Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Bundespolizei Trojaner (windows 7) (https://www.trojaner-board.de/123693-bundespolizei-trojaner-windows-7-a.html)

Feuerwerk 07.09.2012 20:35
Bundespolizei Trojaner (windows 7)
 
Hallo,
ich nutze Windows 7 (64 Bit) und habe mir den Bundespolizei Trojaner eingefangen. Windows 7 läßt sich starten, aber nach dem Anmelden wird der Bildschirm mit der Meldung gesperrt, daß ich 100 EUR zahlen soll.

Ich habe bereits einiges ausgeführt:
1. OTL - Ergebnis siehe Anhang
2. Malwarebytes ausgeführt. Er hat ca. 14 Dateien gefunden. :heulen:
Ich habe sie entfernt. Sie sind in der Quarantäne
Danach wollte Malwarebyte einen Neustart, den ich durchgeführt habe.

Könnt ihr mir bitte helfen?
Vielen Dank im voraus!

Feuerwerk

____________________________________________

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.09.07.11

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
HP :: HP-PC [Administrator]

07.09.2012 20:38:36
mbam-log-2012-09-07 (20-38-36).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 222064
Laufzeit: 3 Minute(n), 41 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Users\Familie Engelhorn\M-1-52-5782-8752-5245 (Trojan.Agent.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 13
C:\ProgramData\losmraku.exe (Rogue.WindowsSecuritySystem.Phex) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Familie Engelhorn\AppData\Local\Temp\0.3838089075620581.exe (Heuristics.Shuriken) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Familie Engelhorn\AppData\Local\Temp\0471135.exe (Spyware.Spyeyes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Familie Engelhorn\AppData\Local\Temp\1375332.exe (Spyware.Spyeyes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Familie Engelhorn\AppData\Local\Temp\3743103.exe (Backdoor.IRCBot) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Familie Engelhorn\AppData\Local\Temp\5163415.exe (Backdoor.IRCBot) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Familie Engelhorn\AppData\Local\Temp\7753108.exe (Spyware.Spyeyes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Familie Engelhorn\AppData\Local\Temp\F103.tmp (Rootkit.TDSS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Familie Engelhorn\AppData\Local\Temp\hos32.exe (Rogue.WindowsSecuritySystem.Phex) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Familie Engelhorn\AppData\Local\Temp\jar_cache1072857570692424613.tmp (Heuristics.Shuriken) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Familie Engelhorn\AppData\Local\Temp\jar_cache8490235879628289279.tmp (Heuristics.Shuriken) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Familie Engelhorn\AppData\Local\Temp\Ms_Cleaner.exe (Heuristics.Shuriken) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Familie Engelhorn\AppData\Local\Temp\Temporary Internet Files\Content.IE5\R825M3LD\soft[1].exe (Backdoor.IRCBot) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Feuerwerk 07.09.2012 22:39
Hallo,

habe jetzt den Eset-Scanner durchgeführt. Hier das Ergebnis:

____________________________________________________________

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-07 09:28:06
# local_time=2012-09-07 11:28:06 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 18016166 18016166 0 0
# compatibility_mode=5893 16776573 100 94 94333 98677995 0 0
# compatibility_mode=8192 67108863 100 0 533 533 0 0
# scanned=274027
# found=12
# cleaned=0
# scan_time=5141
C:\Program Files (x86)\Uniblue\RegistryBooster\Launcher.exe a variant of Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Uniblue\RegistryBooster\registrybooster.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\ProgramData\qbmkdveucimdhah\main.html HTML/Ransom.B trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\All Users\qbmkdveucimdhah\main.html HTML/Ransom.B trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Familie Engelhorn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ME4OUNQ2\indexCA8Q714V.htm JS/Kryptik.EO trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Familie Engelhorn\AppData\Local\Temp\jar_cache3060988117646270249.tmp Win32/Spy.Zbot.YW trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Familie Engelhorn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\5e0b319a-2d742822 Win32/Spy.Zbot.YW trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Familie Engelhorn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\4c1fbc84-372cd52b multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Users\Familie Engelhorn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\6d01bb31-1b8b7201 a variant of Java/Exploit.CVE-2010-4452.B trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Familie Engelhorn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\6dfa8b05-6a29e6b6 Java/Exploit.CVE-2012-4681.G trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Familie Engelhorn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\a9949fe-4afdde8f a variant of Java/Exploit.CVE-2012-4681.M trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\HP\AppData\Roaming\OpenCandy\OpenCandy_6915A647DFEB419CBA47C037C089E74C\registrybooster(9).exe a variant of Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I

cosinus 12.09.2012 11:32
Bitte erstmal routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!


Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

Feuerwerk 15.09.2012 00:04
Hallo,
sorry, daß ich mich erst jetzt melden kann. Ich habe diesmal einen vollständigen Scan durchgeführt mit allen Laufwerken.

Anbei der heutige Scan mit Malwarebyte:
Code:
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.14.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
HP :: HP-PC [Administrator]

14.09.2012 22:41:07
mbam-log-2012-09-14 (22-41-07).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|G:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 471345
Laufzeit: 1 Stunde(n), 47 Minute(n), 6 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Und das war der 1. Scan mit Malwarebyte (es wurden 14 Objekte in Quarantäne gestellt):
Code:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.09.07.11

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
HP :: HP-PC [Administrator]

07.09.2012 20:38:36
mbam-log-2012-09-07 (20-38-36).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 222064
Laufzeit: 3 Minute(n), 41 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Users\Familie Engelhorn\M-1-52-5782-8752-5245 (Trojan.Agent.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 13
C:\ProgramData\losmraku.exe (Rogue.WindowsSecuritySystem.Phex) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Familie Engelhorn\AppData\Local\Temp\0.3838089075620581.exe (Heuristics.Shuriken) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Familie Engelhorn\AppData\Local\Temp\0471135.exe (Spyware.Spyeyes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Familie Engelhorn\AppData\Local\Temp\1375332.exe (Spyware.Spyeyes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Familie Engelhorn\AppData\Local\Temp\3743103.exe (Backdoor.IRCBot) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Familie Engelhorn\AppData\Local\Temp\5163415.exe (Backdoor.IRCBot) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Familie Engelhorn\AppData\Local\Temp\7753108.exe (Spyware.Spyeyes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Familie Engelhorn\AppData\Local\Temp\F103.tmp (Rootkit.TDSS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Familie Engelhorn\AppData\Local\Temp\hos32.exe (Rogue.WindowsSecuritySystem.Phex) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Familie Engelhorn\AppData\Local\Temp\jar_cache1072857570692424613.tmp (Heuristics.Shuriken) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Familie Engelhorn\AppData\Local\Temp\jar_cache8490235879628289279.tmp (Heuristics.Shuriken) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Familie Engelhorn\AppData\Local\Temp\Ms_Cleaner.exe (Heuristics.Shuriken) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Familie Engelhorn\AppData\Local\Temp\Temporary Internet Files\Content.IE5\R825M3LD\soft[1].exe (Backdoor.IRCBot) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Es wäre super wenn ihr mir helfen könntet. Ich will den Trojaner ganz loswerden.

Viele Grüße, Feuerwerk

cosinus 15.09.2012 13:31
adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

Feuerwerk 15.09.2012 21:38
Hallo,

soeben habe ich adwCleaner ausgeführt. Anbei die Logdatei. Ich habe hier nichts gelöscht, nur suchen lassen.
Wie soll ich weiter vorgehen?

Code:
# AdwCleaner v2.001 - Datei am 09/15/2012 um 22:34:24 erstellt
# Aktualisiert am 09/09/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : HP - HP-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Familie Engelhorn\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs

\eBay.lnk
Datei Gefunden : C:\Users\Public\Desktop\eBay.lnk
Ordner Gefunden : C:\Program Files (x86)\Ask.com
Ordner Gefunden : C:\ProgramData\Ask
Ordner Gefunden : C:\Users\Familie Engelhorn\AppData\Local\Temp

\boost_interprocess
Ordner Gefunden : C:\Users\Familie Engelhorn\AppData\LocalLow

\AskToolbar
Ordner Gefunden : C:\Users\HP\AppData\Local\OpenCandy
Ordner Gefunden : C:\Users\HP\AppData\Local\Temp\boost_interprocess
Ordner Gefunden : C:\Users\HP\AppData\LocalLow\AskToolbar
Ordner Gefunden : C:\Users\HP\AppData\Roaming\OpenCandy
Ordner Gefunden : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-

96357B70F4FE}

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\APN
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gefunden : HKCU\Software\Ask.com
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\Low

Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion

\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion

\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gefunden : HKLM\Software\APN
Schlüssel Gefunden : HKLM\Software\AskToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-

B6D4-EDCD19A43874}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes

\GenericAskToolbar.ToolbarWnd
Schlüssel Gefunden : HKLM\SOFTWARE\Classes

\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Features

\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Products

\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-

4CAE-893F-47B8B1C05B56}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID

\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID

\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface

\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface

\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface

\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet

Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-

9ED71DEAF12A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows

\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-

A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows

\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-

486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-

4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-

4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion

\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer

\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

[ApnUpdater]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer

\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

*************************

AdwCleaner[R1].txt - [4145 octets] - [15/09/2012 22:34:24]

########## EOF - C:\AdwCleaner[R1].txt - [4205 octets] ##########

cosinus 16.09.2012 18:10
adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Feuerwerk 16.09.2012 21:10
Hallo cosinus,

erstmal vielen Dank für deine bisherige Hilfe!

