
Total Scan Time : 00:48:40

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 723
Memory threats detected  : 0
Registry items scanned    : 71987
Registry threats detected : 0
File items scanned        : 80832
File threats detected    : 29

Adware.Tracking Cookie
        C:\Users\Blubb\AppData\Roaming\Microsoft\Windows\Cookies\D8Y68F7G.txt [ /ad2.adfarm1.adition.com ]
        C:\Users\Blubb\AppData\Roaming\Microsoft\Windows\Cookies\9K9GA0SL.txt [ /zanox.com ]
        C:\Users\Blubb\AppData\Roaming\Microsoft\Windows\Cookies\BYSCBBI6.txt [ /accounts.google.com ]
        C:\Users\Blubb\AppData\Roaming\Microsoft\Windows\Cookies\00I7BY8C.txt [ /tracking.quisma.com ]
        C:\Users\Blubb\AppData\Roaming\Microsoft\Windows\Cookies\QEMFYW3D.txt [ /ads.creative-serving.com ]
        C:\Users\Blubb\AppData\Roaming\Microsoft\Windows\Cookies\Y139VXEL.txt [ /a.revenuemax.de ]
        C:\Users\Blubb\AppData\Roaming\Microsoft\Windows\Cookies\LUHS80FO.txt [ /ad.yieldmanager.com ]
        C:\Users\Blubb\AppData\Roaming\Microsoft\Windows\Cookies\WT7PD2T1.txt [ /ad.zanox.com ]
        C:\Users\Blubb\AppData\Roaming\Microsoft\Windows\Cookies\OC03I18N.txt [ /serving-sys.com ]
        C:\Users\Blubb\AppData\Roaming\Microsoft\Windows\Cookies\MYYLPS6P.txt [ /adfarm1.adition.com ]
        C:\Users\Blubb\AppData\Roaming\Microsoft\Windows\Cookies\WZ40ERST.txt [ /media6degrees.com ]
        C:\Users\Blubb\AppData\Roaming\Microsoft\Windows\Cookies\TC5FKEXI.txt [ /ad3.adfarm1.adition.com ]
        C:\USERS\BLUBB\AppData\Roaming\Microsoft\Windows\Cookies\Low\XCKH28B5.txt [ Cookie:blubb@ad2.adfarm1.adition.com/ ]
        C:\USERS\BLUBB\AppData\Roaming\Microsoft\Windows\Cookies\Low\0NU2XNDQ.txt [ Cookie:blubb@eas.apm.emediate.eu/ ]
        C:\USERS\BLUBB\AppData\Roaming\Microsoft\Windows\Cookies\Low\N0GFU3RY.txt [ Cookie:blubb@zanox.com/ ]
        C:\USERS\BLUBB\AppData\Roaming\Microsoft\Windows\Cookies\Low\JWF9TPBK.txt [ Cookie:blubb@ad.yieldmanager.com/ ]
        C:\USERS\BLUBB\AppData\Roaming\Microsoft\Windows\Cookies\Low\JRCGUXM7.txt [ Cookie:blubb@ad.zanox.com/ ]
        C:\USERS\BLUBB\AppData\Roaming\Microsoft\Windows\Cookies\Low\L7CLC6E8.txt [ Cookie:blubb@adfarm1.adition.com/ ]
        C:\USERS\BLUBB\AppData\Roaming\Microsoft\Windows\Cookies\Low\COVWHO0I.txt [ Cookie:blubb@ad3.adfarm1.adition.com/ ]
        C:\USERS\BLUBB\Cookies\D8Y68F7G.txt [ Cookie:blubb@ad2.adfarm1.adition.com/ ]
        C:\USERS\BLUBB\Cookies\9K9GA0SL.txt [ Cookie:blubb@zanox.com/ ]
        C:\USERS\BLUBB\Cookies\BYSCBBI6.txt [ Cookie:blubb@accounts.google.com/ ]
        C:\USERS\BLUBB\Cookies\Y139VXEL.txt [ Cookie:blubb@a.revenuemax.de/ ]
        C:\USERS\BLUBB\Cookies\LUHS80FO.txt [ Cookie:blubb@ad.yieldmanager.com/ ]
        C:\USERS\BLUBB\Cookies\WT7PD2T1.txt [ Cookie:blubb@ad.zanox.com/ ]
        C:\USERS\BLUBB\Cookies\OC03I18N.txt [ Cookie:blubb@serving-sys.com/ ]
        C:\USERS\BLUBB\Cookies\MYYLPS6P.txt [ Cookie:blubb@adfarm1.adition.com/ ]
        C:\USERS\BLUBB\Cookies\WZ40ERST.txt [ Cookie:blubb@media6degrees.com/ ]
        C:\USERS\BLUBB\Cookies\TC5FKEXI.txt [ Cookie:blubb@ad3.adfarm1.adition.com/ ]

Naja, da wurde ja schon vorher nichts gefunden... :/

edit: Falscher Malware-Log, kommt gleich der Aktuelle, kanns nur grade nich starten wegen ESET ;D

interaktion 30.12.2011 23:33
Code:
Malwarebytes Anti-Malware (Test) 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2011.12.30.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Blubb :: BLUBB-NEU [Administrator]

Schutz: Aktiviert

30.12.2011 20:10:53
mbam-log-2011-12-30 (20-10-53).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 402233
Laufzeit: 1 Stunde(n), 3 Minute(n), 54 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Eset:

Code:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=c186c7f7f169604fbbdbfe10af567a9e
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-27 12:14:08
# local_time=2011-12-27 01:14:08 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 298034 76566155 0 0
# compatibility_mode=8192 67108863 100 0 270769 270769 0 0
# scanned=252611
# found=0
# cleaned=0
# scan_time=8392
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=c186c7f7f169604fbbdbfe10af567a9e
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-30 10:29:56
# local_time=2011-12-30 11:29:56 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 32966 76909739 0 0
# compatibility_mode=8192 67108863 100 0 614353 614353 0 0
# scanned=243335
# found=0
# cleaned=0
# scan_time=4307

cosinus 31.12.2011 00:00
Sieht ok aus, da wurden nur Cookies gefunden.
Noch Probleme oder weitere Funde in der Zwischenzeit?

