Trojaner-Board - Computer - langsames Hochfahren

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Computer - langsames Hochfahren (https://www.trojaner-board.de/111271-computer-langsames-hochfahren.html)

Computer - langsames Hochfahren

Seit einiger Zeit fällt mir auf, dass mein PC länger braucht beim Hochfahren als früher. Es hat mich bisher nicht gar so gestört, weil ich ihn meistens nur in den Ruheszustand schicke.
Ich habe nach eurer Board-Anweisung mit defogger, dds, und gmer gescannt. Die Logs befinden sich im Anhang. Bitte schaut euch die bitte mal an, ob da wirklich was dabei ist was mein pc bremst.
Hinweis: Den Button aus dem Hinweisfenster defogger "Re-enable" habe ich noch nicht gedrückt. Kann ich das jetzt machen?

Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

Hallo Arne,

Zunächst noch die offene Frage aus meinen Thread-Start:
Kann ich in dem noch offenen Fenster aus „defogger“ jetzt schon den „Re-enable-Button“ wieder drücken?

Hier die Logs aus Malwarebytes:

Code:

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org
 

Datenbank Version: 7435
 

Windows 6.1.7601 Service Pack 1

Internet Explorer 8.0.7601.17514
 

11.08.2011 17:40:57

mbam-log-2011-08-11 (17-40-57).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)

Durchsuchte Objekte: 287953

Laufzeit: 59 Minute(n), 30 Sekunde(n)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 0

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 0
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien:

(Keine bösartigen Objekte gefunden)

Code:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org
 

Datenbank Version: 8010
 

Windows 6.1.7601 Service Pack 1

Internet Explorer 8.0.7601.17514
 

24.10.2011 15:59:07

mbam-log-2011-10-24 (15-59-06).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|K:\|S:\|)

Durchsuchte Objekte: 313164

Laufzeit: 1 Stunde(n), 4 Minute(n), 5 Sekunde(n)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 0

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 0
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien:

(Keine bösartigen Objekte gefunden)

Code:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org
 

Datenbank Version: 8403
 

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421
 

20.12.2011 17:47:25

mbam-log-2011-12-20 (17-47-25).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|K:\|S:\|)

Durchsuchte Objekte: 334267

Laufzeit: 1 Stunde(n), 42 Minute(n), 18 Sekunde(n)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 0

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 0
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien:

(Keine bösartigen Objekte gefunden)

Code:

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org
 

Datenbank Version: v2012.02.03.07
 

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

Hubert :: HUBERT-PC [Administrator]
 

03.02.2012 17:20:05

mbam-log-2012-02-03 (17-20-05).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 359111

Laufzeit: 1 Stunde(n), 41 Minute(n), 48 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Code:

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org
 

Datenbank Version: v2012.03.15.02
 

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

Hubert :: HUBERT-PC [Administrator]
 

15.03.2012 12:06:57

mbam-log-2012-03-15 (12-06-57).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 343265

Laufzeit: 1 Stunde(n), 28 Minute(n), 57 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Hier das Log von Esetsmartinstaller:

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6528

# api_version=3.0.2

# EOSSerial=af399aa4c93fd04cb0829d67a24ad3ab

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-07-13 02:23:20

# local_time=2011-07-13 04:23:20 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=512 16777215 100 0 15815221 15815221 0 0

# compatibility_mode=1797 16775165 100 94 2478 47097127 0 0

# compatibility_mode=5893 16776573 100 94 946523 62191462 0 0

# compatibility_mode=7937 16777213 100 100 866341 21912223 0 0

# compatibility_mode=8192 67108863 100 0 116 116 0 0

# scanned=159573

# found=0

# cleaned=0

# scan_time=6728

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=af399aa4c93fd04cb0829d67a24ad3ab

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-03-15 07:06:51

# local_time=2012-03-15 08:06:51 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1031

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=512 16777215 100 0 37084097 37084097 0 0

# compatibility_mode=1797 16775166 100 94 20577235 68366003 20138396 0

# compatibility_mode=5893 16776573 100 94 97365 83460338 0 0

# compatibility_mode=8192 67108863 100 0 21265392 21265392 0 0

# scanned=165257

# found=4

# cleaned=0

# scan_time=9263

C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll        Variante von Win32/Toolbar.SearchSuite Anwendung (Säubern nicht möglich)        00000000000000000000000000000000        I

K:\Hubert\Eigene Dokumente\PC - dies und das\Live Mail\eicar_com - Testvirus.zip        Eicar Testdatei (Säubern nicht möglich)        00000000000000000000000000000000        I

S:\Datensicherungen\SyncBack\Eigene Dokumente\Internet-downloads\SoftonicDownloader_fuer_kaspersky-tdsskiller.exe        Variante von Win32/SoftonicDownloader.A Anwendung (Säubern nicht möglich)        00000000000000000000000000000000        I

S:\Datensicherungen\SyncBack\Eigene Dokumente\PC - dies und das\Live Mail\eicar_com - Testvirus.zip        Eicar Testdatei (Säubern nicht möglich)        00000000000000000000000000000000        I

Gruß
Hubert

Zitat:

S:\Datensicherungen\SyncBack\Eigene Dokumente\Internet-downloads\SoftonicDownloader_fuer_kaspersky-tdsskiller.exe

Was hast du da schon mit dem TDSS-Killer angestellt?! Das Tool ist nicht mal eben so da um alle von ihm gefundenen Objekte zu löschen man muss schon genau wissen welche Funde man damit entfernt und welche man besser lässt!
Und warum hast du das bei dieser Toolbar und Adwareklitsche Softonic runtergeladen?! :balla:
Software lädt man sich bevorzugt direkt von der Herstellerseite oder notfalls von chip.de!

Den TDSS-Killer hatte ich nur einmal im Einsatz. Undzwar auf deine Veranlassung, als du mir letztes Jahr schon mal geholfen hast, meinen MBR wieder herzustellen! Seit dem steht er nur so rum.
Kann das etwa der Grund für das "langsame Hochfahren" sein?

Zitat:

Zunächst noch die offene Frage aus meinen Thread-Start:
Kann ich in dem noch offenen Fenster aus „defogger“ jetzt schon den „Re-enable-Button“ wieder drücken?

Und was soll ich damit machen?

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

OTL-log:

Code:

OTL logfile created on: 17.03.2012 17:20:24 - Run 2

OTL by OldTimer - Version 3.2.25.0     Folder = K:\Hubert\Eigene Dokumente\PC - dies und das\OTL

 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,93 Gb Total Physical Memory | 1,91 Gb Available Physical Memory | 65,16% Memory free

5,87 Gb Paging File | 4,50 Gb Available in Paging File | 76,69% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 270,01 Gb Total Space | 236,87 Gb Free Space | 87,73% Space Free | Partition Type: NTFS

Drive D: | 19,99 Gb Total Space | 9,52 Gb Free Space | 47,63% Space Free | Partition Type: NTFS

Drive F: | 111,79 Gb Total Space | 18,10 Gb Free Space | 16,19% Space Free | Partition Type: NTFS

Drive K: | 34,67 Gb Total Space | 29,61 Gb Free Space | 85,40% Space Free | Partition Type: NTFS

Drive S: | 139,99 Gb Total Space | 67,73 Gb Free Space | 48,38% Space Free | Partition Type: NTFS

 

Computer Name: HUBERT-PC | User Name: Hubert | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.03.11 15:06:08 | 000,050,477 | ---- | M] () -- K:\Hubert\Eigene Dokumente\PC - dies und das\Defogger\Defogger.exe

PRC - [2012.02.23 17:23:24 | 004,031,368 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe

PRC - [2012.02.23 17:23:21 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe

PRC - [2011.10.02 12:15:02 | 001,700,752 | ---- | M] (Bandoo Media, inc) -- C:\Programme\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe

PRC - [2011.08.19 15:47:03 | 000,580,096 | ---- | M] (OldTimer Tools) -- K:\Hubert\Eigene Dokumente\PC - dies und das\OTL\OTL.exe

PRC - [2011.06.24 05:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe

PRC - [2011.03.28 19:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE

PRC - [2011.03.28 19:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE

PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe

PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2010.09.22 12:03:38 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

PRC - [2010.06.04 17:59:08 | 000,533,808 | ---- | M] (Acronis) -- C:\Programme\Acronis\DriveMonitor\adm_tray.exe

PRC - [2010.06.04 17:57:46 | 003,427,312 | ---- | M] (Acronis) -- C:\Programme\Acronis\DriveMonitor\adm.exe

PRC - [2009.11.12 13:50:00 | 003,342,336 | ---- | M] (Sentelic Corporation) -- C:\Programme\FSP\FspUip.exe

PRC - [2009.10.31 05:48:40 | 000,661,072 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe

PRC - [2009.10.24 06:46:18 | 000,495,728 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe

PRC - [2009.10.24 06:46:18 | 000,225,382 | ---- | M] (IDT, Inc.) -- c:\Programme\IDT\WDM\stacsv.exe

PRC - [2009.08.19 15:42:56 | 000,192,000 | ---- | M] (Wistron) -- C:\Programme\Launch Manager\HotkeyApp.exe

PRC - [2009.08.05 16:08:40 | 000,413,696 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\WButton.exe

PRC - [2009.06.04 19:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe

PRC - [2009.06.04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe

PRC - [2009.03.04 09:27:42 | 000,113,152 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\WisLMSvc.exe

PRC - [2009.02.03 14:53:00 | 001,155,072 | ---- | M] (MAGIX AG) -- C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe

PRC - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe

PRC - [2001.11.12 14:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe

 

 
 ========== Modules (SafeList) ==========

 

MOD - [2012.02.23 17:23:20 | 000,210,080 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\snxhk.dll

MOD - [2011.08.19 15:47:03 | 000,580,096 | ---- | M] (OldTimer Tools) -- K:\Hubert\Eigene Dokumente\PC - dies und das\OTL\OTL.exe

MOD - [2010.11.20 12:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2012.02.23 17:23:21 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV - [2011.09.02 14:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) [Disabled | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)

SRV - [2011.07.08 07:54:50 | 002,428,968 | ---- | M] (mobile concepts GmbH) [Disabled | Stopped] -- C:\Programme\S.A.D\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc)

SRV - [2011.06.29 12:31:12 | 000,269,480 | ---- | M] (Avira GmbH) [Disabled | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011.04.27 11:24:38 | 000,136,360 | ---- | M] (Avira GmbH) [Disabled | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2011.03.10 17:02:32 | 000,435,008 | ---- | M] (TuneUp Software) [Disabled | Stopped] -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)

SRV - [2011.01.12 17:35:12 | 001,051,968 | ---- | M] (TuneUp Software) [Disabled | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)