OK, ich habe den adwcleaner nochmals aufgerufen und gelöscht. Anbei das neue Log. Was soll ich jetzt tun?

Code:
# AdwCleaner v2.001 - Datei am 09/16/2012 um 21:38:15 erstellt
# Aktualisiert am 09/09/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : HP - HP-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Familie Engelhorn\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Datei Gelöscht : C:\Users\Public\Desktop\eBay.lnk
Gelöscht mit Neustart : C:\Program Files (x86)\Ask.com
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\Users\Familie Engelhorn\AppData\Local\Temp\boost_interprocess
Ordner Gelöscht : C:\Users\Familie Engelhorn\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\HP\AppData\Local\OpenCandy
Ordner Gelöscht : C:\Users\HP\AppData\Local\Temp\boost_interprocess
Ordner Gelöscht : C:\Users\HP\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\HP\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

Wiederhergestellt : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-21-3355679170-1113078730-2588767007-1001\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

*************************

AdwCleaner[S1].txt - [4975 octets] - [16/09/2012 21:38:15]
AdwCleaner[R1].txt - [4266 octets] - [15/09/2012 22:34:24]

########## EOF - \AdwCleaner[S1].txt - [5095 octets] ##########

cosinus 17.09.2012 11:13
Hätte da mal zwei Fragen bevor es weiter geht (wir sind noch nicht fertig!)

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Feuerwerk 19.09.2012 07:21
Hallo Cosinus und all die anderen Leser,

zu 1.: nach dem ersten Einsatz von Malwarebytes und OTL konnte ich wieder im normalen Modus arbeiten. Mir ist nichts aufgefallen das nicht funktioniert (habe aber z. B. noch keine Software installiert).

zu 2.: Im Startmenü sind keine leeren Ordner. Ob Programme fehlen kann ich nicht sagen, aber es scheint nichts wichtiges zu sein.

Wie geht es jetzt weiter?

cosinus 19.09.2012 15:49
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Feuerwerk 19.09.2012 23:54
Hallo cosinus,

prima, vielen Dank!

Ich habe OTL neu heruntergeladen und deinen Code verwendet. Hätte ich noch etwas klicken müssen, damit OTL benutzerdefiniert scannt oder merkt es das automatisch?

Anbei das Log:
Code:
OTL logfile created on: 20.09.2012 00:24:35 - Run 2
OTL by OldTimer - Version 3.2.64.0    Folder = C:\Users\Familie Engelhorn\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,80 Gb Total Physical Memory | 2,60 Gb Available Physical Memory | 68,43% Memory free
7,60 Gb Paging File | 5,99 Gb Available in Paging File | 78,72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451,54 Gb Total Space | 371,66 Gb Free Space | 82,31% Space Free | Partition Type: NTFS
Drive D: | 13,92 Gb Total Space | 2,00 Gb Free Space | 14,33% Space Free | Partition Type: NTFS
Drive E: | 99,02 Mb Total Space | 90,69 Mb Free Space | 91,58% Space Free | Partition Type: FAT32
Drive G: | 23,17 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: HP-PC | User Name: HP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.20 00:20:40 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Familie Engelhorn\Desktop\OTL.exe
PRC - [2012.08.09 17:41:10 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 17:58:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 17:58:50 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010.03.18 22:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.03.18 22:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.01.25 12:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010.01.25 12:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2009.10.13 11:25:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.10.13 11:25:30 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2009.02.24 15:47:06 | 000,143,360 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.08.25 13:50:47 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
MOD - [2012.08.19 00:10:39 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012.08.19 00:10:21 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.08.19 00:10:19 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll
MOD - [2012.08.19 00:10:09 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012.08.19 00:09:55 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.08.19 00:09:48 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.08.19 00:09:44 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012.08.19 00:09:34 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012.08.19 00:09:29 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.08.19 00:09:25 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.08.19 00:09:24 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.08.19 00:09:19 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.05 03:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010.05.12 21:02:10 | 000,101,376 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2010.02.22 11:19:10 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2010.02.22 11:19:08 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2010.02.22 11:19:08 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2010.02.09 18:58:30 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2010.02.09 18:58:28 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2010.02.09 18:58:24 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2010.02.09 18:58:24 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2010.02.09 18:58:22 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2010.02.09 18:58:22 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2010.02.09 18:58:18 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2010.02.09 18:58:14 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
MOD - [2009.02.27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2010.03.03 09:12:14 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.08.15 13:28:13 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.05.08 17:58:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.08 17:58:50 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.15 22:27:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2010.03.18 22:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.03.18 22:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.27 14:01:04 | 000,102,968 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV - [2010.01.18 15:04:08 | 000,020,480 | ---- | M] () [Auto | Running] -- C:\Programme\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010.01.04 20:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009.11.18 04:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2009.10.13 11:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.08 17:58:50 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 17:58:50 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.16 00:24:40 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012.02.16 00:24:38 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2011.12.15 16:00:00 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.06.22 16:37:53 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010.04.28 08:57:50 | 000,061,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010.03.12 06:17:42 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.03.09 18:27:52 | 000,295,424 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.03.03 09:23:12 | 006,402,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.03.03 08:08:12 | 007,843,040 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2010.03.03 08:08:12 | 007,843,040 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.03.03 08:07:34 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.02.11 01:02:00 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010.01.28 19:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.10.13 11:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.09.23 03:39:56 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009.09.17 23:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.06.22 19:38:32 | 000,116,992 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009.06.22 19:26:38 | 000,113,792 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2009.06.20 04:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 23:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009.06.10 22:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.09.23 03:39:56 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{2F2B3EF5-4241-4B9D-97C4-6C90A0240003}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-21-3355679170-1113078730-2588767007-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
IE - HKU\S-1-5-21-3355679170-1113078730-2588767007-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://hp-notebook.de.msn.com/
IE - HKU\S-1-5-21-3355679170-1113078730-2588767007-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-3355679170-1113078730-2588767007-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C9 4E 77 FB 7F 93 CD 01  [binary data]
IE - HKU\S-1-5-21-3355679170-1113078730-2588767007-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3355679170-1113078730-2588767007-1000\..\SearchScopes\{2F2B3EF5-4241-4B9D-97C4-6C90A0240003}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-3355679170-1113078730-2588767007-1000\..\SearchScopes\{83C99C52-1E01-404A-80A8-E3C4E17A1BC1}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=0D7E3B17-A515-48DA-AAD5-12C3CD1744A0&apn_sauid=53E69D42-AB20-4304-B1FD-83B386E27192
IE - HKU\S-1-5-21-3355679170-1113078730-2588767007-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-3355679170-1113078730-2588767007-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
IE - HKU\S-1-5-21-3355679170-1113078730-2588767007-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
IE - HKU\S-1-5-21-3355679170-1113078730-2588767007-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3355679170-1113078730-2588767007-1001\..\SearchScopes\{355C7D6E-835D-429C-8B3C-59EADF4A0699}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=0D7E3B17-A515-48DA-AAD5-12C3CD1744A0&apn_sauid=53E69D42-AB20-4304-B1FD-83B386E27192
IE - HKU\S-1-5-21-3355679170-1113078730-2588767007-1001\..\SearchScopes\{E75F62DB-B4B6-4D7D-A683-14B781F43240}: "URL" = hxxp://www.bing.com/search?FORM=HPNTDF&PC=HPNTDF&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-3355679170-1113078730-2588767007-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-3355679170-1113078730-2588767007-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3355679170-1113078730-2588767007-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HP Quick Launch] C:\Programme\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3355679170-1113078730-2588767007-1000..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe ()
O4 - HKU\S-1-5-21-3355679170-1113078730-2588767007-1001..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe ()
O4 - HKU\S-1-5-21-3355679170-1113078730-2588767007-1001..\Run: [losmrakucfhqyca] C:\ProgramData\losmraku.exe File not found
O4 - HKLM..\RunOnce: [DeleteOnReboot] C:\Windows\DeleteOnReboot.bat ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3355679170-1113078730-2588767007-1000..\RunOnce: [Report] \AdwCleaner[S1].txt ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\S-1-5-21-3355679170-1113078730-2588767007-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-3355679170-1113078730-2588767007-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6166ED9-3ECE-4E4B-876A-939B0263DC10}: NameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.01.21 11:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.) - G:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2007.11.18 09:41:52 | 000,000,047 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{7dce3bbd-a936-11df-ac05-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7dce3bbd-a936-11df-ac05-806e6f6e6963}\Shell\AutoRun\command - "" = F:\start.exe
O33 - MountPoints2\{b72de35a-fea8-11e1-a308-d85b1d1001b5}\Shell - "" = AutoRun
O33 - MountPoints2\{b72de35a-fea8-11e1-a308-d85b1d1001b5}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009.01.21 11:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009.01.21 11:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.14 21:54:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile Partner
[2012.09.14 21:54:15 | 000,132,608 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbnet.sys
[2012.09.14 21:54:15 | 000,116,992 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbmdm.sys
[2012.09.14 21:54:15 | 000,113,792 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbdev.sys
[2012.09.14 21:54:15 | 000,029,696 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\SysNative\drivers\ewdcsc.sys
[2012.09.14 21:54:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mobile Partner
[2012.09.08 21:08:11 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2012.09.07 21:53:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.09.07 20:37:49 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Malwarebytes
[2012.09.07 20:37:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.07 20:37:38 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.09.07 20:37:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.09.07 20:37:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.30 18:26:41 | 000,000,000 | ---D | C] -- C:\ProgramData\qbmkdveucimdhah
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.20 00:28:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.20 00:04:35 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.20 00:04:35 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.20 00:04:21 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.09.20 00:04:21 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.09.20 00:04:21 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.09.20 00:04:21 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.09.20 00:04:21 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.09.20 00:00:12 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.19 23:57:41 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.19 23:57:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.19 23:56:59 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.16 21:38:20 | 000,000,098 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2012.09.14 22:31:43 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.14 21:54:17 | 000,001,083 | ---- | M] () -- C:\Users\Public\Desktop\Mobile Partner.lnk
[2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.08.30 18:26:41 | 000,076,360 | ---- | M] () -- C:\ProgramData\xtqpmqgrarlcurp
 