interaktion 31.12.2011 00:13
Ja, immer noch das selbe Problem :(

Code:
2011/12/30 00:02:39 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 60194, Process: svchost.exe)
2011/12/30 00:02:39 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 60195, Process: svchost.exe)
2011/12/30 00:02:39 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 60196, Process: svchost.exe)
2011/12/30 00:02:39 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 60197, Process: svchost.exe)
2011/12/30 00:12:40 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 62792, Process: svchost.exe)
2011/12/30 00:12:40 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 62793, Process: svchost.exe)
2011/12/30 00:12:40 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 62794, Process: svchost.exe)
2011/12/30 00:12:40 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 62795, Process: svchost.exe)
2011/12/30 00:22:42 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 65317, Process: svchost.exe)
2011/12/30 00:22:42 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 65318, Process: svchost.exe)
2011/12/30 00:22:42 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 65319, Process: svchost.exe)
2011/12/30 00:22:42 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 65320, Process: svchost.exe)
2011/12/30 00:32:22 +0100        BLUBB-NEU        Blubb        MESSAGE        Executing scheduled update:  Daily
2011/12/30 00:32:24 +0100        BLUBB-NEU        Blubb        MESSAGE        Database already up-to-date
2011/12/30 00:32:35 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 51408, Process: svchost.exe)
2011/12/30 00:32:35 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 51409, Process: svchost.exe)
2011/12/30 00:32:35 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 51410, Process: svchost.exe)
2011/12/30 00:32:35 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 51411, Process: svchost.exe)
2011/12/30 00:42:44 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.200 (Type: outgoing, Port: 53920, Process: svchost.exe)
2011/12/30 00:52:37 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 56389, Process: svchost.exe)
2011/12/30 00:52:37 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 56390, Process: svchost.exe)
2011/12/30 00:52:37 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 56391, Process: svchost.exe)
2011/12/30 00:52:37 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 56392, Process: svchost.exe)
2011/12/30 01:02:38 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 58831, Process: svchost.exe)
2011/12/30 01:02:38 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 58832, Process: svchost.exe)
2011/12/30 01:02:38 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 58833, Process: svchost.exe)
2011/12/30 01:02:38 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 58834, Process: svchost.exe)
2011/12/30 01:12:39 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 61249, Process: svchost.exe)
2011/12/30 01:12:39 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 61250, Process: svchost.exe)
2011/12/30 01:12:39 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 61251, Process: svchost.exe)
2011/12/30 01:12:39 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 61252, Process: svchost.exe)
2011/12/30 01:22:41 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 63683, Process: svchost.exe)
2011/12/30 01:22:41 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 63684, Process: svchost.exe)
2011/12/30 01:22:41 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 63685, Process: svchost.exe)
2011/12/30 01:22:41 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 63686, Process: svchost.exe)
2011/12/30 01:32:42 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.200 (Type: outgoing, Port: 49781, Process: svchost.exe)
2011/12/30 01:42:43 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 52264, Process: svchost.exe)
2011/12/30 01:42:43 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 52265, Process: svchost.exe)
2011/12/30 01:42:43 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 52266, Process: svchost.exe)
2011/12/30 01:42:43 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 52267, Process: svchost.exe)
2011/12/30 01:52:44 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 54694, Process: svchost.exe)
2011/12/30 01:52:44 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 54695, Process: svchost.exe)
2011/12/30 01:52:44 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 54696, Process: svchost.exe)
2011/12/30 01:52:44 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 54697, Process: svchost.exe)
2011/12/30 02:02:38 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 57123, Process: svchost.exe)
2011/12/30 02:02:38 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 57124, Process: svchost.exe)
2011/12/30 02:02:38 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 57125, Process: svchost.exe)
2011/12/30 02:02:38 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 57126, Process: svchost.exe)
2011/12/30 02:11:03 +0100        BLUBB-NEU        Blubb        MESSAGE        Stopping IP protection
2011/12/30 02:11:39 +0100        BLUBB-NEU        Blubb        MESSAGE        IP Protection stopped
2011/12/30 02:16:09 +0100        BLUBB-NEU        Blubb        MESSAGE        Starting protection
2011/12/30 02:16:10 +0100        BLUBB-NEU        Blubb        MESSAGE        Protection started successfully
2011/12/30 02:16:13 +0100        BLUBB-NEU        Blubb        MESSAGE        Starting IP protection
2011/12/30 02:16:14 +0100        BLUBB-NEU        Blubb        MESSAGE        IP Protection started successfully
2011/12/30 02:24:41 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 51386, Process: svchost.exe)
2011/12/30 02:24:41 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 51387, Process: svchost.exe)
2011/12/30 02:24:41 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 51388, Process: svchost.exe)
2011/12/30 02:24:41 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 51389, Process: svchost.exe)
2011/12/30 02:24:41 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 51390, Process: svchost.exe)
2011/12/30 02:34:38 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 53666, Process: svchost.exe)
2011/12/30 02:34:38 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 53667, Process: svchost.exe)
2011/12/30 02:34:38 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 53668, Process: svchost.exe)
2011/12/30 02:34:38 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 53669, Process: svchost.exe)
2011/12/30 02:34:38 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 53670, Process: svchost.exe)
2011/12/30 14:13:22 +0100        BLUBB-NEU        Blubb        MESSAGE        Starting protection
2011/12/30 14:13:25 +0100        BLUBB-NEU        Blubb        MESSAGE        Protection started successfully
2011/12/30 14:13:28 +0100        BLUBB-NEU        Blubb        MESSAGE        Starting IP protection
2011/12/30 14:13:28 +0100        BLUBB-NEU        Blubb        MESSAGE        IP Protection started successfully
2011/12/30 14:16:57 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 51675, Process: svchost.exe)
2011/12/30 14:16:57 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 51676, Process: svchost.exe)
2011/12/30 14:16:57 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 51677, Process: svchost.exe)
2011/12/30 14:16:57 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 51678, Process: svchost.exe)
2011/12/30 14:16:57 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 51679, Process: svchost.exe)
2011/12/30 14:26:57 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 54465, Process: svchost.exe)
2011/12/30 14:26:57 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 54466, Process: svchost.exe)
2011/12/30 14:26:57 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 54467, Process: svchost.exe)
2011/12/30 14:26:57 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 54468, Process: svchost.exe)
2011/12/30 14:26:57 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 54469, Process: svchost.exe)
2011/12/30 14:30:01 +0100        BLUBB-NEU        Blubb        IP-BLOCK        84.16.227.186 (Type: outgoing, Port: 55344, Process: iexplore.exe)
2011/12/30 14:30:01 +0100        BLUBB-NEU        Blubb        IP-BLOCK        84.16.227.186 (Type: outgoing, Port: 55345, Process: iexplore.exe)
2011/12/30 14:30:01 +0100        BLUBB-NEU        Blubb        IP-BLOCK        84.16.227.194 (Type: outgoing, Port: 55347, Process: iexplore.exe)
2011/12/30 14:30:02 +0100        BLUBB-NEU        Blubb        IP-BLOCK        84.16.227.194 (Type: outgoing, Port: 55346, Process: iexplore.exe)
2011/12/30 14:30:02 +0100        BLUBB-NEU        Blubb        IP-BLOCK        84.16.227.159 (Type: outgoing, Port: 55349, Process: iexplore.exe)
2011/12/30 14:30:02 +0100        BLUBB-NEU        Blubb        IP-BLOCK        84.16.227.159 (Type: outgoing, Port: 55348, Process: iexplore.exe)
2011/12/30 14:30:02 +0100        BLUBB-NEU        Blubb        IP-BLOCK        84.16.227.184 (Type: outgoing, Port: 55350, Process: iexplore.exe)
2011/12/30 14:30:02 +0100        BLUBB-NEU        Blubb        IP-BLOCK        84.16.227.184 (Type: outgoing, Port: 55351, Process: iexplore.exe)
2011/12/30 14:30:02 +0100        BLUBB-NEU        Blubb        IP-BLOCK        84.16.227.185 (Type: outgoing, Port: 55352, Process: iexplore.exe)
2011/12/30 14:30:02 +0100        BLUBB-NEU        Blubb        IP-BLOCK        84.16.227.185 (Type: outgoing, Port: 55353, Process: iexplore.exe)
2011/12/30 14:36:51 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 57202, Process: svchost.exe)
2011/12/30 14:36:51 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 57203, Process: svchost.exe)
2011/12/30 14:36:51 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 57204, Process: svchost.exe)
2011/12/30 14:36:51 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 57205, Process: svchost.exe)
2011/12/30 14:36:51 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 57206, Process: svchost.exe)
2011/12/30 18:19:32 +0100        BLUBB-NEU        Blubb        MESSAGE        Starting protection
2011/12/30 18:19:34 +0100        BLUBB-NEU        Blubb        MESSAGE        Protection started successfully
2011/12/30 18:19:37 +0100        BLUBB-NEU        Blubb        MESSAGE        Starting IP protection
2011/12/30 18:19:38 +0100        BLUBB-NEU        Blubb        MESSAGE        IP Protection started successfully
2011/12/30 18:22:10 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 56014, Process: svchost.exe)
2011/12/30 18:22:10 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 56015, Process: svchost.exe)
2011/12/30 18:22:10 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 56016, Process: svchost.exe)
2011/12/30 18:22:10 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 56019, Process: svchost.exe)
2011/12/30 18:22:10 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 56021, Process: svchost.exe)
2011/12/30 18:32:04 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 58680, Process: svchost.exe)
2011/12/30 18:32:04 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 58681, Process: svchost.exe)
2011/12/30 18:32:04 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 58682, Process: svchost.exe)
2011/12/30 18:32:04 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 58683, Process: svchost.exe)
2011/12/30 18:32:04 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 58684, Process: svchost.exe)
2011/12/30 18:42:05 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.200 (Type: outgoing, Port: 61205, Process: svchost.exe)
2011/12/30 18:49:42 +0100        BLUBB-NEU        Blubb        IP-BLOCK        212.117.165.231 (Type: outgoing, Port: 63310, Process: iexplore.exe)
2011/12/30 18:49:42 +0100        BLUBB-NEU        Blubb        IP-BLOCK        212.117.165.231 (Type: outgoing, Port: 63308, Process: iexplore.exe)
2011/12/30 18:49:42 +0100        BLUBB-NEU        Blubb        IP-BLOCK        212.117.165.231 (Type: outgoing, Port: 63309, Process: iexplore.exe)
2011/12/30 18:49:42 +0100        BLUBB-NEU        Blubb        IP-BLOCK        212.117.165.231 (Type: outgoing, Port: 63311, Process: iexplore.exe)
2011/12/30 18:49:42 +0100        BLUBB-NEU        Blubb        IP-BLOCK        212.117.165.231 (Type: outgoing, Port: 63313, Process: iexplore.exe)
2011/12/30 18:49:42 +0100        BLUBB-NEU        Blubb        IP-BLOCK        212.117.165.231 (Type: outgoing, Port: 63312, Process: iexplore.exe)
2011/12/30 18:49:42 +0100        BLUBB-NEU        Blubb        IP-BLOCK        212.117.165.231 (Type: outgoing, Port: 63315, Process: iexplore.exe)
2011/12/30 18:49:42 +0100        BLUBB-NEU        Blubb        IP-BLOCK        212.117.165.231 (Type: outgoing, Port: 63314, Process: iexplore.exe)
2011/12/30 18:52:07 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 63960, Process: svchost.exe)
2011/12/30 18:52:07 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 63961, Process: svchost.exe)
2011/12/30 18:52:07 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 63962, Process: svchost.exe)
2011/12/30 18:52:07 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 63963, Process: svchost.exe)
2011/12/30 18:52:07 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 63964, Process: svchost.exe)
2011/12/30 19:02:09 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 50172, Process: svchost.exe)
2011/12/30 19:02:09 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 50173, Process: svchost.exe)
2011/12/30 19:02:09 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 50174, Process: svchost.exe)
2011/12/30 19:02:09 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 50175, Process: svchost.exe)
2011/12/30 19:02:09 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 50176, Process: svchost.exe)
2011/12/30 19:12:07 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 52654, Process: svchost.exe)
2011/12/30 19:12:07 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 52655, Process: svchost.exe)
2011/12/30 19:12:07 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 52656, Process: svchost.exe)
2011/12/30 19:12:07 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 52657, Process: svchost.exe)
2011/12/30 19:22:05 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 55093, Process: svchost.exe)
2011/12/30 19:22:05 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 55094, Process: svchost.exe)
2011/12/30 19:22:06 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 55095, Process: svchost.exe)
2011/12/30 19:22:06 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 55096, Process: svchost.exe)
2011/12/30 19:32:10 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.200 (Type: outgoing, Port: 57579, Process: svchost.exe)
2011/12/30 19:42:07 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 60200, Process: svchost.exe)
2011/12/30 19:42:07 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 60201, Process: svchost.exe)
2011/12/30 19:42:07 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 60202, Process: svchost.exe)
2011/12/30 19:42:07 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 60203, Process: svchost.exe)
2011/12/30 19:52:12 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 62693, Process: svchost.exe)
2011/12/30 19:52:12 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 62694, Process: svchost.exe)
2011/12/30 19:52:12 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 62695, Process: svchost.exe)
2011/12/30 19:52:12 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 62696, Process: svchost.exe)
2011/12/30 20:02:07 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 65124, Process: svchost.exe)
2011/12/30 20:02:07 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 65125, Process: svchost.exe)
2011/12/30 20:02:07 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 65126, Process: svchost.exe)
2011/12/30 20:02:07 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 65127, Process: svchost.exe)
2011/12/30 20:10:44 +0100        BLUBB-NEU        Blubb        MESSAGE        Starting database refresh
2011/12/30 20:10:44 +0100        BLUBB-NEU        Blubb        MESSAGE        Stopping IP protection
2011/12/30 20:11:26 +0100        BLUBB-NEU        Blubb        MESSAGE        IP Protection stopped
2011/12/30 20:11:28 +0100        BLUBB-NEU        Blubb        MESSAGE        Database refreshed successfully
2011/12/30 20:11:28 +0100        BLUBB-NEU        Blubb        MESSAGE        Starting IP protection
2011/12/30 20:11:28 +0100        BLUBB-NEU        Blubb        MESSAGE        IP Protection started successfully
2011/12/30 20:12:08 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 51287, Process: svchost.exe)
2011/12/30 20:12:08 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 51288, Process: svchost.exe)
2011/12/30 20:12:08 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 51289, Process: svchost.exe)
2011/12/30 20:12:08 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 51290, Process: svchost.exe)
2011/12/30 20:22:07 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.200 (Type: outgoing, Port: 54370, Process: svchost.exe)
2011/12/30 20:32:12 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 56984, Process: svchost.exe)
2011/12/30 20:32:12 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 56985, Process: svchost.exe)
2011/12/30 20:32:12 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 56986, Process: svchost.exe)
2011/12/30 20:32:12 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 56987, Process: svchost.exe)
2011/12/30 20:42:06 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 59536, Process: svchost.exe)
2011/12/30 20:42:06 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 59537, Process: svchost.exe)
2011/12/30 20:42:06 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 59538, Process: svchost.exe)
2011/12/30 20:42:06 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 59539, Process: svchost.exe)
2011/12/30 20:52:11 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 61975, Process: svchost.exe)
2011/12/30 20:52:11 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 61976, Process: svchost.exe)
2011/12/30 20:52:11 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 61977, Process: svchost.exe)
2011/12/30 20:52:11 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 61978, Process: svchost.exe)
2011/12/30 21:02:07 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 64410, Process: svchost.exe)
2011/12/30 21:02:07 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 64411, Process: svchost.exe)
2011/12/30 21:02:07 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 64412, Process: svchost.exe)
2011/12/30 21:02:07 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 64413, Process: svchost.exe)
2011/12/30 21:12:13 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.200 (Type: outgoing, Port: 50510, Process: svchost.exe)
2011/12/30 21:22:07 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 52937, Process: svchost.exe)
2011/12/30 21:22:07 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 52938, Process: svchost.exe)
2011/12/30 21:22:07 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 52939, Process: svchost.exe)
2011/12/30 21:22:07 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 52940, Process: svchost.exe)
2011/12/30 21:32:12 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 55399, Process: svchost.exe)
2011/12/30 21:32:12 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 55400, Process: svchost.exe)
2011/12/30 21:32:12 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 55401, Process: svchost.exe)
2011/12/30 21:32:12 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 55402, Process: svchost.exe)
2011/12/30 21:42:07 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 57834, Process: svchost.exe)
2011/12/30 21:42:07 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 57835, Process: svchost.exe)
2011/12/30 21:42:07 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 57836, Process: svchost.exe)
2011/12/30 21:42:07 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 57837, Process: svchost.exe)
2011/12/30 21:52:10 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 60444, Process: svchost.exe)
2011/12/30 21:52:10 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 60445, Process: svchost.exe)
2011/12/30 21:52:10 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 60446, Process: svchost.exe)
2011/12/30 21:52:10 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 60447, Process: svchost.exe)
2011/12/30 22:02:13 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.200 (Type: outgoing, Port: 62894, Process: svchost.exe)
2011/12/30 22:12:09 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 65396, Process: svchost.exe)
2011/12/30 22:12:09 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 65397, Process: svchost.exe)
2011/12/30 22:12:09 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 65398, Process: svchost.exe)
2011/12/30 22:12:09 +0100        BLUBB-NEU        Blubb        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 65399, Process: svchost.exe)
2011/12/30 22:16:48 +0100        BLUBB-NEU        Blubb        MESSAGE        Stopping IP protection
2011/12/30 22:17:27 +0100        BLUBB-NEU        Blubb        MESSAGE        IP Protection stopped
2011/12/30 23:33:22 +0100        BLUBB-NEU        Blubb        MESSAGE        Starting IP protection
2011/12/30 23:33:23 +0100        BLUBB-NEU        Blubb        MESSAGE        IP Protection started successfully

cosinus 31.12.2011 00:18
Hast du rein zufällig einen Router? Wenn ja wurde da das Adminpasswort geändert?
Wenn nicht, setz diesen Router auf Werkseinstellungen zurück und konfiguriere ihn neu. Wichtig ist, dass du das unsichere vordefinierte Adminkennwort zum Router änderst!

interaktion 31.12.2011 01:29
Mhhh, also, ich habe das Ding auf die Werkseinstellungen zurückgesetzt. Da fragt er mich gleich am Anfang, dass ich ein eigenes Passwort einrichten soll (es ist gar keines eingegeben, das richte ich von Anfang an selbst ein). Ich habe es geändert. Auch das vom W-LAN.