SRV - [2011.01.12 17:32:10 | 000,030,016 | ---- | M] (TuneUp Software) [Disabled | Stopped] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)

SRV - [2010.12.21 13:04:30 | 000,987,704 | ---- | M] (Secunia) [Disabled | Stopped] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)

SRV - [2010.05.31 12:35:00 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)

SRV - [2010.01.22 14:06:55 | 002,480,048 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)

SRV - [2009.10.31 05:48:40 | 000,661,072 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)

SRV - [2009.10.24 06:46:18 | 000,225,382 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\Programme\IDT\WDM\stacsv.exe -- (STacSV)

SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2009.06.04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)

SRV - [2009.03.04 09:27:42 | 000,113,152 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc)

SRV - [2009.02.03 14:53:00 | 001,155,072 | ---- | M] (MAGIX AG) [Unknown | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)

SRV - [2008.08.07 10:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)

SRV - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Start_Pending] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)

SRV - [2001.11.12 14:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2012.02.23 17:12:28 | 000,610,648 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2012.02.23 17:12:16 | 000,337,112 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2012.02.23 17:10:59 | 000,044,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\Drivers\aswrdr2.sys -- (aswRdr)

DRV - [2012.02.23 17:10:39 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2012.02.23 17:10:34 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV - [2012.02.23 17:10:16 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2011.06.29 12:31:13 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2011.06.29 12:31:13 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2010.12.03 10:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)

DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV - [2010.09.01 09:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)

DRV - [2010.07.15 07:44:20 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)

DRV - [2010.07.15 07:44:20 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)

DRV - [2010.05.10 19:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2010.04.26 16:22:42 | 001,011,232 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)

DRV - [2010.02.25 16:51:02 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)

DRV - [2010.02.24 13:41:50 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)

DRV - [2010.02.17 19:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2010.01.22 14:06:57 | 000,160,288 | ---- | M] (Acronis) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\afcdp.sys -- (afcdp)

DRV - [2010.01.22 14:06:52 | 000,911,680 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tdrpm258.sys -- (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258)

DRV - [2010.01.22 14:06:46 | 000,581,984 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\timntr.sys -- (timounter)

DRV - [2010.01.22 14:06:33 | 000,158,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\snapman.sys -- (snapman)

DRV - [2009.11.12 13:50:00 | 000,042,496 | ---- | M] (Sentelic Corporation) [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\fspad_wlh32.sys -- (fspad_wlh32)

DRV - [2009.10.24 06:46:18 | 000,421,376 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)

DRV - [2009.09.28 09:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)

DRV - [2009.07.30 15:11:40 | 001,488,096 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NxpCap.sys -- (NxpCap)

DRV - [2009.07.20 19:39:20 | 000,116,136 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)

DRV - [2009.07.14 01:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)

DRV - [2009.07.14 01:14:49 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)

DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)

DRV - [2009.07.10 06:44:52 | 000,122,880 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)

DRV - [2009.05.13 13:47:30 | 000,027,160 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\x10ufx2.sys -- (XUIF)

DRV - [2009.05.13 13:26:26 | 000,013,720 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\x10hid.sys -- (X10Hid)

DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2003.09.19 15:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pfc.sys -- (pfc)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-4285553767-1374707740-3178024607-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com

IE - HKU\S-1-5-21-4285553767-1374707740-3178024607-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data]

IE - HKU\S-1-5-21-4285553767-1374707740-3178024607-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-4285553767-1374707740-3178024607-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com [binary data]

IE - HKU\S-1-5-21-4285553767-1374707740-3178024607-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchqu.com/413

IE - HKU\S-1-5-21-4285553767-1374707740-3178024607-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.update: false

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"

 

 

FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011.10.26 10:01:42 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.20 13:53:35 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.03.14 14:32:05 | 000,000,000 | ---D | M]

 

[2011.12.05 10:18:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hubert\AppData\Roaming\mozilla\Extensions

[2012.03.17 09:44:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hubert\AppData\Roaming\mozilla\Firefox\Profiles\dm11batf.default\extensions

[2011.12.05 10:18:52 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Hubert\AppData\Roaming\mozilla\Firefox\Profiles\dm11batf.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}

[2012.03.10 14:49:18 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Hubert\AppData\Roaming\mozilla\Firefox\Profiles\dm11batf.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

[2011.06.29 09:42:13 | 000,000,000 | ---D | M] ("Biet-O-Matic Firefox Erweiterung") -- C:\Users\Hubert\AppData\Roaming\mozilla\Firefox\Profiles\dm11batf.default\extensions\{B0D70E72-2FC1-4b9f-A3D4-5921C854D906}

[2012.01.10 11:29:25 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Hubert\AppData\Roaming\mozilla\Firefox\Profiles\dm11batf.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2012.02.11 14:26:37 | 000,000,000 | ---D | M] (CsFire) -- C:\Users\Hubert\AppData\Roaming\mozilla\Firefox\Profiles\dm11batf.default\extensions\csfire@cs.kuleuven.be

[2011.07.05 16:21:02 | 000,000,000 | ---D | M] (GoogleSharing) -- C:\Users\Hubert\AppData\Roaming\mozilla\Firefox\Profiles\dm11batf.default\extensions\googlesharing@extension.thoughtcrime.org

[2011.06.29 09:42:11 | 000,000,000 | ---D | M] (HTML5 Extension for Windows Media Player Plug-in) -- C:\Users\Hubert\AppData\Roaming\mozilla\Firefox\Profiles\dm11batf.default\extensions\jid0-nRwp7VvCqZcSRTppwWz2npqGEKw@jetpack

[2012.03.17 09:44:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hubert\AppData\Roaming\mozilla\Firefox\Profiles\dm11batf.default\extensions\staged

[2011.06.29 09:42:12 | 000,000,000 | ---D | M] (WiseCleaner Toolbar) -- C:\Users\Hubert\AppData\Roaming\mozilla\Firefox\Profiles\dm11batf.default\extensions\toolbar@ask.com

[2011.07.05 16:20:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hubert\AppData\Roaming\mozilla\Firefox\Profiles\dm11batf.default\extensions\googlesharing@extension.thoughtcrime.org\chrome

[2011.07.05 16:21:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hubert\AppData\Roaming\mozilla\Firefox\Profiles\dm11batf.default\extensions\googlesharing@extension.thoughtcrime.org\components

[2011.07.05 16:21:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hubert\AppData\Roaming\mozilla\Firefox\Profiles\dm11batf.default\extensions\googlesharing@extension.thoughtcrime.org\defaults

[2010.05.05 07:43:28 | 000,002,424 | ---- | M] () -- C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\dm11batf.default\searchplugins\askcom.xml

[2012.03.14 14:32:09 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2012.03.14 14:32:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}

File not found (No name found) -- 

[2012.03.14 14:32:09 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}

() (No name found) -- C:\USERS\HUBERT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DM11BATF.DEFAULT\EXTENSIONS\{39952C40-5197-11DA-8CD6-0800200C9A66}.XPI

() (No name found) -- C:\USERS\HUBERT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DM11BATF.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI

() (No name found) -- C:\USERS\HUBERT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DM11BATF.DEFAULT\EXTENSIONS\{9AA46F4F-4DC7-4C06-97AF-5035170634FE}.XPI

() (No name found) -- C:\USERS\HUBERT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DM11BATF.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

() (No name found) -- C:\USERS\HUBERT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DM11BATF.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI

() (No name found) -- C:\USERS\HUBERT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DM11BATF.DEFAULT\EXTENSIONS\ITRANS@TENSHI.XPI

[2012.02.20 13:53:35 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012.03.14 14:31:50 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[1999.12.31 16:00:00 | 000,167,704 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll

[2012.02.03 16:36:45 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.02.03 16:36:45 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2007.07.26 13:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml

[2012.02.03 16:36:45 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2012.02.03 16:36:45 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.02.03 16:36:45 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.02.03 16:36:45 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2011.07.05 16:10:47 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()

O2 - BHO: (SearchCore for Browsers) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Programme\SearchCore for Browsers\SearchCore for Browsers\BrowserConnection.dll (Bandoo Media, inc)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.

O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

O3 - HKU\S-1-5-21-4285553767-1374707740-3178024607-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O3 - HKU\S-1-5-21-4285553767-1374707740-3178024607-1000\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

O4 - HKLM..\Run: [adm_tray.exe] C:\Programme\Acronis\DriveMonitor\adm_tray.exe (Acronis)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [DATAMNGR] C:\Programme\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe (Bandoo Media, inc)

O4 - HKLM..\Run: [fspuip] C:\Program Files\FSP\fspuip.exe (Sentelic Corporation)

O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)

O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

O4 - HKLM..\Run: [MPlayerForWindows_UpdateReminder] C:\Program Files\MPlayer für Windows\AutoUpdate.exe ()

O4 - HKLM..\Run: [SimpleScreenshot] C:\Programme\SSS\SimpleScreenshot.exe (Mirko Böer)

O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)

O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron Corp.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-4285553767-1374707740-3178024607-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-4285553767-1374707740-3178024607-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta ()

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found

O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found

O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias -  File not found

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^LUMIX Simple Viewer.lnk - Reg Error: Value error. - File not found

MsConfig - StartUpFolder: C:^Users^Hubert^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)

MsConfig - StartUpFolder: C:^Users^Hubert^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Shoot'n Save.lnk - C:\Programme\ShootnSave\ShootnSave.exe - ()

MsConfig - StartUpReg: Acronis Scheduler2 Service - hkey= - key= - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)

MsConfig - StartUpReg: avgnt - hkey= - key= - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

MsConfig - StartUpReg: CanonMyPrinter - hkey= - key= - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)

MsConfig - StartUpReg: CanonSolutionMenu - hkey= - key= - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)

MsConfig - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)

MsConfig - StartUpReg: IJNetworkScanUtility - hkey= - key= - C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)

MsConfig - StartUpReg: MDS_Menu - hkey= - key= - C:\Program Files\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

MsConfig - StartUpReg: PDVD9LanguageShortcut - hkey= - key= - C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)

MsConfig - StartUpReg: SpywareTerminator - hkey= - key= -  File not found

MsConfig - StartUpReg: SUPERAntiSpyware - hkey= - key= - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

MsConfig - StartUpReg: TrueImageMonitor.exe - hkey= - key= - C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)

MsConfig - StartUpReg: UCam_Menu - hkey= - key= - C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

MsConfig - StartUpReg: YouCam Mirror Tray icon - hkey= - key= - C:\Program Files\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.)