========== Files Created - No Company Name ==========
 
[2012.09.16 21:38:16 | 000,000,098 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2012.09.14 22:31:43 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.14 21:54:17 | 000,001,083 | ---- | C] () -- C:\Users\Public\Desktop\Mobile Partner.lnk
[2012.08.30 18:26:25 | 000,076,360 | ---- | C] () -- C:\ProgramData\xtqpmqgrarlcurp
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
========== LOP Check ==========
 
[2010.12.31 15:24:51 | 000,000,000 | ---D | M] -- C:\Users\Familie Engelhorn\AppData\Roaming\Canneverbe Limited
[2012.01.21 22:21:23 | 000,000,000 | ---D | M] -- C:\Users\Familie Engelhorn\AppData\Roaming\elsterformular
[2011.12.14 21:20:32 | 000,000,000 | ---D | M] -- C:\Users\Familie Engelhorn\AppData\Roaming\Inim
[2011.12.08 07:53:57 | 000,000,000 | ---D | M] -- C:\Users\Familie Engelhorn\AppData\Roaming\kock
[2011.12.14 18:00:57 | 000,000,000 | ---D | M] -- C:\Users\Familie Engelhorn\AppData\Roaming\Oxuwvy
[2010.09.04 21:58:51 | 000,000,000 | ---D | M] -- C:\Users\Familie Engelhorn\AppData\Roaming\PC-FAX TX
[2011.12.08 07:54:26 | 000,000,000 | ---D | M] -- C:\Users\Familie Engelhorn\AppData\Roaming\UAs
[2010.08.29 07:17:28 | 000,000,000 | ---D | M] -- C:\Users\Familie Engelhorn\AppData\Roaming\WildTangent
[2011.03.03 21:08:45 | 000,000,000 | ---D | M] -- C:\Users\Familie Engelhorn\AppData\Roaming\Windows Live Writer
[2011.12.08 07:54:08 | 000,000,000 | ---D | M] -- C:\Users\Familie Engelhorn\AppData\Roaming\xmldm
[2012.09.19 07:37:55 | 000,000,000 | ---D | M] -- C:\Users\Familie Engelhorn\AppData\Roaming\_MDLogs
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.09.29 18:00:55 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\Adobe
[2010.08.16 15:08:25 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\ATI
[2012.02.12 10:38:26 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\Avira
[2011.04.17 19:33:21 | 000,000,000 | R--D | M] -- C:\Users\HP\AppData\Roaming\Brother
[2012.06.19 11:50:24 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\Canneverbe Limited
[2012.01.21 21:20:23 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\elsterformular
[2010.08.16 15:07:24 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\Hewlett-Packard
[2010.08.16 15:12:32 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\HpUpdate
[2010.08.16 15:06:56 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\Identities
[2010.09.04 21:41:28 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\InstallShield
[2010.11.30 07:24:20 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\Macromedia
[2012.09.07 20:37:49 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\Malwarebytes
[2010.06.23 02:27:57 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\Media Center Programs
[2012.09.08 21:33:39 | 000,000,000 | --SD | M] -- C:\Users\HP\AppData\Roaming\Microsoft
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2008.06.06 14:03:52 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll
 
< MD5 for: IASTOR.SYS  >
[2009.10.13 11:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009.10.13 11:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009.10.13 11:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- C:\Windows\SysNative\drivers\iaStor.sys
[2009.10.13 11:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_6fca727099cdabf1\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.05.13 03:40:31 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010.05.13 03:40:31 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<          >
[2009.07.14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 07:08:49 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.05.12 18:09:06 | 000,001,098 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2011.05.12 18:09:07 | 000,001,102 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012.05.18 19:18:01 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

< End of report >

cosinus 20.09.2012 14:40
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
FF - user.js - File not found
IE - HKU\S-1-5-21-3355679170-1113078730-2588767007-1000\..\SearchScopes\{83C99C52-1E01-404A-80A8-E3C4E17A1BC1}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=0D7E3B17-A515-48DA-AAD5-12C3CD1744A0&apn_sauid=53E69D42-AB20-4304-B1FD-83B386E27192
IE - HKU\S-1-5-21-3355679170-1113078730-2588767007-1001\..\SearchScopes\{355C7D6E-835D-429C-8B3C-59EADF4A0699}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=0D7E3B17-A515-48DA-AAD5-12C3CD1744A0&apn_sauid=53E69D42-AB20-4304-B1FD-83B386E27192
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKU\S-1-5-21-3355679170-1113078730-2588767007-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3355679170-1113078730-2588767007-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKU\S-1-5-21-3355679170-1113078730-2588767007-1001..\Run: [losmrakucfhqyca] C:\ProgramData\losmraku.exe File not found
O4 - HKLM..\RunOnce: [DeleteOnReboot] C:\Windows\DeleteOnReboot.bat ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\S-1-5-21-3355679170-1113078730-2588767007-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-3355679170-1113078730-2588767007-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.01.21 11:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.) - G:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2007.11.18 09:41:52 | 000,000,047 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{7dce3bbd-a936-11df-ac05-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7dce3bbd-a936-11df-ac05-806e6f6e6963}\Shell\AutoRun\command - "" = F:\start.exe
O33 - MountPoints2\{b72de35a-fea8-11e1-a308-d85b1d1001b5}\Shell - "" = AutoRun
O33 - MountPoints2\{b72de35a-fea8-11e1-a308-d85b1d1001b5}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009.01.21 11:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009.01.21 11:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
:Files
C:\ProgramData\qbmkdveucimdhah
C:\ProgramData\xtqpmqgrarlcurp
C:\Users\Familie Engelhorn\AppData\Roaming\kock
C:\Users\Familie Engelhorn\AppData\Roaming\Oxuwvy
C:\Users\Familie Engelhorn\AppData\Roaming\UAs
C:\Users\Familie Engelhorn\AppData\Roaming\xmldm
C:\Users\HP\AppData\Roaming\kock
C:\Users\HP\AppData\Roaming\Oxuwvy
C:\Users\HP\AppData\Roaming\UAs
C:\Users\HP\AppData\Roaming\xmldm
C:\ProgramData\qbmkdveucimdhah
C:\Users\All Users\qbmkdveucimdhah
C:\Users\Familie Engelhorn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0
C:\Users\HP\AppData\LocalLow\Sun\Java\Deployment\cache\6.0
C:\Users\HP\AppData\Roaming\OpenCandy
C:\Users\Familie Engelhorn\AppData\Roaming\OpenCandy
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Feuerwerk 20.09.2012 22:21
Hallo cosinus,

Vielen Dank für den Code!

habe den Fix ausgeführt mit deinem Code. Dabei kam eine Meldung, daß Windows gleich heruntergefahren muss. Hat er auch gemacht. Der Ordner _OTL enthält einige Dateien und einige leere Ordner.

Anbei das Logfile. Ich habe zwei Fragen dazu:

1. Enthält das Logfile was du erwartet hast?
2. Was hat er mit den beiden Dateien von G:\ gemacht? Das sind Dateien von meinem Webstick. Die dürfen nicht kaputt gehen.

Code:
Files\Folders moved on Reboot...
File move failed. G:\AutoRun.exe scheduled to be moved on reboot.
File move failed. G:\AUTORUN.INF scheduled to be moved on reboot.
File move failed. C:\Users\Familie Engelhorn\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Nachtrag: der Stick funktioniert derzeit.

cosinus 21.09.2012 14:52
Ich hab die Mountpoint von G und anderen entfernt. Was willst du mit dem Autorun? Wie soll der die Funktionalität an sich beeinträchtigen?
Du bist dir im Klaren darüber, dass der Autorun (automatische Wiedergabe) eine riskante Funktion prinzipiell ist?