Oder was meintest du mit "Adminpasswort"?

interaktion 31.12.2011 02:54
Seit 0:33 trat das mit der IP nich mehr auf (das Passwort habe ich eine Stunde später, gegen 1:30 geändert, bzw. das mit den Werkseinstellungen gemacht - war also schon zuvor).

Es bleibt abzuwarten. Was war es denn, wenn es jetzt nie mehr kommt oder was könntest du dir vorstellen, was das ist? Was ich komisch finde, ist, dass es hier ja noch einen Thread gibt von jemandem, der genau das gleiche Problem beschreibt. Es muss also doch irgendwas Kollektives sein (in dem Sinne, dass da etwas ist, das mehrere Rechner "angreift", wenn du verstehst, was ich meine. Wäre das ein einzelner Angriff gegen meinen Rechner im Speziellen, gäbe es hier ja keinen zweiten Thread von jemand anderem, der exakt das gleiche Problem beschreibt).

interaktion 31.12.2011 13:05
Problem immer noch das Gleiche :(... Was kann denn das sein? Hier war schon mal das gleiche Problem und es blieb ungelöst:

hxxp://www.hijackthis-forum.de/hijackthis-logfiles/50471-malewarebytes-blockiert-andauern-ip-von-svchost-12.html

cosinus 02.01.2012 10:06
  • Klick mit rechts auf einen freien Bereich auf dem Desktop und sag "Neu, Verknüpfung erstellen"

  • Tipp als Ziel cmd.exe ein und bestätige mit OK, eine neue Verknüpfung zur Konsole auf dem Desktop müsste sich nun befinden

  • Falls dem so ist, diese neue Verknüpfung rechtsklicken => Als Administrator ausführen => Sicherheitsabfrage der Benutzerkontensteuerung ggf. bestätigen => schwarze Eingabeaufforderung öffnet sich

  • Tipp dort ein:
    Code:
    ipconfig /all > c:\ipconfig.txt
    und bestätige mit enter.

  • Öffne die Datei c:\ipconfig.txt und poste den Inhalt hier mit CODE-Tags umschlossen

interaktion 02.01.2012 17:33
Code:
Windows-IP-Konfiguration

  Hostname  . . . . . . . . . . . . : Blubb-Neu
  Prim„res DNS-Suffix . . . . . . . :
  Knotentyp . . . . . . . . . . . . : Hybrid
  IP-Routing aktiviert  . . . . . . : Nein
  WINS-Proxy aktiviert  . . . . . . : Nein
  DNS-Suffixsuchliste . . . . . . . : fritz.box

Ethernet-Adapter LAN-Verbindung:

  Verbindungsspezifisches DNS-Suffix: fritz.box
  Beschreibung. . . . . . . . . . . : Realtek PCIe GBE Family Controller
  Physikalische Adresse . . . . . . : 6C-62-6D-ED-C5-17
  DHCP aktiviert. . . . . . . . . . : Ja
  Autokonfiguration aktiviert . . . : Ja
  Verbindungslokale IPv6-Adresse  . : fe80::2579:33c6:a6d7:4b2a%11(Bevorzugt)
  IPv4-Adresse  . . . . . . . . . . : 192.168.178.20(Bevorzugt)
  Subnetzmaske  . . . . . . . . . . : 255.255.255.0
  Lease erhalten. . . . . . . . . . : Montag, 2. Januar 2012 14:49:22
  Lease l„uft ab. . . . . . . . . . : Donnerstag, 12. Januar 2012 14:49:22
  Standardgateway . . . . . . . . . : 192.168.178.1
  DHCP-Server . . . . . . . . . . . : 192.168.178.1
  DHCPv6-IAID . . . . . . . . . . . : 255877510
  DHCPv6-Client-DUID. . . . . . . . : 00-01-00-01-15-2D-92-DE-40-61-86-CC-5C-D3
  DNS-Server  . . . . . . . . . . . : 192.168.178.1
  NetBIOS ber TCP/IP . . . . . . . : Aktiviert

Tunneladapter LAN-Verbindung* 9:

  Verbindungsspezifisches DNS-Suffix:
  Beschreibung. . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
  Physikalische Adresse . . . . . . : 00-00-00-00-00-00-00-E0
  DHCP aktiviert. . . . . . . . . . : Nein
  Autokonfiguration aktiviert . . . : Ja
  IPv6-Adresse. . . . . . . . . . . : 2001:0:5ef5:79fb:10b4:310e:3f57:4deb(Bevorzugt)
  Verbindungslokale IPv6-Adresse  . : fe80::10b4:310e:3f57:4deb%10(Bevorzugt)
  Standardgateway . . . . . . . . . : ::
  NetBIOS ber TCP/IP . . . . . . . : Deaktiviert

Tunneladapter isatap.fritz.box:

  Medienstatus. . . . . . . . . . . : Medium getrennt
  Verbindungsspezifisches DNS-Suffix: fritz.box
  Beschreibung. . . . . . . . . . . : Microsoft-ISATAP-Adapter
  Physikalische Adresse . . . . . . : 00-00-00-00-00-00-00-E0
  DHCP aktiviert. . . . . . . . . . : Nein
  Autokonfiguration aktiviert . . . : Ja
Ich habe übrigens eMail-Antwort von der Plus Line AG bekommen:

Zitat:
Sehr geehrt

es scheint, als hätten Sie zusammen mit anderer Software auch eine Werbesoftware auf Ihrem Rechner installiert. Die u.g. Antwort habe ich jedenfalls von unserem Kunden bekommen. Dies würde auch erklären, warum Sie keine Meldungen von Ihrer Virensoftware erhalten. Ist auch ärgerlich, wenn so etwas im Kleingedruckten steht, aber vermutlich zulässig (leider).

Mit freundlichen Grüßen

xxx



> Nach Rücksprache mit meinem Kunden stellt sich die Lage wie folgt dar:
>
> Es handelt sich hierbei nicht, wie von ihrer sg. dritten Stelle
> behauptet, um einen Trojaner.
> Vielmehr handelt es sich um eine Werbesoftware, die vom User
> eigenhändig heruntergeladen und installiert wird, nachdem er den
> angezeigten AGB zugestimmt hat.
>
> Sollte der User die installierte Software nicht mehr nutzen wollen so
> kann er unter der URL
>
> hxxp://uninstall-ad.com
>
> eine Deinstallations-Software herunterladen und die von ihm
> installierte Software damit entfernen.
>
> Gruss
>
>> wir haben von dritten Personen Hinweise darauf erhalten, dass aus den
>> IP-Bereichen von Consumer Benefit LTD (82.98.97.176/28
>> 82.98.97.192/28) Trojaner Software verteilt wird. Die Person, die
>> uns den unten stehen Logauszug gesendet hat, scheint leider auch
>> nicht allein betroffen zu sein.
>>
>> Anbei ein Auszug aus dem Log einer Firwall eines betroffenen Rechners:
>>
>> ##############
>>
>> 02:05:45 Blubb IP-BLOCK 82.98.97.200 (Type:
>> outgoing, Port: 52353, Process: svchost.exe)
>>
>> 02:19:41 Blubb IP-BLOCK 82.98.97.183 (Type:
>> outgoing, Port: 49702, Process: svchost.exe)
>>
>> 02:19:41 Blubb IP-BLOCK 82.98.97.185 (Type:
>> outgoing, Port: 49703, Process: svchost.exe)
>>
>> 02:19:41 Blubb IP-BLOCK 82.98.97.203 (Type:
>> outgoing, Port: 49704, Process: svchost.exe)
>>
>> 02:19:41 Blubb IP-BLOCK 82.98.97.206 (Type:
>> outgoing, Port: 49705, Process: svchost.exe)
>>
>> 02:29:42 Blubb IP-BLOCK 82.98.97.183 (Type:
>> outgoing, Port: 50364, Process: svchost.exe)
>>
>> ##############
>>
>> Bitte ergreifen Sie geeignete Maßnahmen, bzw veranlassen Sie Ihren Kunden dazu und geben Sie uns bitte bis morgen mittag eine Rückmeldung zu der Angelegenheit.
>>
>> Mit freundlichen Grüßen
Der "rettende Link" funktioniert nicht. lol

cosinus 02.01.2012 20:48
Ich versteh nciht ganz, was für eine Software soll dann das sein? von welchem Programm genau ist denn hier die Rede? :confused:
Dass heutzuge fast jedes Setup dem User Toolbars und anderen Müll unterschieben will, manchmal gibt es nichtmal ein ein opt-out(!!), ist doch schon lange nichts mehr neues :mad:

interaktion 02.01.2012 22:21
Ja, ich frage mich auch, um welches Programm es hier geht. Hab ich auch gefragt, noch keine Antwort...

Ich will das Ding einfach wieder loswerden. :(

interaktion 03.01.2012 17:37
Na toll :(

Zitat:
Sehr geehrt,

leider vermag ich Ihnen in dieser Angelegenheit nicht mehr weiter helfen und bitte Sie dafür um Verständnis: weder sind Sie Kunde der Plus.line noch ist die Consumer Benefit LTD direkter Kunde von uns (sondern Kunde eines Kunden). Die Kontaktdaten der Consumer Benefit LTD finden Sie über eine "whois"-Abfrage im Internet herraus.

Mit freundlichen Grüßen

cosinus 03.01.2012 20:49
Ich hab den Thread im Hijackthis-Forum nochmal genauer durchgelesen.
Eine weitere Möglichkeit könnte sein, dass du mal dieser Masche zum Opfer gefallen bist => heise online - Vorgebliche Browser-Updates installieren Ad-Ware

Deinstalliere den FF mal komplett. Lade ihn direkt von Mozilla Firefox Web Browser neu runter und installiere ihn.
Wenn das immer noch nicht hilft wüsste ich nur einen Workaround, der das Übel aber nicht an der Wurzel packt, da ich nicht genau weiß was das verursacht. Wie im Hijackthis-Strang beschrieben könnte man evtl. mit dem TCPViewer oder einem svchost-Analyser weiterkommen. Notfalls muss man solche Geschütze wie Wireshark ausrollen :snyper:

interaktion 03.01.2012 21:00
Ich habe Firefox leider gar nicht auf meinem Rechner installiert. Ich nutze Internet Explorer (aktuell 9). Firefox war auch nie installiert. Ansonsten nutze ich ab und zu Safari, dieser wird aber direkt über iTunes geupdatet...