MsConfig - State: "startup" - 2

MsConfig - State: "services" - 2

 

SafeBootMin: AppMgmt -  File not found

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)

SafeBootMin: NTDS -  File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet: AppMgmt -  File not found

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS -  File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (hxxp://www.mp3dev.org/)

Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()

Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()

Drivers32: VIDC.YV12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)

 

CREATERESTOREPOINT         

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.03.17 10:04:01 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{A1595D12-BAA0-41E6-AE43-E2C6B36D0AF3}

[2012.03.17 10:03:40 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{5E525BC7-4D2D-45B7-ADB5-99FFC2EB4660}

[2012.03.15 11:04:47 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{45C287F2-AECE-418E-ABAE-4113E7A3D5FA}

[2012.03.15 11:04:33 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{97E4E008-C7E7-4C7B-B351-F1D30C487106}

[2012.03.14 14:32:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2012.03.14 09:21:14 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{0A889D23-FCF6-499D-9ABD-429A7741FDB0}

[2012.03.13 09:44:27 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{0701B966-F9A2-464B-9D5D-A877B6C0AA8F}

[2012.03.13 09:44:15 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{407069C8-B636-485A-83FA-63095A5A078D}

[2012.03.12 08:44:17 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{1B385508-10CD-4C6A-8DB4-80C967048E76}

[2012.03.12 08:43:30 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{B20437A0-EAA7-49BD-B30A-F62E74A5BB4F}

[2012.03.11 18:27:52 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2012.03.11 14:23:08 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{8D087669-E156-471D-A138-81CF75EF95AC}

[2012.03.11 14:22:51 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{EEDB4932-E36C-4792-9606-4283190CE296}

[2012.03.10 14:42:10 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Roaming\gnupg

[2012.03.10 08:11:21 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{8FAAA3BA-689A-4273-92F8-97DF6E20311A}

[2012.03.10 08:11:07 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{48FCCB6C-D7DF-4E6F-AD92-A0BD162821B6}

[2012.03.08 12:24:00 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{4619FFEE-331F-4448-A60B-2EAF7F207854}

[2012.03.08 12:23:35 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{14F67779-71DD-46EC-9DF4-CD33BFC39656}

[2012.03.07 13:38:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPlayer für Windows

[2012.03.07 13:38:45 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\MPlayer

[2012.03.07 13:32:50 | 000,000,000 | ---D | C] -- C:\Program Files\MPlayer für Windows

[2012.03.07 12:28:17 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{F0504B68-C7CA-432A-B7DD-128BE045ABE8}

[2012.03.07 12:27:49 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{9A1A2477-7403-4D54-A064-66F04835E610}

[2012.03.06 15:15:49 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{149B2559-4E42-447C-83CF-222E8431531A}

[2012.03.06 15:15:28 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{14DCA768-B020-4309-B6D4-9EBDBD893570}

[2012.03.05 16:18:24 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{7E791293-3658-4F32-8119-81B92972799A}

[2012.03.05 16:18:13 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{D9D37A1E-4268-43B6-B3CF-4F8E72C165B8}

[2012.02.29 13:45:25 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{54250811-BB16-4668-86A1-CF413D2B5029}

[2012.02.29 13:45:04 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{CFEDD199-2958-4137-9A0A-1F2F41096F43}

[2012.02.28 11:11:09 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{5DB65100-9E57-4446-95B7-1540CC0CE363}

[2012.02.28 11:10:45 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{E96DB9F6-9BA4-470C-B73A-3622DBD1D6B9}

[2012.02.27 08:43:36 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{3BD39F69-6DC3-4021-A782-2FFAA4939476}

[2012.02.27 08:43:13 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{0FA223F2-BAC6-4F17-B2C0-2C75F59E87CA}

[2012.02.26 15:12:29 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{0AF5C90C-3A28-42B9-BD3B-44672E146250}

[2012.02.26 15:12:15 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{4D6BD6A4-C64E-4AF5-8DC9-C70FDCA86798}

[2012.02.25 09:09:29 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{4E4E4243-A47C-4DE1-A955-37E362FF282E}

[2012.02.25 09:09:17 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{DADA3F3D-C339-4C83-A6DC-EF68DA96616D}

[2012.02.24 13:47:35 | 000,044,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys

[2012.02.24 08:00:59 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{1115085B-DDFC-47F0-9B2B-80356850B8BA}

[2012.02.24 08:00:38 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{67BDDC81-2F0B-4C84-95D8-7A5174F2F63C}

[2012.02.23 07:07:38 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{334C9CDA-0DA9-4321-88ED-767B51411E8B}

[2012.02.23 07:06:59 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{8492A0E5-3DCE-4838-ACAC-42F5A6B430CC}

[2012.02.22 09:09:56 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{6F088B8E-B861-4049-853F-F4945EF0735B}

[2012.02.22 09:09:17 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{669BF570-ADD7-4DFB-AC14-3D609FA76D39}

[2012.02.21 10:20:46 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{EE904A08-5057-4ACC-AFF7-E78FB8E77182}

[2012.02.21 10:20:09 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{4E0B2FDD-943A-404E-9E52-DDD7BDE52224}

[2012.02.20 13:15:44 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{958E1B63-3406-41E2-AC55-0369C8234F24}

[2012.02.20 13:15:31 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{AA978DE3-5EC3-491B-A820-8D8AFAFA08FC}

[2012.02.19 12:34:12 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{142476A4-48D6-46F0-A844-C1739ED760B1}

[2012.02.19 12:33:57 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{7EFC7D26-6B3C-4DC8-9D4D-7BCABC462930}

[2012.02.18 16:43:31 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{1E8CBDC3-D813-4346-8F2E-2BC77E0E1D6D}

[2012.02.18 16:42:48 | 000,000,000 | ---D | C] -- C:\Users\Hubert\AppData\Local\{EF22ACD7-9ADF-4633-A67B-5C2705DAB993}

[2011.02.11 17:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.03.17 17:00:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.03.17 15:34:37 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job

[2012.03.17 15:34:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.03.17 09:53:05 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.03.15 12:01:01 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.03.15 12:01:01 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.03.15 12:01:01 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.03.15 12:01:01 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.03.14 14:47:20 | 000,045,488 | ---- | M] () -- C:\Users\Hubert\AppData\Roaming\wklnhst.dat

[2012.03.14 09:21:16 | 000,010,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.03.14 09:21:16 | 000,010,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.03.11 15:38:43 | 000,002,853 | ---- | M] () -- C:\Users\Hubert\Desktop\dds.com - Verknüpfung.pif

[2012.03.11 15:34:20 | 000,000,000 | ---- | M] () -- C:\Users\Hubert\defogger_reenable

[2012.03.10 14:43:31 | 2363,125,760 | -HS- | M] () -- C:\hiberfil.sys

[2012.03.07 13:38:49 | 000,001,095 | ---- | M] () -- C:\Users\Public\Desktop\SMPlayer.lnk

[2012.03.07 13:38:49 | 000,001,026 | ---- | M] () -- C:\Users\Public\Desktop\MPUI.lnk

[2012.02.24 13:47:35 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt

[2012.02.23 17:23:26 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

[2012.02.23 17:23:21 | 000,201,352 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe

[2012.02.23 17:12:28 | 000,610,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys

[2012.02.23 17:12:16 | 000,337,112 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys

[2012.02.23 17:10:59 | 000,044,376 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys

[2012.02.23 17:10:39 | 000,053,848 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys

[2012.02.23 17:10:34 | 000,057,688 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys

[2012.02.23 17:10:16 | 000,020,696 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys

[2012.02.18 17:33:08 | 000,422,648 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

 
 ========== Files Created - No Company Name ==========

 

[2012.03.11 15:38:43 | 000,002,853 | ---- | C] () -- C:\Users\Hubert\Desktop\dds.com - Verknüpfung.pif

[2012.03.11 15:34:20 | 000,000,000 | ---- | C] () -- C:\Users\Hubert\defogger_reenable

[2012.03.07 13:38:49 | 000,001,095 | ---- | C] () -- C:\Users\Public\Desktop\SMPlayer.lnk

[2012.03.07 13:38:49 | 000,001,026 | ---- | C] () -- C:\Users\Public\Desktop\MPUI.lnk

[2011.11.04 15:51:07 | 000,004,608 | ---- | C] () -- C:\Users\Hubert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.11.04 15:50:44 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll

[2011.11.04 15:50:43 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini

[2011.11.04 15:50:39 | 000,810,496 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2011.11.04 15:50:39 | 000,183,808 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2011.11.04 15:50:39 | 000,080,896 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll

[2011.07.05 16:03:14 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2011.07.05 16:03:14 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2011.07.05 16:03:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2011.07.05 16:03:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2011.07.05 16:03:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2010.08.03 13:09:06 | 001,774,720 | ---- | C] () -- C:\Windows\System32\BootMan.exe

[2010.08.03 13:09:06 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe

[2010.08.03 13:09:06 | 000,014,848 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll

[2010.08.03 13:09:06 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys

[2010.08.03 13:09:06 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys

[2010.02.22 13:15:33 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll

[2010.02.20 15:16:10 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin

[2010.02.20 15:16:08 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin

[2010.02.20 15:16:08 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin

[2010.02.13 16:37:26 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat

[2010.02.13 16:37:26 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat

[2010.02.13 16:37:26 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat

[2010.02.13 16:37:26 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat

[2010.01.24 17:42:16 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat

[2010.01.24 17:42:16 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat

[2010.01.24 17:42:16 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat

[2010.01.24 17:42:16 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat

[2010.01.24 17:42:16 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat

[2010.01.24 17:42:16 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat

[2010.01.24 17:42:16 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat

[2010.01.24 17:42:16 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat

[2010.01.24 17:42:16 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat

[2010.01.24 17:42:16 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat

[2010.01.24 17:42:16 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat

[2010.01.24 17:42:16 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat

[2010.01.24 17:42:16 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat

[2010.01.24 17:42:16 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat

[2010.01.24 17:42:16 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini

[2010.01.24 17:24:30 | 000,000,025 | ---- | C] () -- C:\Windows\CDE P34903590GD.ini

[2010.01.24 15:57:49 | 000,006,771 | ---- | C] () -- C:\Windows\hpdj3600.ini

[2010.01.21 16:18:23 | 000,045,488 | ---- | C] () -- C:\Users\Hubert\AppData\Roaming\wklnhst.dat

[2009.12.15 01:45:44 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config

[2009.11.12 15:56:26 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll

[2009.11.12 15:36:11 | 000,000,548 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat

[2009.11.06 08:21:28 | 000,036,864 | ---- | C] () -- C:\Windows\System32\Hooks.dll