Starte Windows neu im abgesicherten Modus (mit Netzwerktreibern nach Möglichkeit) und wiederhol den Fix da bitte

Feuerwerk 22.09.2012 22:50
Hallo cosinus,

OK, habe OTL im abgesichertem Modus ausgeführt mit FIX. Habe dabei leider vergessen "alle Benutzer" anzuklicken, daher habe ich OTL nochmals "abgesichert" geFIXt.
Anbei die Logs:

heute 1. Log
Code:
All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-3355679170-1113078730-2588767007-1000\Software\Microsoft\Internet Explorer\SearchScopes\{83C99C52-1E01-404A-80A8-E3C4E17A1BC1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83C99C52-1E01-404A-80A8-E3C4E17A1BC1}\ not found.
Registry key HKEY_USERS\S-1-5-21-3355679170-1113078730-2588767007-1001\Software\Microsoft\Internet Explorer\SearchScopes\{355C7D6E-835D-429C-8B3C-59EADF4A0699}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{355C7D6E-835D-429C-8B3C-59EADF4A0699}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_USERS\S-1-5-21-3355679170-1113078730-2588767007-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry key HKEY_USERS\S-1-5-21-3355679170-1113078730-2588767007-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry key HKEY_USERS\S-1-5-21-3355679170-1113078730-2588767007-1001\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\DeleteOnReboot not found.
File C:\Windows\DeleteOnReboot.bat not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\EnableShellExecuteHooks not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideFastUserSwitching not found.
Registry key HKEY_USERS\S-1-5-21-3355679170-1113078730-2588767007-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System not found.
Registry key HKEY_USERS\S-1-5-21-3355679170-1113078730-2588767007-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File move failed. G:\AutoRun.exe scheduled to be moved on reboot.
File move failed. G:\AUTORUN.INF scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7dce3bbd-a936-11df-ac05-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7dce3bbd-a936-11df-ac05-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7dce3bbd-a936-11df-ac05-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7dce3bbd-a936-11df-ac05-806e6f6e6963}\ not found.
File F:\start.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b72de35a-fea8-11e1-a308-d85b1d1001b5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b72de35a-fea8-11e1-a308-d85b1d1001b5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b72de35a-fea8-11e1-a308-d85b1d1001b5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b72de35a-fea8-11e1-a308-d85b1d1001b5}\ not found.
File move failed. G:\AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File move failed. G:\AutoRun.exe scheduled to be moved on reboot.
========== FILES ==========
File\Folder C:\ProgramData\qbmkdveucimdhah not found.
File\Folder C:\ProgramData\xtqpmqgrarlcurp not found.
File\Folder C:\Users\Familie Engelhorn\AppData\Roaming\kock not found.
File\Folder C:\Users\Familie Engelhorn\AppData\Roaming\Oxuwvy not found.
File\Folder C:\Users\Familie Engelhorn\AppData\Roaming\UAs not found.
File\Folder C:\Users\Familie Engelhorn\AppData\Roaming\xmldm not found.
File\Folder C:\Users\HP\AppData\Roaming\kock not found.
File\Folder C:\Users\HP\AppData\Roaming\Oxuwvy not found.
File\Folder C:\Users\HP\AppData\Roaming\UAs not found.
File\Folder C:\Users\HP\AppData\Roaming\xmldm not found.
File\Folder C:\ProgramData\qbmkdveucimdhah not found.
File\Folder C:\Users\All Users\qbmkdveucimdhah not found.
File\Folder C:\Users\Familie Engelhorn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 not found.
File\Folder C:\Users\HP\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 not found.
File\Folder C:\Users\HP\AppData\Roaming\OpenCandy not found.
File\Folder C:\Users\Familie Engelhorn\AppData\Roaming\OpenCandy not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Familie Engelhorn\Desktop\cmd.bat deleted successfully.
C:\Users\Familie Engelhorn\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Familie Engelhorn
->Temp folder emptied: 657576 bytes
->Temporary Internet Files folder emptied: 284693785 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 3324024 bytes
 
User: HP
->Temp folder emptied: 220115637 bytes
->Temporary Internet Files folder emptied: 214277363 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 492 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 904537173 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36063133 bytes
RecycleBin emptied: 512399 bytes
 
Total Files Cleaned = 1.587,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.64.0 log created on 09222012_230708

Files\Folders moved on Reboot...
File move failed. G:\AutoRun.exe scheduled to be moved on reboot.
File move failed. G:\AUTORUN.INF scheduled to be moved on reboot.
C:\Users\HP\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

heute 2. Log
Code:
All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-3355679170-1113078730-2588767007-1000\Software\Microsoft\Internet Explorer\SearchScopes\{83C99C52-1E01-404A-80A8-E3C4E17A1BC1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83C99C52-1E01-404A-80A8-E3C4E17A1BC1}\ not found.
Registry key HKEY_USERS\S-1-5-21-3355679170-1113078730-2588767007-1001\Software\Microsoft\Internet Explorer\SearchScopes\{355C7D6E-835D-429C-8B3C-59EADF4A0699}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{355C7D6E-835D-429C-8B3C-59EADF4A0699}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_USERS\S-1-5-21-3355679170-1113078730-2588767007-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry key HKEY_USERS\S-1-5-21-3355679170-1113078730-2588767007-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry key HKEY_USERS\S-1-5-21-3355679170-1113078730-2588767007-1001\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\DeleteOnReboot not found.
File C:\Windows\DeleteOnReboot.bat not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\EnableShellExecuteHooks not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideFastUserSwitching not found.
Registry key HKEY_USERS\S-1-5-21-3355679170-1113078730-2588767007-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System not found.
Registry key HKEY_USERS\S-1-5-21-3355679170-1113078730-2588767007-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File move failed. G:\AutoRun.exe scheduled to be moved on reboot.
File move failed. G:\AUTORUN.INF scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7dce3bbd-a936-11df-ac05-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7dce3bbd-a936-11df-ac05-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7dce3bbd-a936-11df-ac05-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7dce3bbd-a936-11df-ac05-806e6f6e6963}\ not found.
File F:\start.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b72de35a-fea8-11e1-a308-d85b1d1001b5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b72de35a-fea8-11e1-a308-d85b1d1001b5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b72de35a-fea8-11e1-a308-d85b1d1001b5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b72de35a-fea8-11e1-a308-d85b1d1001b5}\ not found.
File move failed. G:\AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File move failed. G:\AutoRun.exe scheduled to be moved on reboot.
========== FILES ==========
File\Folder C:\ProgramData\qbmkdveucimdhah not found.
File\Folder C:\ProgramData\xtqpmqgrarlcurp not found.
File\Folder C:\Users\Familie Engelhorn\AppData\Roaming\kock not found.
File\Folder C:\Users\Familie Engelhorn\AppData\Roaming\Oxuwvy not found.
File\Folder C:\Users\Familie Engelhorn\AppData\Roaming\UAs not found.
File\Folder C:\Users\Familie Engelhorn\AppData\Roaming\xmldm not found.
File\Folder C:\Users\HP\AppData\Roaming\kock not found.
File\Folder C:\Users\HP\AppData\Roaming\Oxuwvy not found.
File\Folder C:\Users\HP\AppData\Roaming\UAs not found.
File\Folder C:\Users\HP\AppData\Roaming\xmldm not found.
File\Folder C:\ProgramData\qbmkdveucimdhah not found.
File\Folder C:\Users\All Users\qbmkdveucimdhah not found.
File\Folder C:\Users\Familie Engelhorn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 not found.
File\Folder C:\Users\HP\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 not found.
File\Folder C:\Users\HP\AppData\Roaming\OpenCandy not found.
File\Folder C:\Users\Familie Engelhorn\AppData\Roaming\OpenCandy not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Familie Engelhorn\Desktop\cmd.bat deleted successfully.
C:\Users\Familie Engelhorn\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Familie Engelhorn
->Temp folder emptied: 798183 bytes
->Temporary Internet Files folder emptied: 3217266 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 492 bytes
 
User: HP
->Temp folder emptied: 12960 bytes
->Temporary Internet Files folder emptied: 33300 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 492 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 4,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.64.0 log created on 09222012_233640

Files\Folders moved on Reboot...
File move failed. G:\AutoRun.exe scheduled to be moved on reboot.
File move failed. G:\AUTORUN.INF scheduled to be moved on reboot.
C:\Users\HP\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

cosinus 23.09.2012 16:32
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtg4nzy0ywy5/settings_2012-09-04.png

Feuerwerk 23.09.2012 18:44
Hallo cosinus,

Vielen Dank daß du am Ball bleibst und mir hilfst!