Ich bin mir auch nicht sicher, ob das die gleiche Consumer Benifit LTD ist, da diese ihren Sitz in Tschechien, meine IP da aber aus England (Wakefield) kommt.

Wie weiter?

cosinus 03.01.2012 21:13
Ok, dann ist es was anderes.

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten und auch ALLE USERPROFILE scannen lassen

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

interaktion 05.01.2012 00:07
Code:
OTL logfile created on: 1/4/2012 11:47:59 PM - Run 3
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\Blubb\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5.87 Gb Total Physical Memory | 3.48 Gb Available Physical Memory | 59.26% Memory free
11.73 Gb Paging File | 9.57 Gb Available in Paging File | 81.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917.55 Gb Total Space | 727.33 Gb Free Space | 79.27% Space Free | Partition Type: NTFS
Drive D: | 13.87 Gb Total Space | 1.68 Gb Free Space | 12.10% Space Free | Partition Type: NTFS
Drive E: | 677.69 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: BLUBB-NEU | User Name: Blubb | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/12/23 03:23:49 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Blubb\Desktop\OTL.exe
PRC - [2011/10/09 11:54:58 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/09/28 16:09:28 | 001,119,768 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2010/04/23 20:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/23 20:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/02 10:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2010/03/04 04:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/04 04:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/10/01 05:02:50 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/10/01 05:02:48 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2008/11/20 18:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011/12/29 19:46:59 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\b41e38edbd6dfe20997f6ea7c080aceb\System.Web.ni.dll
MOD - [2011/12/29 19:46:50 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll
MOD - [2011/10/13 08:06:52 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\3c8f9ba115087754b5b1d8394fc818ba\IAStorUtil.ni.dll
MOD - [2011/10/13 08:01:16 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/10/13 08:01:11 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/10/13 08:01:02 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011/10/13 08:00:58 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/10/13 08:00:56 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/10/13 08:00:55 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/13 08:00:52 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/04/06 04:54:22 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010/11/13 01:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011/08/12 00:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2011/05/19 05:37:01 | 000,409,672 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV)
SRV:64bit: - [2010/08/06 03:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/03/24 11:43:38 | 002,299,656 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe -- (VSSERV)
SRV:64bit: - [2010/03/12 15:42:40 | 000,393,728 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan)
SRV:64bit: - [2009/10/19 19:04:58 | 000,278,224 | ---- | M] (BitDefender S.R.L. hxxp://www.bitdefender.com) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe -- (Arrakis3)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/10/28 19:35:26 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/06/21 14:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/24 13:13:07 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/09/28 16:09:28 | 001,119,768 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2010/06/19 02:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/06/01 23:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/04 04:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009/10/01 05:02:50 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/10/01 05:02:48 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/10/28 19:35:28 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2011/07/22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS -- (SASDIFSV)
DRV:64bit: - [2011/07/12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS -- (SASKUTIL)
DRV:64bit: - [2011/05/19 05:37:12 | 000,089,680 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys -- (bdfwfpf)
DRV:64bit: - [2011/05/10 07:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/03 07:59:26 | 000,349,800 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/06/22 02:07:38 | 000,131,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/03/04 03:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/22 13:57:54 | 000,347,336 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV:64bit: - [2010/01/29 13:47:04 | 000,163,936 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\bdfm.sys -- (BDFM)
DRV:64bit: - [2009/09/17 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK/4
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Blubb\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
 
 
O1 HOSTS File: ([2011/12/29 17:19:31 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\IEToolbar.dll (BitDefender S.R.L.)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\Antispam32\IEToolbar.dll (BitDefender S.R.L.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe (BitDefender S.R.L.)
O4:64bit: - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe (BitDefender S.R.L.)
O4:64bit: - HKLM..\Run: [BitDefender Antiphishing Helper 32] C:\Program Files\BitDefender\BitDefender 2010\Antispam32\IEShow.exe (BitDefender S.R.L.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [Corel Photo Downloader] C:\Program Files (x86)\Corel\Corel Snapfire\Corel Photo Downloader.exe (Corel, Inc.)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [FILSHtray] C:\Program Files (x86)\FILSHtray\FILSHtray.exe (FILSH Media GmbH)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKCU..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Blubb\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B863EC08-5BA9-4F6F-A3E8-A201DB2FFA90}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FED421C8-E781-4DF8-8530-40B09201897C}: DhcpNameServer = 10.111.81.129 10.129.32.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/22 16:17:27 | 000,000,175 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
 
SafeBootMin:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker 2.6
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/01/03 23:00:46 | 000,000,000 | ---D | C] -- C:\Users\Blubb\Documents\FILSHtray
[2012/01/03 23:00:46 | 000,000,000 | ---D | C] -- C:\Users\Blubb\AppData\Local\FILSH_Media_GmbH
[2012/01/03 23:00:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FILSHtray
[2012/01/03 23:00:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FILSHtray
[2011/12/29 23:04:21 | 004,702,720 | ---- | C] (AVAST Software) -- C:\Users\Blubb\Desktop\aswMBR.exe
[2011/12/29 17:19:32 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/12/29 17:12:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/29 17:12:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/29 17:12:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/29 17:12:30 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/29 17:12:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/29 17:10:42 | 004,356,248 | R--- | C] (Swearware) -- C:\Users\Blubb\Desktop\ComboFix.exe
[2011/12/29 14:26:33 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Blubb\Desktop\tdsskiller.exe
[2011/12/29 01:33:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/28 19:55:38 | 000,000,000 | ---D | C] -- C:\Users\Blubb\AppData\Roaming\SUPERAntiSpyware.com
[2011/12/28 19:55:21 | 000,000,000 | ---D | C] -- C:\Users\Blubb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/12/28 19:55:16 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/12/28 19:55:16 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/12/28 16:25:39 | 000,069,376 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2011/12/28 16:25:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011/12/28 16:25:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2011/12/27 02:18:45 | 000,000,000 | ---D | C] -- C:\Users\Blubb\AppData\Local\WMTools Downloaded Files
[2011/12/27 01:43:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011/12/27 01:43:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/12/27 01:40:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2011/12/27 01:40:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2011/12/27 01:40:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2011/12/27 01:39:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/12/27 01:39:43 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011/12/27 00:51:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Movie Maker 2.6
[2011/12/27 00:47:10 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011/12/26 23:11:00 | 000,000,000 | ---D | C] -- C:\Windows\de
[2011/12/26 23:09:54 | 000,000,000 | ---D | C] -- C:\Windows\en
[2011/12/26 23:07:01 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2011/12/26 23:03:33 | 000,000,000 | ---D | C] -- C:\Users\Blubb\AppData\Local\Windows Live
[2011/12/23 20:38:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/12/23 15:23:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/23 15:23:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/12/23 03:23:39 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Blubb\Desktop\OTL.exe
[2011/12/12 17:15:41 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJScan
[2011/12/12 17:15:40 | 000,000,000 | ---D | C] -- C:\Users\Blubb\AppData\Roaming\Canon
[2011/12/08 21:31:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/12/08 21:31:27 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2011/12/08 21:15:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
 
========== Files - Modified Within 30 Days ==========
 
[2012/01/04 22:32:01 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3701193968-2768520944-2608497257-1000UA.job
[2012/01/04 22:32:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3701193968-2768520944-2608497257-1000Core.job
[2012/01/04 17:21:11 | 000,337,577 | ---- | M] () -- C:\Users\Blubb\Desktop\Image2.jpg
[2012/01/04 17:15:34 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/04 17:15:34 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/04 17:12:47 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/04 17:12:47 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012/01/04 17:12:47 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/04 17:12:47 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012/01/04 17:12:47 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/04 17:09:22 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012/01/04 17:09:22 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012/01/04 17:07:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/04 17:07:54 | 429,191,167 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/04 00:25:56 | 000,000,052 | ---- | M] () -- C:\Windows\SysNative\ashttpstats.csv
[2012/01/02 23:49:45 | 000,071,108 | ---- | M] () -- C:\Users\Blubb\Desktop\471006d9-52111194.jpg
[2012/01/02 23:30:16 | 002,158,588 | ---- | M] () -- C:\Users\Blubb\Desktop\IMG_0451.JPG
[2012/01/02 17:30:41 | 000,001,207 | ---- | M] () -- C:\Users\Blubb\Desktop\cmd.lnk
[2012/01/02 16:17:54 | 000,086,480 | ---- | M] () -- C:\Users\Blubb\Desktop\Image1.jpg
[2012/01/01 22:07:29 | 000,001,854 | ---- | M] () -- C:\Users\Blubb\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/12/30 20:02:49 | 000,013,579 | ---- | M] () -- C:\Users\Blubb\Desktop\term.odt
[2011/12/30 17:51:14 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBlubb.job
[2011/12/29 23:04:28 | 004,702,720 | ---- | M] (AVAST Software) -- C:\Users\Blubb\Desktop\aswMBR.exe
[2011/12/29 19:45:39 | 001,589,442 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/12/29 17:19:31 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/12/29 17:11:02 | 004,356,248 | R--- | M] (Swearware) -- C:\Users\Blubb\Desktop\ComboFix.exe
[2011/12/29 14:26:38 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Blubb\Desktop\tdsskiller.exe
[2011/12/28 20:53:35 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/28 16:28:52 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/12/28 16:28:51 | 000,016,432 | ---- | M] () -- C:\Windows\SysNative\lsdelete.exe
[2011/12/28 16:25:40 | 000,001,062 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/12/27 14:08:34 | 002,350,352 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/27 02:10:39 | 000,003,584 | ---- | M] () -- C:\Users\Blubb\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/27 00:50:11 | 000,003,029 | ---- | M] () -- C:\Users\Blubb\Desktop\Microsoft Word 2010.lnk
[2011/12/27 00:50:08 | 000,003,231 | ---- | M] () -- C:\Users\Blubb\Desktop\Microsoft Outlook 2010.lnk
[2011/12/23 03:23:49 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Blubb\Desktop\OTL.exe
[2011/12/23 03:11:49 | 000,000,000 | ---- | M] () -- C:\Users\Blubb\defogger_reenable
[2011/12/20 13:29:13 | 002,008,352 | ---- | M] () -- C:\Users\Blubb\Desktop\IMG_0448.JPG
[2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/12/08 21:31:28 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/12/08 10:57:08 | 154,528,034 | ---- | M] () -- C:\Users\Blubb\Desktop\Oberstdorf-11-2011.wmv
[2011/12/06 02:04:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBLUBB-NEU$.job
 