[2009.11.06 08:12:37 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe

[2009.11.06 08:12:35 | 000,149,504 | ---- | C] () -- C:\Windows\unwise32_setup.exe

[2009.11.06 07:38:06 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe

[2009.11.06 07:36:04 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll

[2009.11.06 06:46:08 | 000,009,824 | ---- | C] () -- C:\Windows\System32\716xCoInstaller.dll

[2009.11.06 06:45:34 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll

[2009.11.06 06:45:32 | 000,134,592 | ---- | C] () -- C:\Windows\System32\igfcg500.bin

[2009.07.14 09:47:43 | 000,654,166 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2009.07.14 09:47:43 | 000,130,006 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat

[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009.07.14 05:33:53 | 000,422,648 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2009.07.14 03:05:48 | 000,616,008 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2009.07.14 03:05:48 | 000,106,388 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll

[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2007.06.05 13:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe

 
 ========== LOP Check ==========

 

[2010.02.24 14:52:53 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\Acronis

[2011.12.05 16:42:20 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\AnvSoft

[2011.11.04 15:51:04 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\Any Video Editor

[2011.08.13 15:36:36 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\BOM

[2010.03.29 16:08:06 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\Canneverbe Limited

[2010.12.20 15:49:01 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\Canon

[2011.02.24 16:54:58 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\elsterformular

[2010.10.31 17:10:27 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\Engelmann Media

[2010.01.25 17:01:29 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\EPSON

[2011.12.05 10:19:37 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\FreeFLVConverter

[2012.03.10 14:42:10 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\gnupg

[2010.11.29 17:44:38 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\gtk-2.0

[2011.12.04 13:18:04 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\ImgBurn

[2011.03.19 15:48:51 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\IrfanView

[2011.12.06 10:16:56 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\LibreOffice

[2010.02.14 16:15:52 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\MAGIX

[2010.06.10 15:13:00 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\OpenOffice.org

[2010.02.13 16:37:54 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\Panasonic

[2010.11.04 15:43:32 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\PhotoScape

[2012.01.06 16:06:29 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\QTTabBar

[2010.02.24 12:09:55 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\Samsung

[2011.04.22 15:17:22 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\Simple Sudoku

[2011.03.19 15:48:52 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\SimpleScreenshot

[2010.01.22 13:56:54 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\Template

[2010.11.25 15:44:02 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\Tracker Software

[2011.03.10 16:34:34 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\TuneUp Software

[2011.01.12 12:07:21 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\Windows Live Writer

[2011.11.04 14:21:17 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\XMedia Recode

[2010.09.17 16:22:28 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\XMLmind

[2011.05.11 08:52:12 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2010.02.24 14:52:53 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\Acronis

[2010.01.22 17:46:56 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\Adobe

[2011.12.05 16:42:20 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\AnvSoft

[2011.11.04 15:51:04 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\Any Video Editor

[2011.11.30 14:46:00 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\Apple Computer

[2010.02.06 16:46:05 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\ArcSoft

[2010.03.27 17:33:15 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\Avira

[2011.08.13 15:36:36 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\BOM

[2010.03.29 16:08:06 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\Canneverbe Limited

[2010.12.20 15:49:01 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\Canon

[2010.03.08 16:32:56 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\Corel

[2011.11.03 18:52:36 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\CyberLink

[2012.01.10 16:28:56 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\DVD Flick

[2011.02.24 16:54:58 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\elsterformular

[2010.10.31 17:10:27 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\Engelmann Media

[2010.01.25 17:01:29 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\EPSON

[2011.12.05 10:19:37 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\FreeFLVConverter

[2012.03.10 14:42:10 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\gnupg

[2010.11.29 17:44:38 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\gtk-2.0

[2010.01.21 14:46:56 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\Identities

[2011.12.04 13:18:04 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\ImgBurn

[2011.03.19 15:48:51 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\IrfanView

[2011.12.06 10:16:56 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\LibreOffice

[2010.01.22 17:46:56 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\Macromedia

[2010.02.14 16:15:52 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\MAGIX

[2010.10.20 15:18:42 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\Malwarebytes

[2009.07.14 09:56:41 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\Media Center Programs

[2012.03.11 18:32:03 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\Media Player Classic

[2012.03.07 12:54:16 | 000,000,000 | --SD | M] -- C:\Users\Hubert\AppData\Roaming\Microsoft

[2011.02.06 15:19:23 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\Mozilla

[2010.06.10 15:13:00 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\OpenOffice.org

[2010.02.13 16:37:54 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\Panasonic

[2010.11.04 15:43:32 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\PhotoScape

[2012.01.06 16:06:29 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\QTTabBar

[2010.02.24 12:09:55 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\Samsung

[2011.04.22 15:17:22 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\Simple Sudoku

[2011.03.19 15:48:52 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\SimpleScreenshot

[2011.07.12 15:18:28 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\SUPERAntiSpyware.com

[2010.01.22 13:56:54 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\Template

[2010.11.25 15:44:02 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\Tracker Software

[2011.03.10 16:34:34 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\TuneUp Software

[2011.12.17 13:48:23 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\vlc

[2011.01.12 12:07:21 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\Windows Live Writer

[2011.11.04 14:21:17 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\XMedia Recode

[2010.09.17 16:22:28 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\XMLmind

 
 < %APPDATA%\*.exe /s >

[2010.12.15 16:45:36 | 000,605,976 | ---- | M] (Tracker Software Products Ltd.) -- C:\Users\Hubert\AppData\Roaming\Tracker Software\LiveUpdate\Updates\LiveUpdate.exe

 
 < %SYSTEMDRIVE%\*.exe >

 

 
 < MD5 for: AGP440.SYS  >

[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\ERDNT\cache\AGP440.sys

[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys

[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys

[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys

[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys

[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys

[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache\cngaudit.dll

[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll

[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

 
 < MD5 for: EVENTLOG.DLL  >

[2008.06.06 14:03:52 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll

 
 < MD5 for: IASTOR.SYS  >

[2009.06.04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys

[2009.06.04 18:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys

[2009.06.04 18:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys

[2009.06.04 18:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_4f144d6467fc7c22\iaStor.sys

 
 < MD5 for: IASTORV.SYS  >

[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys

[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys

[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys

[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys

[2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys

[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys

[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys

[2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\ERDNT\cache\netlogon.dll

[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll

[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll

[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys

[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys

[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys

[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys

[2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys

[2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys

[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys

[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys

[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\ERDNT\cache\scecli.dll

[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll

[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll

[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\ERDNT\cache\user32.dll

[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll

[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache\userinit.exe

[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe

[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache\wininit.exe

[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe

[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe

[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe

[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\ERDNT\cache\winlogon.exe

[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe

[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe

[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys

[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >
 

< End of report >

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

IE - HKU\S-1-5-21-4285553767-1374707740-3178024607-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com

IE - HKU\S-1-5-21-4285553767-1374707740-3178024607-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://medion.msn.com [binary data]

IE - HKU\S-1-5-21-4285553767-1374707740-3178024607-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-4285553767-1374707740-3178024607-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://medion.msn.com [binary data]

IE - HKU\S-1-5-21-4285553767-1374707740-3178024607-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/413

[2011.12.05 10:18:52 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Hubert\AppData\Roaming\mozilla\Firefox\Profiles\dm11batf.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}

[2011.06.29 09:42:12 | 000,000,000 | ---D | M] (WiseCleaner Toolbar) -- C:\Users\Hubert\AppData\Roaming\mozilla\Firefox\Profiles\dm11batf.default\extensions\toolbar@ask.com

[2010.05.05 07:43:28 | 000,002,424 | ---- | M] () -- C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\dm11batf.default\searchplugins\askcom.xml

O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()

O2 - BHO: (SearchCore for Browsers) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Programme\SearchCore for Browsers\SearchCore for Browsers\BrowserConnection.dll (Bandoo Media, inc)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.

O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

O3 - HKU\S-1-5-21-4285553767-1374707740-3178024607-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O3 - HKU\S-1-5-21-4285553767-1374707740-3178024607-1000\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-4285553767-1374707740-3178024607-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-4285553767-1374707740-3178024607-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta ()

O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found

O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found

:Commands

[emptytemp]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

OTL-Log:

Code:

All processes killed

========== OTL ==========

HKU\S-1-5-21-4285553767-1374707740-3178024607-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!

HKU\S-1-5-21-4285553767-1374707740-3178024607-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!

HKU\S-1-5-21-4285553767-1374707740-3178024607-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchDefaultBranded| /E : value set successfully!

HKU\S-1-5-21-4285553767-1374707740-3178024607-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!

HKU\S-1-5-21-4285553767-1374707740-3178024607-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

C:\Users\Hubert\AppData\Roaming\mozilla\Firefox\Profiles\dm11batf.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components folder moved successfully.

C:\Users\Hubert\AppData\Roaming\mozilla\Firefox\Profiles\dm11batf.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\searchbar folder moved successfully.

C:\Users\Hubert\AppData\Roaming\mozilla\Firefox\Profiles\dm11batf.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\options folder moved successfully.

C:\Users\Hubert\AppData\Roaming\mozilla\Firefox\Profiles\dm11batf.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.

C:\Users\Hubert\AppData\Roaming\mozilla\Firefox\Profiles\dm11batf.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels folder moved successfully.

C:\Users\Hubert\AppData\Roaming\mozilla\Firefox\Profiles\dm11batf.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\icons folder moved successfully.

C:\Users\Hubert\AppData\Roaming\mozilla\Firefox\Profiles\dm11batf.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton folder moved successfully.

C:\Users\Hubert\AppData\Roaming\mozilla\Firefox\Profiles\dm11batf.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa folder moved successfully.

C:\Users\Hubert\AppData\Roaming\mozilla\Firefox\Profiles\dm11batf.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images folder moved successfully.

C:\Users\Hubert\AppData\Roaming\mozilla\Firefox\Profiles\dm11batf.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\css folder moved successfully.

C:\Users\Hubert\AppData\Roaming\mozilla\Firefox\Profiles\dm11batf.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio folder moved successfully.

C:\Users\Hubert\AppData\Roaming\mozilla\Firefox\Profiles\dm11batf.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images folder moved successfully.

C:\Users\Hubert\AppData\Roaming\mozilla\Firefox\Profiles\dm11batf.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\scripts folder moved successfully.

C:\Users\Hubert\AppData\Roaming\mozilla\Firefox\Profiles\dm11batf.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\images folder moved successfully.

C:\Users\Hubert\AppData\Roaming\mozilla\Firefox\Profiles\dm11batf.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\css folder moved successfully.