Anbei das Log vom Kaspersky:
Code:
19:35:30.0177 5748  TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
19:35:30.0754 5748  ============================================================
19:35:30.0754 5748  Current date / time: 2012/09/23 19:35:30.0754
19:35:30.0754 5748  SystemInfo:
19:35:30.0754 5748 
19:35:30.0754 5748  OS Version: 6.1.7601 ServicePack: 1.0
19:35:30.0754 5748  Product type: Workstation
19:35:30.0754 5748  ComputerName: HP-PC
19:35:30.0754 5748  UserName: HP
19:35:30.0754 5748  Windows directory: C:\Windows
19:35:30.0754 5748  System windows directory: C:\Windows
19:35:30.0754 5748  Running under WOW64
19:35:30.0754 5748  Processor architecture: Intel x64
19:35:30.0754 5748  Number of processors: 4
19:35:30.0754 5748  Page size: 0x1000
19:35:30.0754 5748  Boot type: Normal boot
19:35:30.0754 5748  ============================================================
19:35:31.0456 5748  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:35:31.0472 5748  ============================================================
19:35:31.0472 5748  \Device\Harddisk0\DR0:
19:35:31.0472 5748  MBR partitions:
19:35:31.0472 5748  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
19:35:31.0472 5748  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x38716800
19:35:31.0472 5748  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x3877A800, BlocksNum 0x1BD7800
19:35:31.0472 5748  \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
19:35:31.0472 5748  ============================================================
19:35:31.0488 5748  C: <-> \Device\Harddisk0\DR0\Partition2
19:35:31.0597 5748  D: <-> \Device\Harddisk0\DR0\Partition3
19:35:31.0659 5748  E: <-> \Device\Harddisk0\DR0\Partition4
19:35:31.0659 5748  ============================================================
19:35:31.0659 5748  Initialize success
19:35:31.0659 5748  ============================================================
19:39:18.0905 1424  ============================================================
19:39:18.0905 1424  Scan started
19:39:18.0905 1424  Mode: Manual; SigCheck; TDLFS;
19:39:18.0905 1424  ============================================================
19:39:20.0356 1424  ================ Scan system memory ========================
19:39:20.0356 1424  System memory - ok
19:39:20.0356 1424  ================ Scan services =============================
19:39:20.0574 1424  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
19:39:20.0636 1424  1394ohci - ok
19:39:20.0668 1424  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
19:39:20.0699 1424  ACPI - ok
19:39:20.0746 1424  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi        C:\Windows\system32\drivers\acpipmi.sys
19:39:20.0808 1424  AcpiPmi - ok
19:39:21.0073 1424  [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:39:21.0089 1424  AdobeFlashPlayerUpdateSvc - ok
19:39:21.0323 1424  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx        C:\Windows\system32\DRIVERS\adp94xx.sys
19:39:21.0370 1424  adp94xx - ok
19:39:21.0463 1424  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci        C:\Windows\system32\DRIVERS\adpahci.sys
19:39:21.0479 1424  adpahci - ok
19:39:21.0526 1424  [ E109549C90F62FB570B9540C4B148E54 ] adpu320        C:\Windows\system32\DRIVERS\adpu320.sys
19:39:21.0541 1424  adpu320 - ok
19:39:21.0557 1424  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
19:39:21.0728 1424  AeLookupSvc - ok
19:39:21.0806 1424  [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters    C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
19:39:21.0838 1424  AERTFilters - ok
19:39:21.0900 1424  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD            C:\Windows\system32\drivers\afd.sys
19:39:22.0165 1424  AFD - ok
19:39:22.0259 1424  [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem  C:\Windows\system32\DRIVERS\agrsm64.sys
19:39:22.0399 1424  AgereSoftModem - ok
19:39:22.0462 1424  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
19:39:22.0477 1424  agp440 - ok
19:39:22.0555 1424  [ 3290D6946B5E30E70414990574883DDB ] ALG            C:\Windows\System32\alg.exe
19:39:22.0633 1424  ALG - ok
19:39:22.0696 1424  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
19:39:22.0711 1424  aliide - ok
19:39:22.0789 1424  [ B4143CB1DD16AE73C6177C72F33450A6 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:39:22.0914 1424  AMD External Events Utility - ok
19:39:22.0930 1424  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
19:39:22.0945 1424  amdide - ok
19:39:22.0992 1424  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8          C:\Windows\system32\DRIVERS\amdk8.sys
19:39:23.0054 1424  AmdK8 - ok
19:39:23.0195 1424  [ D1D06810BF7E21F5763EB06CB7E7262B ] amdkmdag        C:\Windows\system32\DRIVERS\atipmdag.sys
19:39:23.0444 1424  amdkmdag - ok
19:39:23.0522 1424  [ 6BA71D6616B56816E57394D77DD1BB6F ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
19:39:23.0554 1424  amdkmdap - ok
19:39:23.0569 1424  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
19:39:23.0616 1424  AmdPPM - ok
19:39:23.0663 1424  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata        C:\Windows\system32\drivers\amdsata.sys
19:39:23.0694 1424  amdsata - ok
19:39:23.0741 1424  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
19:39:23.0772 1424  amdsbs - ok
19:39:23.0819 1424  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata        C:\Windows\system32\drivers\amdxata.sys
19:39:23.0834 1424  amdxata - ok
19:39:23.0990 1424  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
19:39:24.0022 1424  AntiVirSchedulerService - ok
19:39:24.0100 1424  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
19:39:24.0115 1424  AntiVirService - ok
19:39:24.0178 1424  [ 89A69C3F2F319B43379399547526D952 ] AppID          C:\Windows\system32\drivers\appid.sys
19:39:24.0380 1424  AppID - ok
19:39:24.0396 1424  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
19:39:24.0458 1424  AppIDSvc - ok
19:39:24.0505 1424  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo        C:\Windows\System32\appinfo.dll
19:39:24.0583 1424  Appinfo - ok
19:39:24.0614 1424  [ C484F8CEB1717C540242531DB7845C4E ] arc            C:\Windows\system32\DRIVERS\arc.sys
19:39:24.0646 1424  arc - ok
19:39:24.0661 1424  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
19:39:24.0677 1424  arcsas - ok
19:39:24.0724 1424  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:39:24.0833 1424  AsyncMac - ok
19:39:24.0880 1424  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi          C:\Windows\system32\drivers\atapi.sys
19:39:24.0880 1424  atapi - ok
19:39:24.0942 1424  [ E857EEE6B92AAA473EBB3465ADD8F7E7 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
19:39:25.0067 1424  athr - ok
19:39:25.0145 1424  [ 77C149E6D702737B2E372DEE166FAEF8 ] AtiHdmiService  C:\Windows\system32\drivers\AtiHdmi.sys
19:39:25.0207 1424  AtiHdmiService - ok
19:39:25.0285 1424  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:39:25.0410 1424  AudioEndpointBuilder - ok
19:39:25.0426 1424  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
19:39:25.0472 1424  AudioSrv - ok
19:39:25.0519 1424  [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
19:39:25.0566 1424  avgntflt - ok
19:39:25.0613 1424  [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
19:39:25.0644 1424  avipbb - ok
19:39:25.0691 1424  [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
19:39:25.0706 1424  avkmgr - ok
19:39:25.0753 1424  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
19:39:25.0862 1424  AxInstSV - ok
19:39:25.0925 1424  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv        C:\Windows\system32\DRIVERS\bxvbda.sys
19:39:26.0003 1424  b06bdrv - ok
19:39:26.0065 1424  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
19:39:26.0112 1424  b57nd60a - ok
19:39:26.0206 1424  [ DBF43DB0C648DB9101D61041E00DF5C4 ] BBSvc          C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
19:39:26.0237 1424  BBSvc - ok
19:39:26.0362 1424  [ 35756E37D5FDEE22FBF27090A14FE608 ] BCM43XX        C:\Windows\system32\DRIVERS\bcmwl664.sys
19:39:26.0440 1424  BCM43XX - ok
19:39:26.0486 1424  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
19:39:26.0564 1424  BDESVC - ok
19:39:26.0580 1424  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
19:39:26.0658 1424  Beep - ok
19:39:26.0720 1424  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE            C:\Windows\System32\bfe.dll
19:39:26.0798 1424  BFE - ok
19:39:26.0861 1424  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
19:39:26.0970 1424  BITS - ok
19:39:27.0001 1424  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
19:39:27.0048 1424  blbdrive - ok
19:39:27.0079 1424  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:39:27.0126 1424  bowser - ok
19:39:27.0157 1424  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:39:27.0204 1424  BrFiltLo - ok
19:39:27.0235 1424  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:39:27.0266 1424  BrFiltUp - ok
19:39:27.0282 1424  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser        C:\Windows\System32\browser.dll
19:39:27.0313 1424  Browser - ok
19:39:27.0344 1424  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid        C:\Windows\System32\Drivers\Brserid.sys
19:39:27.0407 1424  Brserid - ok
19:39:27.0438 1424  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
19:39:27.0485 1424  BrSerWdm - ok
19:39:27.0516 1424  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
19:39:27.0578 1424  BrUsbMdm - ok
19:39:27.0594 1424  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
19:39:27.0610 1424  BrUsbSer - ok
19:39:27.0703 1424  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum        C:\Windows\system32\drivers\BthEnum.sys
19:39:27.0750 1424  BthEnum - ok
19:39:27.0781 1424  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
19:39:27.0828 1424  BTHMODEM - ok
19:39:27.0859 1424  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
19:39:27.0890 1424  BthPan - ok
19:39:27.0922 1424  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT        C:\Windows\System32\Drivers\BTHport.sys
19:39:28.0000 1424  BTHPORT - ok