========== Files Created - No Company Name ==========
 
[2012/01/04 17:21:10 | 000,337,577 | ---- | C] () -- C:\Users\Blubb\Desktop\Image2.jpg
[2012/01/02 23:55:12 | 000,071,108 | ---- | C] () -- C:\Users\Blubb\Desktop\471006d9-52111194.jpg
[2012/01/02 23:29:50 | 002,158,588 | ---- | C] () -- C:\Users\Blubb\Desktop\IMG_0451.JPG
[2012/01/02 17:30:36 | 000,001,207 | ---- | C] () -- C:\Users\Blubb\Desktop\cmd.lnk
[2012/01/01 22:07:19 | 000,086,480 | ---- | C] () -- C:\Users\Blubb\Desktop\Image1.jpg
[2011/12/30 20:02:46 | 000,013,579 | ---- | C] () -- C:\Users\Blubb\Desktop\term.odt
[2011/12/29 17:12:35 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/29 17:12:35 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/29 17:12:35 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/29 17:12:35 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/29 17:12:35 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/28 20:53:35 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/28 19:55:21 | 000,001,854 | ---- | C] () -- C:\Users\Blubb\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/12/28 19:04:05 | 000,016,432 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe
[2011/12/28 16:25:40 | 000,001,062 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/12/27 02:10:39 | 000,003,584 | ---- | C] () -- C:\Users\Blubb\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/27 00:51:13 | 000,002,507 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker 2.6.lnk
[2011/12/27 00:50:11 | 000,003,029 | ---- | C] () -- C:\Users\Blubb\Desktop\Microsoft Word 2010.lnk
[2011/12/27 00:50:08 | 000,003,231 | ---- | C] () -- C:\Users\Blubb\Desktop\Microsoft Outlook 2010.lnk
[2011/12/26 23:01:36 | 154,528,034 | ---- | C] () -- C:\Users\Blubb\Desktop\Oberstdorf-11-2011.wmv
[2011/12/23 03:11:49 | 000,000,000 | ---- | C] () -- C:\Users\Blubb\defogger_reenable
[2011/12/20 13:30:58 | 002,008,352 | ---- | C] () -- C:\Users\Blubb\Desktop\IMG_0448.JPG
[2011/12/08 21:31:28 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/08/17 17:21:54 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2011/08/17 17:21:48 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2011/07/08 20:28:06 | 000,000,020 | ---- | C] () -- C:\Windows\mafosav.INI
[2011/06/10 14:25:13 | 000,001,854 | ---- | C] () -- C:\Users\Blubb\AppData\Roaming\GhostObjGAFix.xml
[2011/05/29 03:43:33 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/05/29 03:43:33 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/04/22 16:27:42 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/04/21 16:42:01 | 000,000,121 | ---- | C] () -- C:\Windows\bdagent.INI
[2011/04/21 15:57:48 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/04/06 04:32:35 | 000,009,988 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2010/09/21 18:30:44 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2011/04/23 20:45:59 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Amazon
[2011/05/18 20:02:10 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\BitDefender
[2011/12/30 20:01:43 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Canon
[2011/12/07 21:31:54 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Dropbox
[2011/10/06 02:02:19 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\FreeHideIP
[2012/01/04 23:46:57 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\ICQ
[2011/10/21 21:48:38 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Origin
[2011/04/21 16:06:39 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\PictureMover
[2011/07/08 20:15:32 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Systweak
[2011/10/21 14:02:15 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\WinBatch
[2012/01/04 22:32:00 | 000,000,906 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3701193968-2768520944-2608497257-1000Core.job
[2012/01/04 22:32:01 | 000,000,928 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3701193968-2768520944-2608497257-1000UA.job
[2011/12/05 21:24:48 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011/09/30 13:20:57 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Adobe
[2011/04/23 20:45:59 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Amazon
[2011/07/25 21:35:33 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Apple Computer
[2011/05/18 20:02:10 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\BitDefender
[2011/08/17 17:22:56 | 000,000,000 | R--D | M] -- C:\Users\Blubb\AppData\Roaming\Brother
[2011/12/30 20:01:43 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Canon
[2012/01/04 17:21:11 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Corel
[2011/05/14 19:15:17 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\CyberLink
[2011/12/07 21:31:54 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Dropbox
[2011/10/06 02:02:19 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\FreeHideIP
[2011/10/21 13:57:31 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Hewlett-Packard
[2011/12/30 14:16:55 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\HP Support Assistant
[2011/10/21 14:04:11 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\hpqLog
[2011/12/30 14:16:55 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\HpUpdate
[2012/01/04 23:46:57 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\ICQ
[2011/04/21 16:05:24 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Identities
[2011/08/17 17:21:00 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\InstallShield
[2011/04/21 16:05:39 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Intel Corporation
[2011/04/06 04:37:02 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Macromedia
[2011/05/30 02:30:16 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Malwarebytes
[2009/07/14 08:44:38 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Media Center Programs
[2011/12/23 11:12:28 | 000,000,000 | --SD | M] -- C:\Users\Blubb\AppData\Roaming\Microsoft
[2011/05/27 15:30:06 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Mozilla
[2011/10/21 21:48:38 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Origin
[2011/04/21 16:06:39 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\PictureMover
[2012/01/03 15:21:03 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Skype
[2011/12/28 19:55:38 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\SUPERAntiSpyware.com
[2011/07/08 20:15:32 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Systweak
[2011/10/21 14:02:15 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\WinBatch
[2011/04/22 15:46:12 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2011/04/21 18:14:13 | 000,010,134 | R--- | M] () -- C:\Users\Blubb\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20776_none_39c28c74544f69e8\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache86\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\ERDNT\cache64\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2009/06/25 15:06:52 | 000,001,024 | ---- | M] () MD5=231CD46A29C26A58BDE1C7146B702399 -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\lib\eventlog.dll
[2008/06/06 22:03:52 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll
 
< MD5 for: IASTOR.SYS  >
[2010/03/04 03:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\swsetup\DRV\Storage\Intel\RST\9.6\x64\iaStor.sys
[2010/03/04 03:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\Windows\SysNative\drivers\iaStor.sys
[2010/03/04 03:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_78ebae21a80aa2b4\iaStor.sys
[2010/03/04 03:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_d73865c94450cce1\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010/11/20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/04/06 05:08:57 | 000,410,504 | ---- | M] (Intel Corporation) MD5=513DC087CFED7D2BB82F005385D3531F -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16592_none_0af87721a183cb70\iaStorV.sys
[2011/03/11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
[2011/04/06 05:08:57 | 000,410,496 | ---- | M] (Intel Corporation) MD5=E353CF970C5D4D6A092911E15FB78C07 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20712_none_0bd89532ba6088d9\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009/07/14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\ERDNT\cache64\netlogon.dll
[2010/11/20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010/11/20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\ERDNT\cache86\netlogon.dll
[2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011/04/06 05:08:57 | 000,166,280 | ---- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_95c1e7d0d8ba7548\nvstor.sys
[2009/07/14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011/04/06 05:08:57 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=CE76755AF933E728CEBA6C7A970838A4 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_96a205e1f19732b1\nvstor.sys
[2011/03/11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\ERDNT\cache86\scecli.dll
[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\ERDNT\cache64\scecli.dll
[2010/11/20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010/11/20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010/11/20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\ERDNT\cache86\user32.dll
[2010/11/20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010/11/20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009/07/14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010/11/20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\ERDNT\cache64\user32.dll
[2010/11/20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010/11/20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe
[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\ERDNT\cache64\wininit.exe
[2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache86\wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2011/04/06 05:04:20 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2011/04/06 05:04:20 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009/07/14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >

cosinus 05.01.2012 10:35
Hm, Toolbars seh ich keine, die ich als erstes in Verdacht hatte. Bleiben noch diese Verdächtigen:

- PDF Complete (wohl eher nicht, brauchst das noch?)
- EasyBits Software (brauchste das auch?)
- WildTangent Games (war wohl von HP vorinstalliert, ich bruach solche Spiele wirklich nicht :D)
- Facebookupdate :wtf:

Zitat:
PRC - [2010/09/28 16:09:28 | 001,119,768 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)

PRC - [2010/04/23 20:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/23 20:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe

SRV - [2010/06/19 02:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)

O4 - HKCU..\Run: [Facebook Update] C:\Users\Blubb\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)

interaktion 05.01.2012 15:13
Zitat:
Zitat von cosinus (Beitrag 748071)
Hm, Toolbars seh ich keine, die ich als erstes in Verdacht hatte. Bleiben noch diese Verdächtigen:

- PDF Complete (wohl eher nicht, brauchst das noch?)
- EasyBits Software (brauchste das auch?)
- WildTangent Games (war wohl von HP vorinstalliert, ich bruach solche Spiele wirklich nicht :D)
- Facebookupdate :wtf:

Ja, dieses Facebookupdate kommt mir schon von Anfang an seltsam vor (ich hatte es in dem ersten OTL-Log schon entdeckt, glaube ich mich zu erinnern). Keine Ahnung, was das ist. Lass uns das mal entfernen!

PDF Complete: Keine Ahnung, was das ist. Ich dachte immer, das wäre so ein zusätzliches Ding, damit ich die Folien angucken kann, die ich für die Uni so brauche. Ach, lass es uns einfach ma entfernen. Ich merke dann ja, wenn ich etwas nicht mehr öffnen kann. ;)

Was aber auch sein kann, ist, dass das einfach mit meiner Microsoft Office Version mit drauf kam... Bin mir aber nicht sicher?


EasyBits Software: Was ist das? Keine Ahnung! Glaub nicht... Ist aber, denke ich, was von HP vorinstalliertes.

WildTangentGames: Spinnst du?! Das ist mein absolutes Lieblingsspiel, ich brauche das! :D Nein, kann weg ;)

cosinus 05.01.2012 15:57
Ja dann deinstallier erstmal diesen ganzen Schrott.
Beobachte mit Malwarebytes. Egal ob die IP von MBAM wieder geblockt wird oder nicht, neues OTL-CustomScan-Log erstellen und posten (mit CODE-Tags)

interaktion 05.01.2012 16:37
Facebook-Update: Fand unter "Programme und Funktionen" nur diesen Video-Installer (bei Facebook gibts ja rein theoretisch mittlerweile eine Webcam-Option, die aber nie funktioniert). Die hatte ich mal installiert. Habe sie deinstalliert.

Easybits: Die gesamte Software heißt "Easybits for Kids" und ist wohl von HP vorinstalliert. Ich fand zur Deinstallation nur eine, die "Magic Desktop" heißt, die habe ich entfernt. Der Rest ist noch da. *seufz

PDF Complete: Auch von HP vorinstalliert. Habe es entfernt.

WildtangentGames: Weg.

CCleaner drüber.

Log:

Code:
OTL logfile created on: 1/5/2012 4:20:35 PM - Run 4
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\Blubb\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5.87 Gb Total Physical Memory | 4.11 Gb Available Physical Memory | 70.11% Memory free
11.73 Gb Paging File | 9.83 Gb Available in Paging File | 83.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917.55 Gb Total Space | 731.29 Gb Free Space | 79.70% Space Free | Partition Type: NTFS
Drive D: | 13.87 Gb Total Space | 1.68 Gb Free Space | 12.10% Space Free | Partition Type: NTFS
Drive E: | 677.69 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: BLUBB-NEU | User Name: Blubb | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/12/23 03:23:49 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Blubb\Desktop\OTL.exe
PRC - [2011/10/09 16:02:22 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe
PRC - [2011/10/09 11:54:58 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/04/23 20:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/23 20:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/02 10:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2010/03/04 04:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/04 04:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/10/01 05:02:50 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/10/01 05:02:48 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2008/11/20 18:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011/12/29 19:46:50 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll
MOD - [2011/10/13 08:06:52 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\3c8f9ba115087754b5b1d8394fc818ba\IAStorUtil.ni.dll
MOD - [2011/10/13 08:01:16 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/10/13 08:01:11 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/10/13 08:01:02 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011/10/13 08:00:58 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/10/13 08:00:56 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/10/13 08:00:55 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/13 08:00:52 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/04/06 04:54:22 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010/11/13 01:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011/08/12 00:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2011/05/19 05:37:01 | 000,409,672 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV)
SRV:64bit: - [2010/08/06 03:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/03/24 11:43:38 | 002,299,656 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe -- (VSSERV)
SRV:64bit: - [2010/03/12 15:42:40 | 000,393,728 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan)
SRV:64bit: - [2009/10/19 19:04:58 | 000,278,224 | ---- | M] (BitDefender S.R.L. hxxp://www.bitdefender.com) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe -- (Arrakis3)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/10/28 19:35:26 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/06/21 14:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/24 13:13:07 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/06/01 23:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/04 04:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009/10/01 05:02:50 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/10/01 05:02:48 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/10/28 19:35:28 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2011/07/22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS -- (SASDIFSV)
DRV:64bit: - [2011/07/12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS -- (SASKUTIL)
DRV:64bit: - [2011/05/19 05:37:12 | 000,089,680 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys -- (bdfwfpf)
DRV:64bit: - [2011/05/10 07:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/03 07:59:26 | 000,349,800 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/06/22 02:07:38 | 000,131,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/03/04 03:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/22 13:57:54 | 000,347,336 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV:64bit: - [2010/01/29 13:47:04 | 000,163,936 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\bdfm.sys -- (BDFM)
DRV:64bit: - [2009/09/17 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK/4
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
O1 HOSTS File: ([2011/12/29 17:19:31 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\IEToolbar.dll (BitDefender S.R.L.)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\Antispam32\IEToolbar.dll (BitDefender S.R.L.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe (BitDefender S.R.L.)
O4:64bit: - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe (BitDefender S.R.L.)
O4:64bit: - HKLM..\Run: [BitDefender Antiphishing Helper 32] C:\Program Files\BitDefender\BitDefender 2010\Antispam32\IEShow.exe (BitDefender S.R.L.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [Corel Photo Downloader] C:\Program Files (x86)\Corel\Corel Snapfire\Corel Photo Downloader.exe (Corel, Inc.)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe File not found
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKCU..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Blubb\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B863EC08-5BA9-4F6F-A3E8-A201DB2FFA90}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FED421C8-E781-4DF8-8530-40B09201897C}: DhcpNameServer = 10.111.81.129 10.129.32.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/22 16:17:27 | 000,000,175 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
 