C:\Users\Hubert\AppData\Roaming\mozilla\Firefox\Profiles\dm11batf.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default folder moved successfully.

C:\Users\Hubert\AppData\Roaming\mozilla\Firefox\Profiles\dm11batf.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\css folder moved successfully.

C:\Users\Hubert\AppData\Roaming\mozilla\Firefox\Profiles\dm11batf.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels folder moved successfully.

C:\Users\Hubert\AppData\Roaming\mozilla\Firefox\Profiles\dm11batf.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib folder moved successfully.

C:\Users\Hubert\AppData\Roaming\mozilla\Firefox\Profiles\dm11batf.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin folder moved successfully.

C:\Users\Hubert\AppData\Roaming\mozilla\Firefox\Profiles\dm11batf.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.PPCBully folder moved successfully.

C:\Users\Hubert\AppData\Roaming\mozilla\Firefox\Profiles\dm11batf.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets folder moved successfully.

C:\Users\Hubert\AppData\Roaming\mozilla\Firefox\Profiles\dm11batf.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\modules folder moved successfully.

C:\Users\Hubert\AppData\Roaming\mozilla\Firefox\Profiles\dm11batf.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib folder moved successfully.

C:\Users\Hubert\AppData\Roaming\mozilla\Firefox\Profiles\dm11batf.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\data\search folder moved successfully.

C:\Users\Hubert\AppData\Roaming\mozilla\Firefox\Profiles\dm11batf.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\data folder moved successfully.

C:\Users\Hubert\AppData\Roaming\mozilla\Firefox\Profiles\dm11batf.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content folder moved successfully.

C:\Users\Hubert\AppData\Roaming\mozilla\Firefox\Profiles\dm11batf.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome folder moved successfully.

C:\Users\Hubert\AppData\Roaming\mozilla\Firefox\Profiles\dm11batf.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} folder moved successfully.

C:\Users\Hubert\AppData\Roaming\mozilla\Firefox\Profiles\dm11batf.default\extensions\toolbar@ask.com\searchplugins folder moved successfully.

C:\Users\Hubert\AppData\Roaming\mozilla\Firefox\Profiles\dm11batf.default\extensions\toolbar@ask.com\logs folder moved successfully.

C:\Users\Hubert\AppData\Roaming\mozilla\Firefox\Profiles\dm11batf.default\extensions\toolbar@ask.com\defaults\preferences folder moved successfully.

C:\Users\Hubert\AppData\Roaming\mozilla\Firefox\Profiles\dm11batf.default\extensions\toolbar@ask.com\defaults folder moved successfully.

C:\Users\Hubert\AppData\Roaming\mozilla\Firefox\Profiles\dm11batf.default\extensions\toolbar@ask.com\datastore folder moved successfully.

C:\Users\Hubert\AppData\Roaming\mozilla\Firefox\Profiles\dm11batf.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Wed-05-May-2010-06-43-24-GMT folder moved successfully.

C:\Users\Hubert\AppData\Roaming\mozilla\Firefox\Profiles\dm11batf.default\extensions\toolbar@ask.com\chrome\temp folder moved successfully.

C:\Users\Hubert\AppData\Roaming\mozilla\Firefox\Profiles\dm11batf.default\extensions\toolbar@ask.com\chrome\skin folder moved successfully.

C:\Users\Hubert\AppData\Roaming\mozilla\Firefox\Profiles\dm11batf.default\extensions\toolbar@ask.com\chrome\content folder moved successfully.

C:\Users\Hubert\AppData\Roaming\mozilla\Firefox\Profiles\dm11batf.default\extensions\toolbar@ask.com\chrome folder moved successfully.

C:\Users\Hubert\AppData\Roaming\mozilla\Firefox\Profiles\dm11batf.default\extensions\toolbar@ask.com folder moved successfully.

C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\dm11batf.default\searchplugins\askcom.xml moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}\ deleted successfully.

C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}\ deleted successfully.

C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.

C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.

C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\ deleted successfully.

C:\Programme\SearchCore for Browsers\SearchCore for Browsers\BrowserConnection.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.

C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}\ deleted successfully.

File WebPrint EX\ewpexhlp.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.

File C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.

Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.

Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}\ not found.

Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}\ not found.

File WebPrint EX\ewpexhlp.dll not found.

Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.

Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}\ not found.

Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}\ not found.

File WebPrint EX\ewpexhlp.dll not found.

Registry value HKEY_USERS\S-1-5-21-4285553767-1374707740-3178024607-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.

Registry value HKEY_USERS\S-1-5-21-4285553767-1374707740-3178024607-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}\ not found.

File WebPrint EX\ewpexhlp.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.

Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.

Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.

Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.

Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.

Registry key HKEY_USERS\S-1-5-21-4285553767-1374707740-3178024607-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.

Registry value HKEY_USERS\S-1-5-21-4285553767-1374707740-3178024607-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.

Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\add to &BOM\ deleted successfully.

File move failed. C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta scheduled to be moved on reboot.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Hubert

->Temp folder emptied: 2896094 bytes

->Temporary Internet Files folder emptied: 2646077 bytes

->Java cache emptied: 2217236 bytes

->FireFox cache emptied: 57145102 bytes

->Flash cache emptied: 596 bytes

 

User: Public

->Temp folder emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 6304 bytes

RecycleBin emptied: 801585810 bytes

 

Total Files Cleaned = 826,00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.25.0 log created on 03202012_104903
 

Files\Folders moved on Reboot...

File move failed. C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta scheduled to be moved on reboot.
 

Registry entries deleted on Reboot...

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Den TDSS-Killer bitte neu runterladen und NICHT von Softonic! In unserer Anleitung ist extra ein Link zu dem Tool!

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

tdsskiller-log:

Code:

17:50:36.0482 2916        TDSS rootkit removing tool 2.7.20.0 Mar  9 2012 17:10:43

17:50:38.0485 2916        ============================================================

17:50:38.0485 2916        Current date / time: 2012/03/20 17:50:38.0485

17:50:38.0485 2916        SystemInfo:

17:50:38.0485 2916        

17:50:38.0485 2916        OS Version: 6.1.7601 ServicePack: 1.0

17:50:38.0485 2916        Product type: Workstation

17:50:38.0485 2916        ComputerName: HUBERT-PC

17:50:38.0485 2916        UserName: Hubert

17:50:38.0485 2916        Windows directory: C:\Windows

17:50:38.0485 2916        System windows directory: C:\Windows

17:50:38.0485 2916        Processor architecture: Intel x86

17:50:38.0485 2916        Number of processors: 2

17:50:38.0485 2916        Page size: 0x1000

17:50:38.0485 2916        Boot type: Normal boot

17:50:38.0485 2916        ============================================================

17:50:39.0016 2916        Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

17:50:39.0021 2916        Drive \Device\Harddisk1\DR1 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

17:50:39.0022 2916        \Device\Harddisk0\DR0:

17:50:39.0023 2916        MBR used

17:50:39.0023 2916        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

17:50:39.0023 2916        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3282C, BlocksNum 0x21C03690

17:50:39.0048 2916        \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x21C35EFB, BlocksNum 0x45577EF

17:50:39.0068 2916        \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x2618D729, BlocksNum 0x117F8CA3

17:50:39.0085 2916        \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x3798640B, BlocksNum 0x27FCB73

17:50:39.0086 2916        \Device\Harddisk1\DR1:

17:50:39.0086 2916        MBR used

17:50:39.0086 2916        \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xDF93782

17:50:39.0785 2916        Initialize success

17:50:39.0785 2916        ============================================================

17:52:09.0018 6036        ============================================================

17:52:09.0018 6036        Scan started

17:52:09.0018 6036        Mode: Manual; SigCheck; TDLFS; 

17:52:09.0018 6036        ============================================================

17:52:09.0371 6036        1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys

17:52:09.0463 6036        1394ohci - ok

17:52:09.0579 6036        ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys

17:52:09.0595 6036        ACPI - ok

17:52:09.0693 6036        AcpiPmi         (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys

17:52:09.0711 6036        AcpiPmi - ok

17:52:09.0863 6036        adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

17:52:09.0884 6036        adp94xx - ok

17:52:10.0006 6036        adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

17:52:10.0023 6036        adpahci - ok

17:52:10.0130 6036        adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

17:52:10.0146 6036        adpu320 - ok

17:52:10.0259 6036        afcdp           (60073ff4c0717cf93a77496598b5962b) C:\Windows\system32\DRIVERS\afcdp.sys

17:52:10.0295 6036        afcdp - ok

17:52:10.0444 6036        AFD             (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys

17:52:10.0483 6036        AFD - ok

17:52:10.0585 6036        agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys

17:52:10.0600 6036        agp440 - ok

17:52:10.0716 6036        aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

17:52:10.0730 6036        aic78xx - ok

17:52:10.0862 6036        aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys

17:52:10.0877 6036        aliide - ok

17:52:10.0930 6036        amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys

17:52:10.0946 6036        amdagp - ok

17:52:11.0042 6036        amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys

17:52:11.0058 6036        amdide - ok

17:52:11.0167 6036        AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

17:52:11.0202 6036        AmdK8 - ok

17:52:11.0300 6036        AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

17:52:11.0369 6036        AmdPPM - ok

17:52:11.0485 6036        amdsata         (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys

17:52:11.0499 6036        amdsata - ok

17:52:11.0620 6036        amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

17:52:11.0637 6036        amdsbs - ok

17:52:11.0724 6036        amdxata         (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys

17:52:11.0737 6036        amdxata - ok

17:52:11.0874 6036        AppID           (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys

17:52:11.0913 6036        AppID - ok

17:52:12.0046 6036        arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

17:52:12.0059 6036        arc - ok

17:52:12.0077 6036        arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

17:52:12.0092 6036        arcsas - ok

17:52:12.0141 6036        aswFsBlk        (581b82df5dbcc1dda6b775fac0d92472) C:\Windows\system32\drivers\aswFsBlk.sys

17:52:12.0153 6036        aswFsBlk - ok

17:52:12.0270 6036        aswMonFlt       (0787b434e9098840966c23bb1c77df49) C:\Windows\system32\drivers\aswMonFlt.sys

17:52:12.0281 6036        aswMonFlt - ok

17:52:12.0371 6036        aswRdr          (03a901b0ba42aac44d7669c7c71dbbc0) C:\Windows\System32\Drivers\aswrdr2.sys

17:52:12.0383 6036        aswRdr - ok

17:52:12.0462 6036        aswSnx          (ca9601cd277a1e510b80422a40240a95) C:\Windows\system32\drivers\aswSnx.sys

17:52:12.0486 6036        aswSnx - ok

17:52:12.0602 6036        aswSP           (05ea22dde5ca7ee3a865046aff2f0229) C:\Windows\system32\drivers\aswSP.sys