19:39:28.0062 1424  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv        C:\Windows\system32\bthserv.dll
19:39:28.0140 1424  bthserv - ok
19:39:28.0187 1424  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
19:39:28.0234 1424  BTHUSB - ok
19:39:28.0265 1424  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:39:28.0358 1424  cdfs - ok
19:39:28.0421 1424  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom          C:\Windows\system32\DRIVERS\cdrom.sys
19:39:28.0468 1424  cdrom - ok
19:39:28.0514 1424  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc    C:\Windows\System32\certprop.dll
19:39:28.0592 1424  CertPropSvc - ok
19:39:28.0608 1424  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
19:39:28.0670 1424  circlass - ok
19:39:28.0717 1424  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
19:39:28.0748 1424  CLFS - ok
19:39:28.0795 1424  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:39:28.0826 1424  clr_optimization_v2.0.50727_32 - ok
19:39:28.0873 1424  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:39:28.0889 1424  clr_optimization_v2.0.50727_64 - ok
19:39:28.0998 1424  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:39:29.0029 1424  clr_optimization_v4.0.30319_32 - ok
19:39:29.0045 1424  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:39:29.0060 1424  clr_optimization_v4.0.30319_64 - ok
19:39:29.0092 1424  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
19:39:29.0138 1424  CmBatt - ok
19:39:29.0170 1424  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
19:39:29.0185 1424  cmdide - ok
19:39:29.0248 1424  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG            C:\Windows\system32\Drivers\cng.sys
19:39:29.0294 1424  CNG - ok
19:39:29.0341 1424  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
19:39:29.0357 1424  Compbatt - ok
19:39:29.0404 1424  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
19:39:29.0466 1424  CompositeBus - ok
19:39:29.0482 1424  COMSysApp - ok
19:39:29.0513 1424  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk        C:\Windows\system32\DRIVERS\crcdisk.sys
19:39:29.0528 1424  crcdisk - ok
19:39:29.0591 1424  [ 4F5414602E2544A4554D95517948B705 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:39:29.0653 1424  CryptSvc - ok
19:39:29.0684 1424  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:39:29.0762 1424  DcomLaunch - ok
19:39:29.0794 1424  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc      C:\Windows\System32\defragsvc.dll
19:39:29.0856 1424  defragsvc - ok
19:39:29.0872 1424  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
19:39:29.0903 1424  DfsC - ok
19:39:29.0950 1424  [ 113212D25D0C9BB8901A9833774DA97F ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
19:39:29.0965 1424  dg_ssudbus - ok
19:39:29.0996 1424  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
19:39:30.0028 1424  Dhcp - ok
19:39:30.0074 1424  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
19:39:30.0137 1424  discache - ok
19:39:30.0184 1424  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
19:39:30.0184 1424  Disk - ok
19:39:30.0230 1424  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:39:30.0293 1424  Dnscache - ok
19:39:30.0293 1424  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc        C:\Windows\System32\dot3svc.dll
19:39:30.0355 1424  dot3svc - ok
19:39:30.0371 1424  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS            C:\Windows\system32\dps.dll
19:39:30.0433 1424  DPS - ok
19:39:30.0464 1424  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
19:39:30.0511 1424  drmkaud - ok
19:39:30.0558 1424  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
19:39:30.0620 1424  DXGKrnl - ok
19:39:30.0652 1424  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost        C:\Windows\System32\eapsvc.dll
19:39:30.0683 1424  EapHost - ok
19:39:30.0776 1424  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv          C:\Windows\system32\DRIVERS\evbda.sys
19:39:30.0901 1424  ebdrv - ok
19:39:30.0932 1424  [ C118A82CD78818C29AB228366EBF81C3 ] EFS            C:\Windows\System32\lsass.exe
19:39:30.0964 1424  EFS - ok
19:39:31.0057 1424  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
19:39:31.0151 1424  ehRecvr - ok
19:39:31.0182 1424  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched        C:\Windows\ehome\ehsched.exe
19:39:31.0244 1424  ehSched - ok
19:39:31.0276 1424  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor        C:\Windows\system32\DRIVERS\elxstor.sys
19:39:31.0307 1424  elxstor - ok
19:39:31.0322 1424  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
19:39:31.0338 1424  ErrDev - ok
19:39:31.0385 1424  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem    C:\Windows\system32\es.dll
19:39:31.0447 1424  EventSystem - ok
19:39:31.0510 1424  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat          C:\Windows\system32\drivers\exfat.sys
19:39:31.0603 1424  exfat - ok
19:39:31.0619 1424  ezSharedSvc - ok
19:39:31.0666 1424  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat        C:\Windows\system32\drivers\fastfat.sys
19:39:31.0744 1424  fastfat - ok
19:39:31.0806 1424  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax            C:\Windows\system32\fxssvc.exe
19:39:31.0900 1424  Fax - ok
19:39:31.0915 1424  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc            C:\Windows\system32\DRIVERS\fdc.sys
19:39:31.0931 1424  fdc - ok
19:39:31.0962 1424  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost        C:\Windows\system32\fdPHost.dll
19:39:32.0056 1424  fdPHost - ok
19:39:32.0071 1424  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
19:39:32.0134 1424  FDResPub - ok
19:39:32.0149 1424  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:39:32.0165 1424  FileInfo - ok
19:39:32.0180 1424  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
19:39:32.0274 1424  Filetrace - ok
19:39:32.0305 1424  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
19:39:32.0321 1424  flpydisk - ok
19:39:32.0336 1424  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:39:32.0352 1424  FltMgr - ok
19:39:32.0414 1424  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache      C:\Windows\system32\FntCache.dll
19:39:32.0492 1424  FontCache - ok
19:39:32.0586 1424  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:39:32.0602 1424  FontCache3.0.0.0 - ok
19:39:32.0617 1424  [ D43703496149971890703B4B1B723EAC ] FsDepends      C:\Windows\system32\drivers\FsDepends.sys
19:39:32.0633 1424  FsDepends - ok
19:39:32.0695 1424  [ 2BF3B36B96D015AF666B6AA63AE2E38F ] fssfltr        C:\Windows\system32\DRIVERS\fssfltr.sys
19:39:32.0726 1424  fssfltr - ok
19:39:32.0820 1424  [ 45B52394F9624237F33A8A3D73C0B221 ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
19:39:32.0867 1424  fsssvc - ok
19:39:32.0898 1424  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:39:32.0914 1424  Fs_Rec - ok
19:39:32.0960 1424  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
19:39:32.0976 1424  fvevol - ok
19:39:33.0023 1424  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
19:39:33.0038 1424  gagp30kx - ok
19:39:33.0085 1424  [ E53EE18A21C025DEABCFE0F72FC481BB ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
19:39:33.0116 1424  GameConsoleService - ok
19:39:33.0148 1424  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc          C:\Windows\System32\gpsvc.dll
19:39:33.0241 1424  gpsvc - ok
19:39:33.0335 1424  [ F02A533F517EB38333CB12A9E8963773 ] gupdate        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:39:33.0366 1424  gupdate - ok
19:39:33.0382 1424  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:39:33.0397 1424  gupdatem - ok
19:39:33.0413 1424  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
19:39:33.0475 1424  hcw85cir - ok
19:39:33.0522 1424  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:39:33.0569 1424  HdAudAddService - ok
19:39:33.0600 1424  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
19:39:33.0631 1424  HDAudBus - ok
19:39:33.0678 1424  [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64        C:\Windows\system32\DRIVERS\HECIx64.sys
19:39:33.0709 1424  HECIx64 - ok
19:39:33.0725 1424  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt        C:\Windows\system32\DRIVERS\HidBatt.sys
19:39:33.0772 1424  HidBatt - ok
19:39:33.0818 1424  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
19:39:33.0865 1424  HidBth - ok
19:39:33.0896 1424  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr          C:\Windows\system32\DRIVERS\hidir.sys
19:39:33.0943 1424  HidIr - ok
19:39:33.0974 1424  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv        C:\Windows\system32\hidserv.dll
19:39:34.0037 1424  hidserv - ok
19:39:34.0115 1424  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
19:39:34.0130 1424  HidUsb - ok
19:39:34.0193 1424  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
19:39:34.0271 1424  hkmsvc - ok
19:39:34.0286 1424  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:39:34.0349 1424  HomeGroupListener - ok
19:39:34.0349 1424  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:39:34.0380 1424  HomeGroupProvider - ok
19:39:34.0442 1424  [ C84BCC03858DAEAC4DB1E95EFCCE1934 ] HP Health Check Service C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
19:39:34.0474 1424  HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning
19:39:34.0474 1424  HP Health Check Service - detected UnsignedFile.Multi.Generic (1)
19:39:34.0536 1424  [ 9ABD12FCE4A62905731C286BB1D66789 ] HP Wireless Assistant Service C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
19:39:34.0552 1424  HP Wireless Assistant Service - ok
19:39:34.0583 1424  [ EF3EA06057132138B4E5895A61601DBE ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
19:39:34.0614 1424  hpqwmiex - ok
19:39:34.0676 1424  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
19:39:34.0708 1424  HpSAMD - ok
19:39:34.0739 1424  [ B6492D01712A22FF3FEA25A999DBD321 ] HPWMISVC        C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
19:39:34.0770 1424  HPWMISVC ( UnsignedFile.Multi.Generic ) - warning
19:39:34.0770 1424  HPWMISVC - detected UnsignedFile.Multi.Generic (1)