SafeBootMin:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker 2.6
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/01/05 16:08:07 | 000,000,000 | ---D | C] -- C:\ProgramData\PDFC
[2012/01/03 23:00:46 | 000,000,000 | ---D | C] -- C:\Users\Blubb\Documents\FILSHtray
[2012/01/03 23:00:46 | 000,000,000 | ---D | C] -- C:\Users\Blubb\AppData\Local\FILSH_Media_GmbH
[2011/12/29 23:04:21 | 004,702,720 | ---- | C] (AVAST Software) -- C:\Users\Blubb\Desktop\aswMBR.exe
[2011/12/29 17:19:32 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/12/29 17:12:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/29 17:12:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/29 17:12:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/29 17:12:30 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/29 17:12:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/29 17:10:42 | 004,356,248 | R--- | C] (Swearware) -- C:\Users\Blubb\Desktop\ComboFix.exe
[2011/12/29 14:26:33 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Blubb\Desktop\tdsskiller.exe
[2011/12/29 01:33:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/28 19:55:38 | 000,000,000 | ---D | C] -- C:\Users\Blubb\AppData\Roaming\SUPERAntiSpyware.com
[2011/12/28 19:55:21 | 000,000,000 | ---D | C] -- C:\Users\Blubb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/12/28 19:55:16 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/12/28 19:55:16 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/12/28 16:25:39 | 000,069,376 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2011/12/28 16:25:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011/12/28 16:25:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2011/12/27 02:18:45 | 000,000,000 | ---D | C] -- C:\Users\Blubb\AppData\Local\WMTools Downloaded Files
[2011/12/27 01:43:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011/12/27 01:43:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/12/27 01:40:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2011/12/27 01:40:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2011/12/27 01:40:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2011/12/27 01:39:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/12/27 01:39:43 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011/12/27 00:51:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Movie Maker 2.6
[2011/12/27 00:47:10 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011/12/26 23:11:00 | 000,000,000 | ---D | C] -- C:\Windows\de
[2011/12/26 23:09:54 | 000,000,000 | ---D | C] -- C:\Windows\en
[2011/12/26 23:07:01 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2011/12/26 23:03:33 | 000,000,000 | ---D | C] -- C:\Users\Blubb\AppData\Local\Windows Live
[2011/12/23 20:38:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/12/23 15:23:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/23 15:23:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/12/23 03:23:39 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Blubb\Desktop\OTL.exe
[2011/12/12 17:15:41 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJScan
[2011/12/12 17:15:40 | 000,000,000 | ---D | C] -- C:\Users\Blubb\AppData\Roaming\Canon
[2011/12/08 21:31:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/12/08 21:31:27 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2011/12/08 21:15:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
 
========== Files - Modified Within 30 Days ==========
 
[2012/01/05 14:18:54 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/05 14:18:54 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/05 14:15:52 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/05 14:15:52 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012/01/05 14:15:52 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/05 14:15:52 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012/01/05 14:15:52 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/05 14:11:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/05 14:10:59 | 429,191,167 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/05 02:28:37 | 000,000,052 | ---- | M] () -- C:\Windows\SysNative\ashttpstats.csv
[2012/01/05 02:04:02 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBLUBB-NEU$.job
[2012/01/05 01:32:05 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3701193968-2768520944-2608497257-1000UA.job
[2012/01/04 22:32:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3701193968-2768520944-2608497257-1000Core.job
[2012/01/04 17:21:11 | 000,337,577 | ---- | M] () -- C:\Users\Blubb\Desktop\Image2.jpg
[2012/01/04 17:09:22 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012/01/04 17:09:22 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012/01/02 23:49:45 | 000,071,108 | ---- | M] () -- C:\Users\Blubb\Desktop\471006d9-52111194.jpg
[2012/01/02 23:30:16 | 002,158,588 | ---- | M] () -- C:\Users\Blubb\Desktop\IMG_0451.JPG
[2012/01/02 17:30:41 | 000,001,207 | ---- | M] () -- C:\Users\Blubb\Desktop\cmd.lnk
[2012/01/02 16:17:54 | 000,086,480 | ---- | M] () -- C:\Users\Blubb\Desktop\Image1.jpg
[2012/01/01 22:07:29 | 000,001,854 | ---- | M] () -- C:\Users\Blubb\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/12/30 20:02:49 | 000,013,579 | ---- | M] () -- C:\Users\Blubb\Desktop\term.odt
[2011/12/30 17:51:14 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBlubb.job
[2011/12/29 23:04:28 | 004,702,720 | ---- | M] (AVAST Software) -- C:\Users\Blubb\Desktop\aswMBR.exe
[2011/12/29 19:45:39 | 001,589,442 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/12/29 17:19:31 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/12/29 17:11:02 | 004,356,248 | R--- | M] (Swearware) -- C:\Users\Blubb\Desktop\ComboFix.exe
[2011/12/29 14:26:38 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Blubb\Desktop\tdsskiller.exe
[2011/12/28 20:53:35 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/28 16:28:52 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/12/28 16:28:51 | 000,016,432 | ---- | M] () -- C:\Windows\SysNative\lsdelete.exe
[2011/12/28 16:25:40 | 000,001,062 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/12/27 14:08:34 | 002,350,352 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/27 02:10:39 | 000,003,584 | ---- | M] () -- C:\Users\Blubb\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/27 00:50:11 | 000,003,029 | ---- | M] () -- C:\Users\Blubb\Desktop\Microsoft Word 2010.lnk
[2011/12/27 00:50:08 | 000,003,231 | ---- | M] () -- C:\Users\Blubb\Desktop\Microsoft Outlook 2010.lnk
[2011/12/23 03:23:49 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Blubb\Desktop\OTL.exe
[2011/12/23 03:11:49 | 000,000,000 | ---- | M] () -- C:\Users\Blubb\defogger_reenable
[2011/12/20 13:29:13 | 002,008,352 | ---- | M] () -- C:\Users\Blubb\Desktop\IMG_0448.JPG
[2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/12/08 21:31:28 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/12/08 10:57:08 | 154,528,034 | ---- | M] () -- C:\Users\Blubb\Desktop\Oberstdorf-11-2011.wmv
 
========== Files Created - No Company Name ==========
 
[2012/01/04 17:21:10 | 000,337,577 | ---- | C] () -- C:\Users\Blubb\Desktop\Image2.jpg
[2012/01/02 23:55:12 | 000,071,108 | ---- | C] () -- C:\Users\Blubb\Desktop\471006d9-52111194.jpg
[2012/01/02 23:29:50 | 002,158,588 | ---- | C] () -- C:\Users\Blubb\Desktop\IMG_0451.JPG
[2012/01/02 17:30:36 | 000,001,207 | ---- | C] () -- C:\Users\Blubb\Desktop\cmd.lnk
[2012/01/01 22:07:19 | 000,086,480 | ---- | C] () -- C:\Users\Blubb\Desktop\Image1.jpg
[2011/12/30 20:02:46 | 000,013,579 | ---- | C] () -- C:\Users\Blubb\Desktop\term.odt
[2011/12/29 17:12:35 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/29 17:12:35 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/29 17:12:35 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/29 17:12:35 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/29 17:12:35 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/28 20:53:35 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/28 19:55:21 | 000,001,854 | ---- | C] () -- C:\Users\Blubb\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/12/28 19:04:05 | 000,016,432 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe
[2011/12/28 16:25:40 | 000,001,062 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/12/27 02:10:39 | 000,003,584 | ---- | C] () -- C:\Users\Blubb\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/27 00:51:13 | 000,002,507 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker 2.6.lnk
[2011/12/27 00:50:11 | 000,003,029 | ---- | C] () -- C:\Users\Blubb\Desktop\Microsoft Word 2010.lnk
[2011/12/27 00:50:08 | 000,003,231 | ---- | C] () -- C:\Users\Blubb\Desktop\Microsoft Outlook 2010.lnk
[2011/12/26 23:01:36 | 154,528,034 | ---- | C] () -- C:\Users\Blubb\Desktop\Oberstdorf-11-2011.wmv
[2011/12/23 03:11:49 | 000,000,000 | ---- | C] () -- C:\Users\Blubb\defogger_reenable
[2011/12/20 13:30:58 | 002,008,352 | ---- | C] () -- C:\Users\Blubb\Desktop\IMG_0448.JPG
[2011/12/08 21:31:28 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/08/17 17:21:54 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2011/08/17 17:21:48 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2011/07/08 20:28:06 | 000,000,020 | ---- | C] () -- C:\Windows\mafosav.INI
[2011/06/10 14:25:13 | 000,001,854 | ---- | C] () -- C:\Users\Blubb\AppData\Roaming\GhostObjGAFix.xml
[2011/05/29 03:43:33 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/05/29 03:43:33 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/04/22 16:27:42 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/04/21 16:42:01 | 000,000,121 | ---- | C] () -- C:\Windows\bdagent.INI
[2011/04/21 15:57:48 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/04/06 04:32:35 | 000,009,988 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2010/09/21 18:30:44 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2011/04/23 20:45:59 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Amazon
[2011/05/18 20:02:10 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\BitDefender
[2011/12/30 20:01:43 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Canon
[2011/12/07 21:31:54 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Dropbox
[2011/10/06 02:02:19 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\FreeHideIP
[2012/01/05 16:20:25 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\ICQ
[2011/10/21 21:48:38 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Origin
[2011/04/21 16:06:39 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\PictureMover
[2011/07/08 20:15:32 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Systweak
[2011/10/21 14:02:15 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\WinBatch
[2012/01/04 22:32:00 | 000,000,906 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3701193968-2768520944-2608497257-1000Core.job
[2012/01/05 01:32:05 | 000,000,928 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3701193968-2768520944-2608497257-1000UA.job
[2011/12/05 21:24:48 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011/09/30 13:20:57 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Adobe
[2011/04/23 20:45:59 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Amazon
[2011/07/25 21:35:33 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Apple Computer
[2011/05/18 20:02:10 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\BitDefender
[2011/08/17 17:22:56 | 000,000,000 | R--D | M] -- C:\Users\Blubb\AppData\Roaming\Brother
[2011/12/30 20:01:43 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Canon
[2012/01/04 17:21:11 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Corel
[2011/05/14 19:15:17 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\CyberLink
[2011/12/07 21:31:54 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Dropbox
[2011/10/06 02:02:19 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\FreeHideIP
[2011/10/21 13:57:31 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Hewlett-Packard
[2011/12/30 14:16:55 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\HP Support Assistant
[2011/10/21 14:04:11 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\hpqLog
[2011/12/30 14:16:55 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\HpUpdate
[2012/01/05 16:20:25 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\ICQ
[2011/04/21 16:05:24 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Identities
[2011/08/17 17:21:00 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\InstallShield
[2011/04/21 16:05:39 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Intel Corporation
[2011/04/06 04:37:02 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Macromedia
[2011/05/30 02:30:16 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Malwarebytes
[2009/07/14 08:44:38 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Media Center Programs
[2012/01/05 16:08:05 | 000,000,000 | --SD | M] -- C:\Users\Blubb\AppData\Roaming\Microsoft
[2011/05/27 15:30:06 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Mozilla
[2011/10/21 21:48:38 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Origin
[2011/04/21 16:06:39 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\PictureMover
[2012/01/03 15:21:03 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Skype
[2011/12/28 19:55:38 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\SUPERAntiSpyware.com
[2011/07/08 20:15:32 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Systweak
[2011/10/21 14:02:15 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\WinBatch
[2011/04/22 15:46:12 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2011/04/21 18:14:13 | 000,010,134 | R--- | M] () -- C:\Users\Blubb\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20776_none_39c28c74544f69e8\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache86\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\ERDNT\cache64\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2009/06/25 15:06:52 | 000,001,024 | ---- | M] () MD5=231CD46A29C26A58BDE1C7146B702399 -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\lib\eventlog.dll
[2008/06/06 22:03:52 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll
 