17:52:12.0620 6036        aswSP - ok

17:52:12.0753 6036        aswTdi          (3ac73a9e7378848d1bde174b4bb39212) C:\Windows\system32\drivers\aswTdi.sys

17:52:12.0765 6036        aswTdi - ok

17:52:12.0804 6036        AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

17:52:12.0849 6036        AsyncMac - ok

17:52:12.0972 6036        atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys

17:52:12.0985 6036        atapi - ok

17:52:13.0057 6036        avgio           (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys

17:52:13.0066 6036        avgio - ok

17:52:13.0167 6036        avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys

17:52:13.0177 6036        avgntflt - ok

17:52:13.0228 6036        avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys

17:52:13.0243 6036        avipbb - ok

17:52:13.0369 6036        b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

17:52:13.0408 6036        b06bdrv - ok

17:52:13.0492 6036        b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

17:52:13.0523 6036        b57nd60x - ok

17:52:13.0649 6036        Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

17:52:13.0687 6036        Beep - ok

17:52:13.0806 6036        blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

17:52:13.0841 6036        blbdrive - ok

17:52:13.0935 6036        bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys

17:52:13.0961 6036        bowser - ok

17:52:13.0989 6036        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

17:52:14.0020 6036        BrFiltLo - ok

17:52:14.0095 6036        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

17:52:14.0153 6036        BrFiltUp - ok

17:52:14.0259 6036        Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

17:52:14.0298 6036        Brserid - ok

17:52:14.0339 6036        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

17:52:14.0368 6036        BrSerWdm - ok

17:52:14.0394 6036        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

17:52:14.0429 6036        BrUsbMdm - ok

17:52:14.0468 6036        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

17:52:14.0504 6036        BrUsbSer - ok

17:52:14.0580 6036        BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

17:52:14.0617 6036        BTHMODEM - ok

17:52:14.0780 6036        catchme - ok

17:52:14.0869 6036        cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

17:52:14.0919 6036        cdfs - ok

17:52:15.0029 6036        cdrom           (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys

17:52:15.0062 6036        cdrom - ok

17:52:15.0201 6036        circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

17:52:15.0254 6036        circlass - ok

17:52:15.0342 6036        CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

17:52:15.0360 6036        CLFS - ok

17:52:15.0478 6036        CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

17:52:15.0495 6036        CmBatt - ok

17:52:15.0521 6036        cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys

17:52:15.0534 6036        cmdide - ok

17:52:15.0584 6036        CNG             (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys

17:52:15.0609 6036        CNG - ok

17:52:15.0675 6036        Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

17:52:15.0687 6036        Compbatt - ok

17:52:15.0769 6036        CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys

17:52:15.0801 6036        CompositeBus - ok

17:52:15.0839 6036        crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

17:52:15.0851 6036        crcdisk - ok

17:52:15.0935 6036        DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys

17:52:15.0978 6036        DfsC - ok

17:52:16.0015 6036        discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

17:52:16.0070 6036        discache - ok

17:52:16.0184 6036        Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

17:52:16.0197 6036        Disk - ok

17:52:16.0301 6036        drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

17:52:16.0327 6036        drmkaud - ok

17:52:16.0390 6036        DXGKrnl         (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys

17:52:16.0418 6036        DXGKrnl - ok

17:52:16.0545 6036        ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

17:52:16.0661 6036        ebdrv - ok

17:52:16.0786 6036        elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

17:52:16.0809 6036        elxstor - ok

17:52:16.0842 6036        epmntdrv        (539ca34fbc74ec366a0d751028c32a08) C:\Windows\system32\epmntdrv.sys

17:52:16.0868 6036        epmntdrv ( UnsignedFile.Multi.Generic ) - warning

17:52:16.0868 6036        epmntdrv - detected UnsignedFile.Multi.Generic (1)

17:52:16.0912 6036        ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys

17:52:16.0935 6036        ErrDev - ok

17:52:17.0038 6036        EuGdiDrv        (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\Windows\system32\EuGdiDrv.sys

17:52:17.0057 6036        EuGdiDrv ( UnsignedFile.Multi.Generic ) - warning

17:52:17.0057 6036        EuGdiDrv - detected UnsignedFile.Multi.Generic (1)

17:52:17.0118 6036        exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

17:52:17.0170 6036        exfat - ok

17:52:17.0286 6036        fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

17:52:17.0338 6036        fastfat - ok

17:52:17.0430 6036        fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

17:52:17.0459 6036        fdc - ok

17:52:17.0508 6036        FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

17:52:17.0521 6036        FileInfo - ok

17:52:17.0536 6036        Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

17:52:17.0582 6036        Filetrace - ok

17:52:17.0612 6036        flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

17:52:17.0642 6036        flpydisk - ok

17:52:17.0688 6036        FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

17:52:17.0705 6036        FltMgr - ok

17:52:17.0724 6036        FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

17:52:17.0736 6036        FsDepends - ok

17:52:17.0773 6036        fspad_wlh32     (1d300e884e4c539239aaf36bc8d0947a) C:\Windows\system32\DRIVERS\fspad_wlh32.sys

17:52:17.0791 6036        fspad_wlh32 - ok

17:52:17.0809 6036        Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

17:52:17.0825 6036        Fs_Rec - ok

17:52:17.0867 6036        fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys

17:52:17.0886 6036        fvevol - ok

17:52:17.0976 6036        gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

17:52:17.0991 6036        gagp30kx - ok

17:52:18.0158 6036        hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

17:52:18.0189 6036        hcw85cir - ok

17:52:18.0311 6036        HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys

17:52:18.0342 6036        HdAudAddService - ok

17:52:18.0431 6036        HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys

17:52:18.0466 6036        HDAudBus - ok

17:52:18.0503 6036        HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

17:52:18.0534 6036        HidBatt - ok

17:52:18.0576 6036        HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

17:52:18.0617 6036        HidBth - ok

17:52:18.0713 6036        HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

17:52:18.0734 6036        HidIr - ok

17:52:18.0825 6036        HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys

17:52:18.0842 6036        HidUsb - ok

17:52:18.0895 6036        HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys

17:52:18.0909 6036        HpSAMD - ok

17:52:18.0967 6036        HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys

17:52:19.0042 6036        HTTP - ok

17:52:19.0093 6036        hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys

17:52:19.0108 6036        hwpolicy - ok

17:52:19.0146 6036        i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys

17:52:19.0184 6036        i8042prt - ok

17:52:19.0235 6036        iaStor          (d483687eace0c065ee772481a96e05f5) C:\Windows\system32\DRIVERS\iaStor.sys

17:52:19.0252 6036        iaStor - ok

17:52:19.0317 6036        iaStorV         (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys

17:52:19.0337 6036        iaStorV - ok

17:52:19.0583 6036        igfx            (dce0b53570703cce580d066f89ef58cd) C:\Windows\system32\DRIVERS\igdkmd32.sys

17:52:19.0849 6036        igfx - ok

17:52:19.0962 6036        iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

17:52:19.0974 6036        iirsp - ok

17:52:20.0081 6036        IntcHdmiAddService (264632ade8127b7baa2190cf6fad435b) C:\Windows\system32\drivers\IntcHdmi.sys

17:52:20.0113 6036        IntcHdmiAddService - ok

17:52:20.0147 6036        intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys

17:52:20.0159 6036        intelide - ok

17:52:20.0201 6036        intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

17:52:20.0234 6036        intelppm - ok

17:52:20.0327 6036        IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

17:52:20.0377 6036        IpFilterDriver - ok

17:52:20.0442 6036        IPMIDRV         (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys

17:52:20.0459 6036        IPMIDRV - ok

17:52:20.0495 6036        IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

17:52:20.0540 6036        IPNAT - ok

17:52:20.0572 6036        IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

17:52:20.0591 6036        IRENUM - ok

17:52:20.0623 6036        isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys

17:52:20.0636 6036        isapnp - ok

17:52:20.0711 6036        iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys

17:52:20.0730 6036        iScsiPrt - ok

17:52:20.0782 6036        JMCR            (65da9fa42c0972fe5b9b7d6047f06f4c) C:\Windows\system32\DRIVERS\jmcr.sys

17:52:20.0794 6036        JMCR - ok

17:52:20.0896 6036        kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys

17:52:20.0910 6036        kbdclass - ok

17:52:20.0969 6036        kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys

17:52:20.0997 6036        kbdhid - ok

17:52:21.0039 6036        KSecDD          (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys

17:52:21.0052 6036        KSecDD - ok

17:52:21.0079 6036        KSecPkg         (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys

17:52:21.0093 6036        KSecPkg - ok

17:52:21.0164 6036        Lbd             (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\Windows\system32\DRIVERS\Lbd.sys

17:52:21.0178 6036        Lbd - ok

17:52:21.0227 6036        lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

17:52:21.0269 6036        lltdio - ok

17:52:21.0383 6036        LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

17:52:21.0397 6036        LSI_FC - ok

17:52:21.0425 6036        LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

17:52:21.0442 6036        LSI_SAS - ok

17:52:21.0472 6036        LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

17:52:21.0486 6036        LSI_SAS2 - ok

17:52:21.0502 6036        LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

17:52:21.0517 6036        LSI_SCSI - ok

17:52:21.0555 6036        luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

17:52:21.0602 6036        luafv - ok

17:52:21.0624 6036        megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

17:52:21.0639 6036        megasas - ok

17:52:21.0674 6036        MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

17:52:21.0692 6036        MegaSR - ok

17:52:21.0714 6036        Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

17:52:21.0763 6036        Modem - ok

17:52:21.0856 6036        monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

17:52:21.0888 6036        monitor - ok

17:52:21.0978 6036        mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys

17:52:21.0992 6036        mouclass - ok

17:52:22.0101 6036        mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

17:52:22.0139 6036        mouhid - ok

17:52:22.0251 6036        mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys

17:52:22.0265 6036        mountmgr - ok

17:52:22.0299 6036        mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys

17:52:22.0315 6036        mpio - ok

17:52:22.0346 6036        mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

17:52:22.0401 6036        mpsdrv - ok

17:52:22.0472 6036        MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys

17:52:22.0512 6036        MRxDAV - ok

17:52:22.0549 6036        mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys

17:52:22.0580 6036        mrxsmb - ok

17:52:22.0632 6036        mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys

17:52:22.0675 6036        mrxsmb10 - ok

17:52:22.0706 6036        mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys

17:52:22.0738 6036        mrxsmb20 - ok

17:52:22.0826 6036        msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys

17:52:22.0842 6036        msahci - ok

17:52:22.0897 6036        msdsm           (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys

17:52:22.0916 6036        msdsm - ok

17:52:22.0964 6036        Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

17:52:23.0004 6036        Msfs - ok

17:52:23.0021 6036        mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

17:52:23.0063 6036        mshidkmdf - ok

17:52:23.0103 6036        msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys

17:52:23.0117 6036        msisadrv - ok

17:52:23.0168 6036        MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

17:52:23.0211 6036        MSKSSRV - ok

17:52:23.0222 6036        MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

17:52:23.0264 6036        MSPCLOCK - ok

17:52:23.0277 6036        MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

17:52:23.0321 6036        MSPQM - ok

17:52:23.0349 6036        MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

17:52:23.0364 6036        MsRPC - ok

17:52:23.0415 6036        mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys

17:52:23.0428 6036        mssmbios - ok

17:52:23.0478 6036        MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

17:52:23.0523 6036        MSTEE - ok

17:52:23.0591 6036        MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

17:52:23.0630 6036        MTConfig - ok

17:52:23.0664 6036        Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

17:52:23.0677 6036        Mup - ok

17:52:23.0726 6036        NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

17:52:23.0751 6036        NativeWifiP - ok

17:52:23.0797 6036        NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys

17:52:23.0825 6036        NDIS - ok

17:52:23.0858 6036        NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

17:52:23.0905 6036        NdisCap - ok

17:52:24.0010 6036        NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

17:52:24.0060 6036        NdisTapi - ok

17:52:24.0157 6036        Ndisuio         (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys

17:52:24.0187 6036        Ndisuio - ok

17:52:24.0217 6036        NdisWan         (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys

17:52:24.0267 6036        NdisWan - ok

17:52:24.0297 6036        NDProxy         (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys

17:52:24.0345 6036        NDProxy - ok

17:52:24.0382 6036        NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

17:52:24.0443 6036        NetBIOS - ok

17:52:24.0529 6036        NetBT           (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys

17:52:24.0571 6036        NetBT - ok

17:52:24.0679 6036        nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

17:52:24.0693 6036        nfrd960 - ok

17:52:24.0806 6036        Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

17:52:24.0853 6036        Npfs - ok

17:52:24.0882 6036        nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

17:52:24.0927 6036        nsiproxy - ok

17:52:24.0988 6036        Ntfs            (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys

17:52:25.0040 6036        Ntfs - ok

17:52:25.0066 6036        Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

17:52:25.0100 6036        Null - ok

17:52:25.0143 6036        nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys

17:52:25.0164 6036        nvraid - ok

17:52:25.0204 6036        nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys

17:52:25.0219 6036        nvstor - ok

17:52:25.0259 6036        nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys

17:52:25.0274 6036        nv_agp - ok

17:52:25.0344 6036        NxpCap          (6abc0333409e7ab86ba610bcf5bddf7b) C:\Windows\system32\DRIVERS\NxpCap.sys

17:52:25.0403 6036        NxpCap - ok

17:52:25.0493 6036        ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys

17:52:25.0525 6036        ohci1394 - ok

17:52:25.0582 6036        Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

17:52:25.0613 6036        Parport - ok

17:52:25.0698 6036        partmgr         (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys

17:52:25.0712 6036        partmgr - ok

17:52:25.0752 6036        Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

17:52:25.0787 6036        Parvdm - ok

17:52:25.0831 6036        pci             (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys

17:52:25.0847 6036        pci - ok

17:52:25.0871 6036        pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys

17:52:25.0884 6036        pciide - ok

17:52:25.0922 6036        pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

17:52:25.0937 6036        pcmcia - ok

17:52:25.0961 6036        pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

17:52:25.0975 6036        pcw - ok

17:52:25.0992 6036        PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

17:52:26.0041 6036        PEAUTH - ok

17:52:26.0174 6036        pfc             (6c1618a07b49e3873582b6449e744088) C:\Windows\system32\drivers\pfc.sys

17:52:26.0202 6036        pfc ( UnsignedFile.Multi.Generic ) - warning

17:52:26.0202 6036        pfc - detected UnsignedFile.Multi.Generic (1)

17:52:26.0261 6036        PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

17:52:26.0311 6036        PptpMiniport - ok

17:52:26.0352 6036        Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

17:52:26.0388 6036        Processor - ok

17:52:26.0515 6036        Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

17:52:26.0584 6036        Psched - ok

17:52:26.0677 6036        PSI             (d24dfd16a1e2a76034df5aa18125c35d) C:\Windows\system32\DRIVERS\psi_mf.sys

17:52:26.0690 6036        PSI - ok

17:52:26.0754 6036        ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

17:52:26.0806 6036        ql2300 - ok

17:52:26.0843 6036        ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

17:52:26.0859 6036        ql40xx - ok

17:52:26.0891 6036        QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

17:52:26.0915 6036        QWAVEdrv - ok

17:52:26.0945 6036        RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

17:52:26.0991 6036        RasAcd - ok

17:52:27.0033 6036        RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

17:52:27.0075 6036        RasAgileVpn - ok

17:52:27.0104 6036        Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

17:52:27.0153 6036        Rasl2tp - ok

17:52:27.0249 6036        RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

17:52:27.0295 6036        RasPppoe - ok

17:52:27.0306 6036        RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

17:52:27.0343 6036        RasSstp - ok

17:52:27.0381 6036        rdbss           (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys

17:52:27.0424 6036        rdbss - ok

17:52:27.0454 6036        rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

17:52:27.0493 6036        rdpbus - ok

17:52:27.0531 6036        RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys

17:52:27.0567 6036        RDPCDD - ok

17:52:27.0614 6036        RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

17:52:27.0654 6036        RDPENCDD - ok

17:52:27.0666 6036        RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

17:52:27.0716 6036        RDPREFMP - ok

17:52:27.0748 6036        RDPWD           (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys

17:52:27.0782 6036        RDPWD - ok

17:52:27.0825 6036        rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys

17:52:27.0840 6036        rdyboost - ok

17:52:27.0968 6036        rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

17:52:28.0019 6036        rspndr - ok

17:52:28.0071 6036        rtl8192se       (8327c64e9a4d052339c16499d08f7d6c) C:\Windows\system32\DRIVERS\rtl8192se.sys

17:52:28.0122 6036        rtl8192se - ok

17:52:28.0223 6036        SASDIFSV        (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

17:52:28.0233 6036        SASDIFSV - ok

17:52:28.0259 6036        SASKUTIL        (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

17:52:28.0275 6036        SASKUTIL - ok

17:52:28.0385 6036        sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys

17:52:28.0403 6036        sbp2port - ok

17:52:28.0441 6036        scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys

17:52:28.0488 6036        scfilter - ok

17:52:28.0546 6036        sdbus           (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys

17:52:28.0579 6036        sdbus - ok

17:52:28.0692 6036        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

17:52:28.0742 6036        secdrv - ok

17:52:28.0866 6036        Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

17:52:28.0891 6036        Serenum - ok

17:52:28.0986 6036        Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

17:52:29.0020 6036        Serial - ok

17:52:29.0058 6036        sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

17:52:29.0082 6036        sermouse - ok

17:52:29.0127 6036        sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys

17:52:29.0147 6036        sffdisk - ok

17:52:29.0163 6036        sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys

17:52:29.0182 6036        sffp_mmc - ok

17:52:29.0199 6036        sffp_sd         (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys

17:52:29.0229 6036        sffp_sd - ok

17:52:29.0268 6036        sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

17:52:29.0304 6036        sfloppy - ok

17:52:29.0357 6036        sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys

17:52:29.0371 6036        sisagp - ok

17:52:29.0414 6036        SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

17:52:29.0427 6036        SiSRaid2 - ok

17:52:29.0444 6036        SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

17:52:29.0457 6036        SiSRaid4 - ok

17:52:29.0489 6036        Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

17:52:29.0523 6036        Smb - ok

17:52:29.0624 6036        snapman         (5bceb1b306878035dacba6dd18366eda) C:\Windows\system32\DRIVERS\snapman.sys

17:52:29.0638 6036        snapman - ok

17:52:29.0682 6036        spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

17:52:29.0695 6036        spldr - ok

17:52:29.0746 6036        srv             (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys

17:52:29.0778 6036        srv - ok

17:52:29.0820 6036        srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys

17:52:29.0849 6036        srv2 - ok

17:52:29.0871 6036        srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys

17:52:29.0889 6036        srvnet - ok

17:52:29.0931 6036        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys

17:52:29.0944 6036        ssmdrv - ok

17:52:30.0046 6036        StarOpen - ok

17:52:30.0081 6036        stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

17:52:30.0094 6036        stexstor - ok

17:52:30.0147 6036        STHDA           (3bbcf6640f534da7753b94c576b29ffc) C:\Windows\system32\DRIVERS\stwrt.sys

17:52:30.0179 6036        STHDA - ok

17:52:30.0266 6036        swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys

17:52:30.0278 6036        swenum - ok

17:52:30.0331 6036        tap0901         (1e89de7a4fb7a854ebb241d0aa8996dd) C:\Windows\system32\DRIVERS\tap0901.sys

17:52:30.0360 6036        tap0901 - ok

17:52:30.0496 6036        Tcpip           (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys

17:52:30.0565 6036        Tcpip - ok

17:52:30.0696 6036        TCPIP6          (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys

17:52:30.0728 6036        TCPIP6 - ok

17:52:30.0865 6036        tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys

17:52:30.0915 6036        tcpipreg - ok

17:52:30.0953 6036        TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys

17:52:30.0993 6036        TDPIPE - ok

17:52:31.0055 6036        tdrpman258      (8de3e45000ba8c9ebb16737d3f83e216) C:\Windows\system32\DRIVERS\tdrpm258.sys

17:52:31.0096 6036        tdrpman258 - ok

17:52:31.0189 6036        TDTCP           (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys

17:52:31.0229 6036        TDTCP - ok

17:52:31.0269 6036        tdx             (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys

17:52:31.0312 6036        tdx - ok

17:52:31.0352 6036        TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys

17:52:31.0364 6036        TermDD - ok

17:52:31.0425 6036        timounter       (3e06987fedbcdfbff8e85ef8108565f9) C:\Windows\system32\DRIVERS\timntr.sys

17:52:31.0460 6036        timounter - ok

17:52:31.0569 6036        tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys

17:52:31.0611 6036        tssecsrv - ok

17:52:31.0668 6036        TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys

17:52:31.0698 6036        TsUsbFlt - ok

17:52:31.0801 6036        TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys

17:52:31.0810 6036        TuneUpUtilitiesDrv - ok

17:52:31.0917 6036        tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys

17:52:31.0969 6036        tunnel - ok

17:52:32.0001 6036        uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

17:52:32.0014 6036        uagp35 - ok

17:52:32.0063 6036        udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys

17:52:32.0113 6036        udfs - ok

17:52:32.0214 6036        uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys

17:52:32.0227 6036        uliagpkx - ok

17:52:32.0269 6036        umbus           (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys

17:52:32.0306 6036        umbus - ok

17:52:32.0350 6036        UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

17:52:32.0379 6036        UmPass - ok

17:52:32.0414 6036        usbccgp         (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys

17:52:32.0452 6036        usbccgp - ok

17:52:32.0494 6036        usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys

17:52:32.0524 6036        usbcir - ok

17:52:32.0553 6036        usbehci         (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys

17:52:32.0589 6036        usbehci - ok

17:52:32.0644 6036        usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys

17:52:32.0676 6036        usbhub - ok

17:52:32.0718 6036        usbohci         (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys

17:52:32.0750 6036        usbohci - ok

17:52:32.0855 6036        usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

17:52:32.0890 6036        usbprint - ok

17:52:32.0938 6036        usbscan         (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys

17:52:32.0971 6036        usbscan - ok

17:52:33.0068 6036        USBSTOR         (f991ab9cc6b908db552166768176896a) C:\Windows\system32\drivers\USBSTOR.SYS

17:52:33.0096 6036        USBSTOR - ok

17:52:33.0124 6036        usbuhci         (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys

17:52:33.0157 6036        usbuhci - ok

17:52:33.0263 6036        usbvideo        (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys

17:52:33.0298 6036        usbvideo - ok

17:52:33.0404 6036        vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys

17:52:33.0416 6036        vdrvroot - ok

17:52:33.0445 6036        vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

17:52:33.0478 6036        vga - ok

17:52:33.0502 6036        VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

17:52:33.0544 6036        VgaSave - ok

17:52:33.0578 6036        vhdmp           (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys

17:52:33.0594 6036        vhdmp - ok

17:52:33.0626 6036        viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys

17:52:33.0640 6036        viaagp - ok

17:52:33.0676 6036        ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

17:52:33.0709 6036        ViaC7 - ok

17:52:33.0745 6036        viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys

17:52:33.0760 6036        viaide - ok

17:52:33.0802 6036        volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys

17:52:33.0815 6036        volmgr - ok

17:52:33.0857 6036        volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

17:52:33.0876 6036        volmgrx - ok

17:52:33.0919 6036        volsnap         (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys

17:52:33.0935 6036        volsnap - ok

17:52:33.0984 6036        vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

17:52:34.0000 6036        vsmraid - ok

17:52:34.0027 6036        vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys

17:52:34.0062 6036        vwifibus - ok

17:52:34.0090 6036        vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys

17:52:34.0113 6036        vwififlt - ok

17:52:34.0151 6036        vwifimp         (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys

17:52:34.0190 6036        vwifimp - ok

17:52:34.0292 6036        WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

17:52:34.0325 6036        WacomPen - ok

17:52:34.0425 6036        WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

17:52:34.0457 6036        WANARP - ok

17:52:34.0461 6036        Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

17:52:34.0505 6036        Wanarpv6 - ok

17:52:34.0573 6036        Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

17:52:34.0587 6036        Wd - ok

17:52:34.0616 6036        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

17:52:34.0638 6036        Wdf01000 - ok

17:52:34.0756 6036        WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

17:52:34.0792 6036        WfpLwf - ok

17:52:34.0818 6036        WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

17:52:34.0832 6036        WIMMount - ok

17:52:34.0986 6036        WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys

17:52:35.0024 6036        WmiAcpi - ok

17:52:35.0084 6036        ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

17:52:35.0124 6036        ws2ifsl - ok

17:52:35.0207 6036        WSDPrintDevice  (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys

17:52:35.0235 6036        WSDPrintDevice - ok

17:52:35.0263 6036        WSDScan         (7dc0270cfd4a05b4112e3ebbf083b595) C:\Windows\system32\DRIVERS\WSDScan.sys

17:52:35.0295 6036        WSDScan - ok

17:52:35.0338 6036        WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys

17:52:35.0378 6036        WudfPf - ok

17:52:35.0414 6036        WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys

17:52:35.0446 6036        WUDFRd - ok

17:52:35.0560 6036        X10Hid          (1f93fcb5bab3a921ecba522f63586f4a) C:\Windows\System32\Drivers\x10hid.sys

17:52:35.0576 6036        X10Hid - ok

17:52:35.0629 6036        XUIF            (378dc1b0b1f62a7488ee8d31a3c6e949) C:\Windows\System32\Drivers\x10ufx2.sys

17:52:35.0640 6036        XUIF - ok

17:52:35.0696 6036        yukonw7         (30b73eb97218a16cbc6de535782a1b35) C:\Windows\system32\DRIVERS\yk62x86.sys

17:52:35.0739 6036        yukonw7 - ok

17:52:35.0783 6036        MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

17:52:35.0981 6036        \Device\Harddisk0\DR0 - ok

17:52:35.0986 6036        MBR (0x1B8)     (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk1\DR1

17:52:36.0479 6036        \Device\Harddisk1\DR1 - ok

17:52:36.0487 6036        Boot (0x1200)   (c4892213b42bca4ca8b23812ee1c419a) \Device\Harddisk0\DR0\Partition0

17:52:36.0488 6036        \Device\Harddisk0\DR0\Partition0 - ok

17:52:36.0528 6036        Boot (0x1200)   (d5b89780228387e8b8f99b20c33c5a41) \Device\Harddisk0\DR0\Partition1

17:52:36.0529 6036        \Device\Harddisk0\DR0\Partition1 - ok

17:52:36.0533 6036        Boot (0x1200)   (ea9176c2f39e61b2dcb5ec17c6629370) \Device\Harddisk0\DR0\Partition2

17:52:36.0534 6036        \Device\Harddisk0\DR0\Partition2 - ok

17:52:36.0556 6036        Boot (0x1200)   (0b12447a9ac5fb24c72d05d1accfb76e) \Device\Harddisk0\DR0\Partition3

17:52:36.0557 6036        \Device\Harddisk0\DR0\Partition3 - ok

17:52:36.0586 6036        Boot (0x1200)   (aeed6a01d72e8bdacf2b57107f69298a) \Device\Harddisk0\DR0\Partition4

17:52:36.0587 6036        \Device\Harddisk0\DR0\Partition4 - ok

17:52:36.0592 6036        Boot (0x1200)   (24ae6b3aa39e2bcedd202f7408300a4a) \Device\Harddisk1\DR1\Partition0

17:52:36.0594 6036        \Device\Harddisk1\DR1\Partition0 - ok

17:52:36.0595 6036        ============================================================

17:52:36.0595 6036        Scan finished

17:52:36.0595 6036        ============================================================

17:52:36.0611 4524        Detected object count: 3

17:52:36.0611 4524        Actual detected object count: 3

17:53:39.0542 4524        epmntdrv ( UnsignedFile.Multi.Generic ) - skipped by user

17:53:39.0543 4524        epmntdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 

17:53:39.0546 4524        EuGdiDrv ( UnsignedFile.Multi.Generic ) - skipped by user

17:53:39.0546 4524        EuGdiDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 

17:53:39.0548 4524        pfc ( UnsignedFile.Multi.Generic ) - skipped by user

17:53:39.0548 4524        pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip 

17:54:07.0572 3208        Deinitialize success

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Hallo Arne,
vor dem Starten des Combofix habe ich meinen Firewall und mein Avast deaktiviert.
Nach dem Starten kam folgendendes Fenster, das irgendwas von Avast noch aktiv ist. Im Taskmanager habe ich einen Dienst von Avast entdeckt (siehe Anhang) dessen Prozess sich aber nicht beenden lässt.
Soll ich Combofix trotz Warnung laufen lassen? Oder wie komme ich da raus?

Wenn Avast deaktiviert ist kannst du das ignorieren
Du solltest unbedingt mit Netzteil arbeiten! NICHT rein auf Akku wenn du CF ausführst!!

Hallo Arne,
ich weiß nicht, ob das normal läuft.
Nach dem Starten hat er einen Wiederherstellungpunkt erstellt und seit dem steht das Fenster mit der Ausgabe "Suche nach ifnizierten Dateien....dauert normalerweise 10 Min, kann sich aber leicht verdoppeln". Nach über einer Stunde bin ich gegangen. Als ich wiederkam, hat sich mein PC trotz Netzteil in den Ruhezustand verabschiedet. Nach der Neuanmeldung steht das Fenster immer noch unverändert. Das Fenster lässt sich auch nicht mit Klick auf "X" schließen. Was soll ich tun?

Zitat:

Nochmal zur Vervollständigung hierzu:
Beim 1. Start von combofix habe ich trotz deines Hinweises vergessen mein Avast zu deaktivieren. Deswegen hat sich gleich nach diesem Start mein Avast dazwischen geschaltet. Ich habe versucht Combofix zu unterbrechen, doch das hat nicht so geklappt. Es erschien ein DOS-Fenster, dass ich mich an den Adiministrator wenden sollte. Das Dos-Fenster ließ sich auch nicht schließen, so dass ich den PC "hart" mit der Ein-/Austaste ausgeschaltet habe.
Nach dem erneuten Hochfahren des PC kam beim 2. Start von Combofix trotz Deaktivierung von Avast die Warnung:

Zitat:

Nach dem Starten kam folgendendes Fenster, das irgendwas von Avast noch aktiv ist. Im Taskmanager habe ich einen Dienst von Avast entdeckt (siehe Anhang) dessen Prozess sich aber nicht beenden lässt.
Soll ich Combofix trotz Warnung laufen lassen? Oder wie komme ich da raus?

Du hast mir geantwortet ich kann das ignorieren. Jetzt stehe ich hier:

Zitat:

ich weiß nicht, ob das normal läuft.
Nach dem Starten hat er einen Wiederherstellungpunkt erstellt und seit dem steht das Fenster mit der Ausgabe "Suche nach ifnizierten Dateien....dauert normalerweise 10 Min, kann sich aber leicht verdoppeln". Nach über einer Stunde bin ich gegangen. Als ich wiederkam, hat sich mein PC trotz Netzteil in den Ruhezustand verabschiedet. Nach der Neuanmeldung steht das Fenster immer noch unverändert. Das Fenster lässt sich auch nicht mit Klick auf "X" schließen. Was soll ich tun?