19:39:34.0832 1424  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:39:34.0926 1424  HTTP - ok
19:39:34.0988 1424  [ D96A290F699081AE737390C0FE329D7C ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
19:39:35.0035 1424  hwdatacard - ok
19:39:35.0082 1424  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
19:39:35.0098 1424  hwpolicy - ok
19:39:35.0160 1424  [ E0C7255498640FC64B19AAE17FD6F965 ] hwusbdev        C:\Windows\system32\DRIVERS\ewusbdev.sys
19:39:35.0191 1424  hwusbdev - ok
19:39:35.0254 1424  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
19:39:35.0285 1424  i8042prt - ok
19:39:35.0363 1424  [ 660BF3255A1EB18ED803FD2FBA6AE400 ] IAANTMON        C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
19:39:35.0394 1424  IAANTMON - ok
19:39:35.0425 1424  [ BE7D72FCF442C26975942007E0831241 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
19:39:35.0456 1424  iaStor - ok
19:39:35.0519 1424  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV        C:\Windows\system32\drivers\iaStorV.sys
19:39:35.0550 1424  iaStorV - ok
19:39:35.0628 1424  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc          C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:39:35.0675 1424  idsvc - ok
19:39:35.0862 1424  [ 90AFAB2B5962B1CD5BB23320675D6174 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
19:39:36.0096 1424  igfx - ok
19:39:36.0127 1424  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp          C:\Windows\system32\DRIVERS\iirsp.sys
19:39:36.0158 1424  iirsp - ok
19:39:36.0205 1424  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
19:39:36.0314 1424  IKEEXT - ok
19:39:36.0330 1424  [ 4B6363CD4610BB848531BB260B15DFCC ] Impcd          C:\Windows\system32\DRIVERS\Impcd.sys
19:39:36.0392 1424  Impcd - ok
19:39:36.0455 1424  [ E76FDFFF07F8A2FA81FF250DDA0F6BBA ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
19:39:36.0502 1424  IntcAzAudAddService - ok
19:39:36.0517 1424  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
19:39:36.0533 1424  intelide - ok
19:39:36.0689 1424  [ 90AFAB2B5962B1CD5BB23320675D6174 ] intelkmd        C:\Windows\system32\DRIVERS\igdpmd64.sys
19:39:36.0923 1424  intelkmd - ok
19:39:36.0954 1424  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
19:39:37.0001 1424  intelppm - ok
19:39:37.0048 1424  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
19:39:37.0094 1424  IPBusEnum - ok
19:39:37.0141 1424  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:39:37.0204 1424  IpFilterDriver - ok
19:39:37.0266 1424  [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
19:39:37.0344 1424  iphlpsvc - ok
19:39:37.0391 1424  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV        C:\Windows\system32\drivers\IPMIDrv.sys
19:39:37.0438 1424  IPMIDRV - ok
19:39:37.0469 1424  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT          C:\Windows\system32\drivers\ipnat.sys
19:39:37.0547 1424  IPNAT - ok
19:39:37.0578 1424  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
19:39:37.0640 1424  IRENUM - ok
19:39:37.0672 1424  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
19:39:37.0703 1424  isapnp - ok
19:39:37.0718 1424  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
19:39:37.0750 1424  iScsiPrt - ok
19:39:37.0781 1424  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
19:39:37.0796 1424  kbdclass - ok
19:39:37.0828 1424  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
19:39:37.0843 1424  kbdhid - ok
19:39:37.0874 1424  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
19:39:37.0874 1424  KeyIso - ok
19:39:37.0890 1424  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
19:39:37.0906 1424  KSecDD - ok
19:39:37.0906 1424  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg        C:\Windows\system32\Drivers\ksecpkg.sys
19:39:37.0921 1424  KSecPkg - ok
19:39:37.0952 1424  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk        C:\Windows\system32\drivers\ksthunk.sys
19:39:38.0015 1424  ksthunk - ok
19:39:38.0077 1424  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm          C:\Windows\system32\msdtckrm.dll
19:39:38.0186 1424  KtmRm - ok
19:39:38.0233 1424  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
19:39:38.0311 1424  LanmanServer - ok
19:39:38.0342 1424  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:39:38.0405 1424  LanmanWorkstation - ok
19:39:38.0467 1424  [ 47269F0DE1E5089C6F23BC1EC48CFC31 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
19:39:38.0483 1424  LightScribeService ( UnsignedFile.Multi.Generic ) - warning
19:39:38.0483 1424  LightScribeService - detected UnsignedFile.Multi.Generic (1)
19:39:38.0530 1424  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
19:39:38.0608 1424  lltdio - ok
19:39:38.0654 1424  [ C1185803384AB3FEED115F79F109427F ] lltdsvc        C:\Windows\System32\lltdsvc.dll
19:39:38.0701 1424  lltdsvc - ok
19:39:38.0732 1424  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts        C:\Windows\System32\lmhsvc.dll
19:39:38.0795 1424  lmhosts - ok
19:39:38.0826 1424  [ DBC1136A62BD4DECC3632DF650284C2E ] LMS            C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
19:39:38.0873 1424  LMS - ok
19:39:38.0920 1424  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
19:39:38.0935 1424  LSI_FC - ok
19:39:38.0951 1424  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS        C:\Windows\system32\DRIVERS\lsi_sas.sys
19:39:38.0966 1424  LSI_SAS - ok
19:39:38.0998 1424  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:39:39.0013 1424  LSI_SAS2 - ok
19:39:39.0060 1424  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:39:39.0091 1424  LSI_SCSI - ok
19:39:39.0122 1424  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv          C:\Windows\system32\drivers\luafv.sys
19:39:39.0200 1424  luafv - ok
19:39:39.0247 1424  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
19:39:39.0278 1424  Mcx2Svc - ok
19:39:39.0310 1424  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas        C:\Windows\system32\DRIVERS\megasas.sys
19:39:39.0325 1424  megasas - ok
19:39:39.0356 1424  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
19:39:39.0372 1424  MegaSR - ok
19:39:39.0403 1424  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS          C:\Windows\system32\mmcss.dll
19:39:39.0466 1424  MMCSS - ok
19:39:39.0497 1424  [ 800BA92F7010378B09F9ED9270F07137 ] Modem          C:\Windows\system32\drivers\modem.sys
19:39:39.0575 1424  Modem - ok
19:39:39.0606 1424  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
19:39:39.0653 1424  monitor - ok
19:39:39.0668 1424  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
19:39:39.0684 1424  mouclass - ok
19:39:39.0746 1424  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
19:39:39.0778 1424  mouhid - ok
19:39:39.0824 1424  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
19:39:39.0856 1424  mountmgr - ok
19:39:39.0902 1424  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
19:39:39.0934 1424  mpio - ok
19:39:39.0980 1424  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
19:39:40.0043 1424  mpsdrv - ok
19:39:40.0090 1424  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
19:39:40.0152 1424  MpsSvc - ok
19:39:40.0199 1424  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
19:39:40.0246 1424  MRxDAV - ok
19:39:40.0277 1424  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
19:39:40.0339 1424  mrxsmb - ok
19:39:40.0386 1424  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:39:40.0417 1424  mrxsmb10 - ok
19:39:40.0417 1424  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:39:40.0433 1424  mrxsmb20 - ok
19:39:40.0480 1424  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
19:39:40.0480 1424  msahci - ok
19:39:40.0511 1424  [ DB801A638D011B9633829EB6F663C900 ] msdsm          C:\Windows\system32\drivers\msdsm.sys
19:39:40.0526 1424  msdsm - ok
19:39:40.0526 1424  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC          C:\Windows\System32\msdtc.exe
19:39:40.0573 1424  MSDTC - ok
19:39:40.0604 1424  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
19:39:40.0651 1424  Msfs - ok
19:39:40.0682 1424  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf      C:\Windows\System32\drivers\mshidkmdf.sys
19:39:40.0792 1424  mshidkmdf - ok
19:39:40.0807 1424  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
19:39:40.0823 1424  msisadrv - ok
19:39:40.0838 1424  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
19:39:40.0916 1424  MSiSCSI - ok
19:39:40.0916 1424  msiserver - ok
19:39:40.0948 1424  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
19:39:41.0026 1424  MSKSSRV - ok
19:39:41.0026 1424  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
19:39:41.0104 1424  MSPCLOCK - ok
19:39:41.0119 1424  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
19:39:41.0197 1424  MSPQM - ok
19:39:41.0244 1424  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
19:39:41.0291 1424  MsRPC - ok
19:39:41.0322 1424  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
19:39:41.0338 1424  mssmbios - ok
19:39:41.0338 1424  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
19:39:41.0416 1424  MSTEE - ok
19:39:41.0431 1424  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
19:39:41.0462 1424  MTConfig - ok
19:39:41.0478 1424  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup            C:\Windows\system32\Drivers\mup.sys
19:39:41.0494 1424  Mup - ok
19:39:41.0525 1424  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
19:39:41.0603 1424  napagent - ok
19:39:41.0634 1424  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
19:39:41.0696 1424  NativeWifiP - ok
19:39:41.0759 1424  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
19:39:41.0821 1424  NDIS - ok
19:39:41.0852 1424  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap        C:\Windows\system32\DRIVERS\ndiscap.sys
19:39:41.0915 1424  NdisCap - ok
19:39:41.0962 1424  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
19:39:42.0024 1424  NdisTapi - ok
19:39:42.0055 1424  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
19:39:42.0118 1424  Ndisuio - ok
19:39:42.0164 1424  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