< MD5 for: IASTOR.SYS  >
[2010/03/04 03:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\swsetup\DRV\Storage\Intel\RST\9.6\x64\iaStor.sys
[2010/03/04 03:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\Windows\SysNative\drivers\iaStor.sys
[2010/03/04 03:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_78ebae21a80aa2b4\iaStor.sys
[2010/03/04 03:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_d73865c94450cce1\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010/11/20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/04/06 05:08:57 | 000,410,504 | ---- | M] (Intel Corporation) MD5=513DC087CFED7D2BB82F005385D3531F -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16592_none_0af87721a183cb70\iaStorV.sys
[2011/03/11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
[2011/04/06 05:08:57 | 000,410,496 | ---- | M] (Intel Corporation) MD5=E353CF970C5D4D6A092911E15FB78C07 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20712_none_0bd89532ba6088d9\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009/07/14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\ERDNT\cache64\netlogon.dll
[2010/11/20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010/11/20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\ERDNT\cache86\netlogon.dll
[2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011/04/06 05:08:57 | 000,166,280 | ---- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_95c1e7d0d8ba7548\nvstor.sys
[2009/07/14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011/04/06 05:08:57 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=CE76755AF933E728CEBA6C7A970838A4 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_96a205e1f19732b1\nvstor.sys
[2011/03/11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\ERDNT\cache86\scecli.dll
[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\ERDNT\cache64\scecli.dll
[2010/11/20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010/11/20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010/11/20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\ERDNT\cache86\user32.dll
[2010/11/20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010/11/20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009/07/14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010/11/20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\ERDNT\cache64\user32.dll
[2010/11/20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010/11/20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe
[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\ERDNT\cache64\wininit.exe
[2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache86\wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2011/04/06 05:04:20 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2011/04/06 05:04:20 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009/07/14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >
Wird immer noch geblockt :(...

cosinus 05.01.2012 16:47
Easybits und Facebookupdate ist aber noch im Log zu sehen...

interaktion 05.01.2012 17:28
Ich weiß nicht, wie ich es noch entfernen soll.... :(

Help me!

cosinus 05.01.2012 21:15
Ist ja schon gut, ich dachte du hast es vergessen oder übersehen :rofl:


Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
:OTL
PRC - [2010/04/23 20:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/23 20:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPDSK/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPDSK/4
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKCU..\Run: [Facebook Update] C:\Users\Blubb\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
:Files
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Users\Blubb\AppData\Local\Facebook
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

interaktion 05.01.2012 22:54
Hier:

Code:
All processes killed
========== OTL ==========
Process ezSharedSvcHost.exe killed successfully!
No active process named ezSharedSvcHost.exe was found!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook Update not found.
File C:\Users\Blubb\AppData\Local\Facebook\Update\FacebookUpdate.exe not found.
========== FILES ==========
C:\Windows\SysWOW64\ezSharedSvcHost.exe moved successfully.
C:\Users\Blubb\AppData\Local\Facebook\Video\Common\fb#3aac6r0lhhjbdq30hyhf4yngpa8_y_1fl4v_hjekp3qhnbudtpjglk4ja33b_9rpftsme folder moved successfully.
C:\Users\Blubb\AppData\Local\Facebook\Video\Common folder moved successfully.
C:\Users\Blubb\AppData\Local\Facebook\Video folder moved successfully.
C:\Users\Blubb\AppData\Local\Facebook\CrashReports folder moved successfully.
C:\Users\Blubb\AppData\Local\Facebook folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Blubb
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 147450331 bytes
->Java cache emptied: 59774 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 2524 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7046 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 325 bytes
 
Total Files Cleaned = 141.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 01052012_224720

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
Mein PC heißt wirklich "Blubb" :D

Wird immer noch die IP geblockt :(...

cosinus 05.01.2012 23:05
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

interaktion 06.01.2012 19:36
Code:
OTL logfile created on: 1/6/2012 7:09:33 PM - Run 5
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\Blubb\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5.87 Gb Total Physical Memory | 4.12 Gb Available Physical Memory | 70.29% Memory free
11.73 Gb Paging File | 9.91 Gb Available in Paging File | 84.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917.55 Gb Total Space | 729.36 Gb Free Space | 79.49% Space Free | Partition Type: NTFS
Drive D: | 13.87 Gb Total Space | 1.68 Gb Free Space | 12.10% Space Free | Partition Type: NTFS
Drive E: | 677.69 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: BLUBB-NEU | User Name: Blubb | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/12/23 03:23:49 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Blubb\Desktop\OTL.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/04/02 10:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2010/03/04 04:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/04 04:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/10/01 05:02:50 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/10/01 05:02:48 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2008/11/20 18:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011/12/29 19:46:50 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll
MOD - [2011/10/13 08:06:52 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\3c8f9ba115087754b5b1d8394fc818ba\IAStorUtil.ni.dll
MOD - [2011/10/13 08:01:16 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/10/13 08:01:11 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/10/13 08:01:02 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011/10/13 08:00:58 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/10/13 08:00:56 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/10/13 08:00:55 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/13 08:00:52 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/13 01:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011/08/12 00:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2011/05/19 05:37:01 | 000,409,672 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV)
SRV:64bit: - [2010/08/06 03:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/03/24 11:43:38 | 002,299,656 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe -- (VSSERV)
SRV:64bit: - [2010/03/12 15:42:40 | 000,393,728 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan)
SRV:64bit: - [2009/10/19 19:04:58 | 000,278,224 | ---- | M] (BitDefender S.R.L. hxxp://www.bitdefender.com) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe -- (Arrakis3)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/10/28 19:35:26 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/06/21 14:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/24 13:13:07 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/06/01 23:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/04 04:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009/10/01 05:02:50 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/10/01 05:02:48 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/10/28 19:35:28 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2011/07/22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS -- (SASDIFSV)
DRV:64bit: - [2011/07/12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS -- (SASKUTIL)
DRV:64bit: - [2011/05/19 05:37:12 | 000,089,680 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys -- (bdfwfpf)
DRV:64bit: - [2011/05/10 07:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/03 07:59:26 | 000,349,800 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/06/22 02:07:38 | 000,131,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/03/04 03:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/22 13:57:54 | 000,347,336 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV:64bit: - [2010/01/29 13:47:04 | 000,163,936 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\bdfm.sys -- (BDFM)
DRV:64bit: - [2009/09/17 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
O1 HOSTS File: ([2012/01/05 22:48:01 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1      localhost
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\IEToolbar.dll (BitDefender S.R.L.)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\Antispam32\IEToolbar.dll (BitDefender S.R.L.)
O4:64bit: - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe (BitDefender S.R.L.)
O4:64bit: - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe (BitDefender S.R.L.)
O4:64bit: - HKLM..\Run: [BitDefender Antiphishing Helper 32] C:\Program Files\BitDefender\BitDefender 2010\Antispam32\IEShow.exe (BitDefender S.R.L.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [Corel Photo Downloader] C:\Program Files (x86)\Corel\Corel Snapfire\Corel Photo Downloader.exe (Corel, Inc.)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe File not found
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKCU..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B863EC08-5BA9-4F6F-A3E8-A201DB2FFA90}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FED421C8-E781-4DF8-8530-40B09201897C}: DhcpNameServer = 10.111.81.129 10.129.32.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/22 16:17:27 | 000,000,175 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
 
SafeBootMin:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker 2.6
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/01/05 16:08:07 | 000,000,000 | ---D | C] -- C:\ProgramData\PDFC
[2012/01/03 23:00:46 | 000,000,000 | ---D | C] -- C:\Users\Blubb\Documents\FILSHtray
[2012/01/03 23:00:46 | 000,000,000 | ---D | C] -- C:\Users\Blubb\AppData\Local\FILSH_Media_GmbH
[2011/12/29 23:04:21 | 004,702,720 | ---- | C] (AVAST Software) -- C:\Users\Blubb\Desktop\aswMBR.exe
[2011/12/29 17:19:32 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/12/29 17:12:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/29 17:12:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/29 17:12:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/29 17:12:30 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/29 17:12:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/29 17:10:42 | 004,356,248 | R--- | C] (Swearware) -- C:\Users\Blubb\Desktop\ComboFix.exe
[2011/12/29 14:26:33 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Blubb\Desktop\tdsskiller.exe
[2011/12/29 01:33:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/28 19:55:38 | 000,000,000 | ---D | C] -- C:\Users\Blubb\AppData\Roaming\SUPERAntiSpyware.com
[2011/12/28 19:55:21 | 000,000,000 | ---D | C] -- C:\Users\Blubb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/12/28 19:55:16 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/12/28 19:55:16 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/12/28 16:25:39 | 000,069,376 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2011/12/28 16:25:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011/12/28 16:25:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2011/12/27 02:18:45 | 000,000,000 | ---D | C] -- C:\Users\Blubb\AppData\Local\WMTools Downloaded Files
[2011/12/27 01:43:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011/12/27 01:43:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/12/27 01:40:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2011/12/27 01:40:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2011/12/27 01:40:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2011/12/27 01:39:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/12/27 01:39:43 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011/12/27 00:51:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Movie Maker 2.6
[2011/12/27 00:47:10 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011/12/26 23:11:00 | 000,000,000 | ---D | C] -- C:\Windows\de
[2011/12/26 23:09:54 | 000,000,000 | ---D | C] -- C:\Windows\en
[2011/12/26 23:07:01 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2011/12/26 23:03:33 | 000,000,000 | ---D | C] -- C:\Users\Blubb\AppData\Local\Windows Live
[2011/12/23 20:38:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/12/23 15:23:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/23 15:23:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/12/23 03:23:39 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Blubb\Desktop\OTL.exe
[2011/12/12 17:15:41 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJScan
[2011/12/12 17:15:40 | 000,000,000 | ---D | C] -- C:\Users\Blubb\AppData\Roaming\Canon
[2011/12/08 21:31:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/12/08 21:31:27 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2011/12/08 21:15:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
 
========== Files - Modified Within 30 Days ==========
 
[2012/01/06 14:42:01 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/06 14:42:01 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/06 14:38:58 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/06 14:38:58 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012/01/06 14:38:58 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/06 14:38:58 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012/01/06 14:38:58 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/06 14:34:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/06 14:34:33 | 429,191,167 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/06 05:50:01 | 000,000,052 | ---- | M] () -- C:\Windows\SysNative\ashttpstats.csv
[2012/01/05 22:48:01 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/01/05 02:04:02 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBLUBB-NEU$.job
[2012/01/04 17:21:11 | 000,337,577 | ---- | M] () -- C:\Users\Blubb\Desktop\Image2.jpg
[2012/01/04 17:09:22 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012/01/04 17:09:22 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012/01/02 23:49:45 | 000,071,108 | ---- | M] () -- C:\Users\Blubb\Desktop\471006d9-52111194.jpg
[2012/01/02 23:30:16 | 002,158,588 | ---- | M] () -- C:\Users\Blubb\Desktop\IMG_0451.JPG
[2012/01/02 17:30:41 | 000,001,207 | ---- | M] () -- C:\Users\Blubb\Desktop\cmd.lnk
[2012/01/02 16:17:54 | 000,086,480 | ---- | M] () -- C:\Users\Blubb\Desktop\Image1.jpg
[2012/01/01 22:07:29 | 000,001,854 | ---- | M] () -- C:\Users\Blubb\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/12/30 20:02:49 | 000,013,579 | ---- | M] () -- C:\Users\Blubb\Desktop\term.odt
[2011/12/30 17:51:14 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBlubb.job
[2011/12/29 23:04:28 | 004,702,720 | ---- | M] (AVAST Software) -- C:\Users\Blubb\Desktop\aswMBR.exe
[2011/12/29 19:45:39 | 001,589,442 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/12/29 17:11:02 | 004,356,248 | R--- | M] (Swearware) -- C:\Users\Blubb\Desktop\ComboFix.exe
[2011/12/29 14:26:38 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Blubb\Desktop\tdsskiller.exe
[2011/12/28 20:53:35 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/28 16:28:52 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/12/28 16:28:51 | 000,016,432 | ---- | M] () -- C:\Windows\SysNative\lsdelete.exe
[2011/12/28 16:25:40 | 000,001,062 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/12/27 14:08:34 | 002,350,352 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/27 02:10:39 | 000,003,584 | ---- | M] () -- C:\Users\Blubb\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/27 00:50:11 | 000,003,029 | ---- | M] () -- C:\Users\Blubb\Desktop\Microsoft Word 2010.lnk
[2011/12/27 00:50:08 | 000,003,231 | ---- | M] () -- C:\Users\Blubb\Desktop\Microsoft Outlook 2010.lnk
[2011/12/23 03:23:49 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Blubb\Desktop\OTL.exe
[2011/12/23 03:11:49 | 000,000,000 | ---- | M] () -- C:\Users\Blubb\defogger_reenable
[2011/12/20 13:29:13 | 002,008,352 | ---- | M] () -- C:\Users\Blubb\Desktop\IMG_0448.JPG
[2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/12/08 21:31:28 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/12/08 10:57:08 | 154,528,034 | ---- | M] () -- C:\Users\Blubb\Desktop\Oberstdorf-11-2011.wmv
 
========== Files Created - No Company Name ==========
 
[2012/01/04 17:21:10 | 000,337,577 | ---- | C] () -- C:\Users\Blubb\Desktop\Image2.jpg
[2012/01/02 23:55:12 | 000,071,108 | ---- | C] () -- C:\Users\Blubb\Desktop\471006d9-52111194.jpg
[2012/01/02 23:29:50 | 002,158,588 | ---- | C] () -- C:\Users\Blubb\Desktop\IMG_0451.JPG
[2012/01/02 17:30:36 | 000,001,207 | ---- | C] () -- C:\Users\Blubb\Desktop\cmd.lnk
[2012/01/01 22:07:19 | 000,086,480 | ---- | C] () -- C:\Users\Blubb\Desktop\Image1.jpg
[2011/12/30 20:02:46 | 000,013,579 | ---- | C] () -- C:\Users\Blubb\Desktop\term.odt
[2011/12/29 17:12:35 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/29 17:12:35 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/29 17:12:35 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/29 17:12:35 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/29 17:12:35 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/28 20:53:35 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/28 19:55:21 | 000,001,854 | ---- | C] () -- C:\Users\Blubb\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/12/28 19:04:05 | 000,016,432 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe
[2011/12/28 16:25:40 | 000,001,062 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/12/27 02:10:39 | 000,003,584 | ---- | C] () -- C:\Users\Blubb\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/27 00:51:13 | 000,002,507 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker 2.6.lnk
[2011/12/27 00:50:11 | 000,003,029 | ---- | C] () -- C:\Users\Blubb\Desktop\Microsoft Word 2010.lnk
[2011/12/27 00:50:08 | 000,003,231 | ---- | C] () -- C:\Users\Blubb\Desktop\Microsoft Outlook 2010.lnk
[2011/12/26 23:01:36 | 154,528,034 | ---- | C] () -- C:\Users\Blubb\Desktop\Oberstdorf-11-2011.wmv
[2011/12/23 03:11:49 | 000,000,000 | ---- | C] () -- C:\Users\Blubb\defogger_reenable
[2011/12/20 13:30:58 | 002,008,352 | ---- | C] () -- C:\Users\Blubb\Desktop\IMG_0448.JPG
[2011/12/08 21:31:28 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/08/17 17:21:54 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2011/08/17 17:21:48 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2011/07/08 20:28:06 | 000,000,020 | ---- | C] () -- C:\Windows\mafosav.INI
[2011/06/10 14:25:13 | 000,001,854 | ---- | C] () -- C:\Users\Blubb\AppData\Roaming\GhostObjGAFix.xml
[2011/05/29 03:43:33 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/05/29 03:43:33 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/04/22 16:27:42 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/04/21 16:42:01 | 000,000,121 | ---- | C] () -- C:\Windows\bdagent.INI
[2011/04/21 15:57:48 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/04/06 04:32:35 | 000,009,988 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2010/09/21 18:30:44 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2011/04/23 20:45:59 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Amazon
[2011/05/18 20:02:10 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\BitDefender
[2011/12/30 20:01:43 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Canon
[2011/12/07 21:31:54 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Dropbox
[2011/10/06 02:02:19 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\FreeHideIP
[2012/01/06 19:09:07 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\ICQ
[2011/10/21 21:48:38 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Origin
[2011/04/21 16:06:39 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\PictureMover
[2011/07/08 20:15:32 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Systweak
[2011/10/21 14:02:15 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\WinBatch
[2011/12/05 21:24:48 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011/09/30 13:20:57 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Adobe
[2011/04/23 20:45:59 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Amazon
[2011/07/25 21:35:33 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Apple Computer
[2011/05/18 20:02:10 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\BitDefender
[2011/08/17 17:22:56 | 000,000,000 | R--D | M] -- C:\Users\Blubb\AppData\Roaming\Brother
[2011/12/30 20:01:43 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Canon
[2012/01/04 17:21:11 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Corel
[2011/05/14 19:15:17 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\CyberLink
[2011/12/07 21:31:54 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Dropbox
[2011/10/06 02:02:19 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\FreeHideIP
[2011/10/21 13:57:31 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Hewlett-Packard
[2011/12/30 14:16:55 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\HP Support Assistant
[2011/10/21 14:04:11 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\hpqLog
[2011/12/30 14:16:55 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\HpUpdate
[2012/01/06 19:09:07 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\ICQ
[2011/04/21 16:05:24 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Identities
[2011/08/17 17:21:00 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\InstallShield
[2011/04/21 16:05:39 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Intel Corporation
[2011/04/06 04:37:02 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Macromedia
[2011/05/30 02:30:16 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Malwarebytes
[2009/07/14 08:44:38 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Media Center Programs
[2012/01/05 16:08:05 | 000,000,000 | --SD | M] -- C:\Users\Blubb\AppData\Roaming\Microsoft
[2011/05/27 15:30:06 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Mozilla
[2011/10/21 21:48:38 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Origin
[2011/04/21 16:06:39 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\PictureMover
[2012/01/06 19:09:32 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Skype
[2011/12/28 19:55:38 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\SUPERAntiSpyware.com
[2011/07/08 20:15:32 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Systweak
[2011/10/21 14:02:15 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\WinBatch
[2011/04/22 15:46:12 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2011/04/21 18:14:13 | 000,010,134 | R--- | M] () -- C:\Users\Blubb\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20776_none_39c28c74544f69e8\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache86\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\ERDNT\cache64\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2009/06/25 15:06:52 | 000,001,024 | ---- | M] () MD5=231CD46A29C26A58BDE1C7146B702399 -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\lib\eventlog.dll
[2008/06/06 22:03:52 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll
 
< MD5 for: IASTOR.SYS  >
[2010/03/04 03:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\swsetup\DRV\Storage\Intel\RST\9.6\x64\iaStor.sys
[2010/03/04 03:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\Windows\SysNative\drivers\iaStor.sys
[2010/03/04 03:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_78ebae21a80aa2b4\iaStor.sys
[2010/03/04 03:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_d73865c94450cce1\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010/11/20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/04/06 05:08:57 | 000,410,504 | ---- | M] (Intel Corporation) MD5=513DC087CFED7D2BB82F005385D3531F -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16592_none_0af87721a183cb70\iaStorV.sys
[2011/03/11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
[2011/04/06 05:08:57 | 000,410,496 | ---- | M] (Intel Corporation) MD5=E353CF970C5D4D6A092911E15FB78C07 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20712_none_0bd89532ba6088d9\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009/07/14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\ERDNT\cache64\netlogon.dll
[2010/11/20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010/11/20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\ERDNT\cache86\netlogon.dll
[2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011/04/06 05:08:57 | 000,166,280 | ---- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_95c1e7d0d8ba7548\nvstor.sys
[2009/07/14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011/04/06 05:08:57 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=CE76755AF933E728CEBA6C7A970838A4 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_96a205e1f19732b1\nvstor.sys
[2011/03/11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\ERDNT\cache86\scecli.dll
[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\ERDNT\cache64\scecli.dll
[2010/11/20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010/11/20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010/11/20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\ERDNT\cache86\user32.dll
[2010/11/20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010/11/20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009/07/14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010/11/20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\ERDNT\cache64\user32.dll
[2010/11/20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010/11/20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe
[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\ERDNT\cache64\wininit.exe
[2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache86\wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2011/04/06 05:04:20 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2011/04/06 05:04:20 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009/07/14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >

cosinus 06.01.2012 19:48
Blockt Malwarebytes immer noch?

interaktion 06.01.2012 20:36
Ja :( Immer noch :(

cosinus 06.01.2012 21:07
Hm, keine Ahnung welches Programm das verursacht :(

interaktion 06.01.2012 21:10
Zitat:
Zitat von cosinus (Beitrag 749583)
Hm, keine Ahnung welches Programm das verursacht :(
Und nu? :(

:party: ?

cosinus 06.01.2012 21:21
Naja, man könnte die IP "sperren" aber das ist ja auch nur Symptombekämpfung.
Und außerdem blockiert MBAM die ja bereits.

Man müsste irgendwie mal rausfinden was genau da diese IP ansteuert. Da es immer svchost.exe ist die darauf will müsstest du mal mit dem Svchost Process Analyzer - a svchost.exe file checker ran und dein Glück probieren. Eine Anleitung dazu kann ich jetzt aber nicht posten

interaktion 06.01.2012 21:57
Warum gibts da keinen Log? Warum kann ich keine Bilder einstellen? :( Och mann. Ich finde da doch NIE etwas...

Malwarebytes wird die IP in einigen Tagen nicht mehr blocken. Dann ist nämlich die Testversion abgelaufen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 19:54 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131