19:39:42.0227 1424  NdisWan - ok
19:39:42.0242 1424  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
19:39:42.0289 1424  NDProxy - ok
19:39:42.0320 1424  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
19:39:42.0367 1424  NetBIOS - ok
19:39:42.0414 1424  [ 09594D1089C523423B32A4229263F068 ] NetBT          C:\Windows\system32\DRIVERS\netbt.sys
19:39:42.0492 1424  NetBT - ok
19:39:42.0492 1424  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
19:39:42.0508 1424  Netlogon - ok
19:39:42.0554 1424  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
19:39:42.0617 1424  Netman - ok
19:39:42.0648 1424  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
19:39:42.0710 1424  netprofm - ok
19:39:42.0742 1424  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:39:42.0757 1424  NetTcpPortSharing - ok
19:39:42.0898 1424  [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64        C:\Windows\system32\DRIVERS\netw5v64.sys
19:39:43.0085 1424  netw5v64 - ok
19:39:43.0116 1424  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960        C:\Windows\system32\DRIVERS\nfrd960.sys
19:39:43.0132 1424  nfrd960 - ok
19:39:43.0163 1424  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
19:39:43.0210 1424  NlaSvc - ok
19:39:43.0256 1424  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
19:39:43.0303 1424  Npfs - ok
19:39:43.0319 1424  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi            C:\Windows\system32\nsisvc.dll
19:39:43.0397 1424  nsi - ok
19:39:43.0428 1424  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
19:39:43.0475 1424  nsiproxy - ok
19:39:43.0522 1424  [ A2F74975097F52A00745F9637451FDD8 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
19:39:43.0600 1424  Ntfs - ok
19:39:43.0615 1424  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
19:39:43.0693 1424  Null - ok
19:39:43.0740 1424  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
19:39:43.0771 1424  nvraid - ok
19:39:43.0802 1424  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
19:39:43.0818 1424  nvstor - ok
19:39:43.0849 1424  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
19:39:43.0865 1424  nv_agp - ok
19:39:43.0974 1424  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:39:44.0021 1424  odserv - ok
19:39:44.0036 1424  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
19:39:44.0083 1424  ohci1394 - ok
19:39:44.0130 1424  [ 5A432A042DAE460ABE7199B758E8606C ] ose            C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:39:44.0161 1424  ose - ok
19:39:44.0192 1424  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
19:39:44.0270 1424  p2pimsvc - ok
19:39:44.0286 1424  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
19:39:44.0317 1424  p2psvc - ok
19:39:44.0348 1424  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport        C:\Windows\system32\DRIVERS\parport.sys
19:39:44.0364 1424  Parport - ok
19:39:44.0395 1424  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr        C:\Windows\system32\drivers\partmgr.sys
19:39:44.0411 1424  partmgr - ok
19:39:44.0442 1424  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
19:39:44.0504 1424  PcaSvc - ok
19:39:44.0551 1424  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci            C:\Windows\system32\drivers\pci.sys
19:39:44.0582 1424  pci - ok
19:39:44.0598 1424  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
19:39:44.0614 1424  pciide - ok
19:39:44.0629 1424  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
19:39:44.0645 1424  pcmcia - ok
19:39:44.0660 1424  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw            C:\Windows\system32\drivers\pcw.sys
19:39:44.0676 1424  pcw - ok
19:39:44.0707 1424  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
19:39:44.0770 1424  PEAUTH - ok
19:39:44.0879 1424  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
19:39:44.0926 1424  PerfHost - ok
19:39:45.0004 1424  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla            C:\Windows\system32\pla.dll
19:39:45.0113 1424  pla - ok
19:39:45.0191 1424  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
19:39:45.0238 1424  PlugPlay - ok
19:39:45.0269 1424  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg    C:\Windows\system32\pnrpauto.dll
19:39:45.0300 1424  PNRPAutoReg - ok
19:39:45.0331 1424  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc        C:\Windows\system32\pnrpsvc.dll
19:39:45.0347 1424  PNRPsvc - ok
19:39:45.0378 1424  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
19:39:45.0440 1424  PolicyAgent - ok
19:39:45.0487 1424  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power          C:\Windows\system32\umpo.dll
19:39:45.0550 1424  Power - ok
19:39:45.0565 1424  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
19:39:45.0643 1424  PptpMiniport - ok
19:39:45.0674 1424  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor      C:\Windows\system32\DRIVERS\processr.sys
19:39:45.0721 1424  Processor - ok
19:39:45.0737 1424  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc        C:\Windows\system32\profsvc.dll
19:39:45.0784 1424  ProfSvc - ok
19:39:45.0815 1424  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:39:45.0830 1424  ProtectedStorage - ok
19:39:45.0862 1424  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
19:39:45.0924 1424  Psched - ok
19:39:45.0971 1424  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
19:39:46.0033 1424  ql2300 - ok
19:39:46.0049 1424  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
19:39:46.0064 1424  ql40xx - ok
19:39:46.0096 1424  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE          C:\Windows\system32\qwave.dll
19:39:46.0111 1424  QWAVE - ok
19:39:46.0142 1424  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
19:39:46.0174 1424  QWAVEdrv - ok
19:39:46.0205 1424  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
19:39:46.0252 1424  RasAcd - ok
19:39:46.0298 1424  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn    C:\Windows\system32\DRIVERS\AgileVpn.sys
19:39:46.0345 1424  RasAgileVpn - ok
19:39:46.0345 1424  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto        C:\Windows\System32\rasauto.dll
19:39:46.0408 1424  RasAuto - ok
19:39:46.0423 1424  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
19:39:46.0470 1424  Rasl2tp - ok
19:39:46.0501 1424  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
19:39:46.0595 1424  RasMan - ok
19:39:46.0610 1424  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
19:39:46.0688 1424  RasPppoe - ok
19:39:46.0720 1424  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
19:39:46.0766 1424  RasSstp - ok
19:39:46.0798 1424  [ 77F665941019A1594D887A74F301FA2F ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
19:39:46.0860 1424  rdbss - ok
19:39:46.0891 1424  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
19:39:46.0907 1424  rdpbus - ok
19:39:46.0954 1424  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
19:39:47.0000 1424  RDPCDD - ok
19:39:47.0000 1424  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
19:39:47.0063 1424  RDPENCDD - ok
19:39:47.0078 1424  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
19:39:47.0125 1424  RDPREFMP - ok
19:39:47.0156 1424  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
19:39:47.0203 1424  RDPWD - ok
19:39:47.0219 1424  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
19:39:47.0250 1424  rdyboost - ok
19:39:47.0266 1424  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
19:39:47.0344 1424  RemoteAccess - ok
19:39:47.0375 1424  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
19:39:47.0468 1424  RemoteRegistry - ok
19:39:47.0515 1424  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
19:39:47.0562 1424  RFCOMM - ok
19:39:47.0578 1424  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
19:39:47.0624 1424  RpcEptMapper - ok
19:39:47.0656 1424  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
19:39:47.0702 1424  RpcLocator - ok
19:39:47.0734 1424  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs          C:\Windows\system32\rpcss.dll
19:39:47.0827 1424  RpcSs - ok
19:39:47.0858 1424  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
19:39:47.0952 1424  rspndr - ok
19:39:48.0014 1424  [ 483DF0B58CA532E5240E59DC41F30AA2 ] RSUSBSTOR      C:\Windows\system32\Drivers\RtsUStor.sys
19:39:48.0077 1424  RSUSBSTOR - ok
19:39:48.0108 1424  [ 777FC2C418465404E3D8A290DC247D24 ] RTL8167        C:\Windows\system32\DRIVERS\Rt64win7.sys
19:39:48.0186 1424  RTL8167 - ok
19:39:48.0202 1424  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs          C:\Windows\system32\lsass.exe
19:39:48.0217 1424  SamSs - ok
19:39:48.0248 1424  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
19:39:48.0280 1424  sbp2port - ok
19:39:48.0311 1424  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
19:39:48.0373 1424  SCardSvr - ok
19:39:48.0389 1424  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
19:39:48.0436 1424  scfilter - ok
19:39:48.0498 1424  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
19:39:48.0592 1424  Schedule - ok
19:39:48.0623 1424  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc    C:\Windows\System32\certprop.dll
19:39:48.0654 1424  SCPolicySvc - ok
19:39:48.0716 1424  [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus          C:\Windows\system32\drivers\sdbus.sys
19:39:48.0763 1424  sdbus - ok
19:39:48.0810 1424  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
19:39:48.0872 1424  SDRSVC - ok
19:39:48.0966 1424  [ D358E077A0A05D9B12DA22D137EE8464 ] SeaPort        C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
19:39:48.0982 1424  SeaPort - ok
19:39:49.0044 1424  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
19:39:49.0138 1424  secdrv - ok
19:39:49.0153 1424  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
19:39:49.0200 1424  seclogon - ok
19:39:49.0247 1424  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
19:39:49.0340 1424  SENS - ok
19:39:49.0356 1424  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
19:39:49.0418 1424  SensrSvc - ok
19:39:49.0450 1424  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum        C:\Windows\system32\DRIVERS\serenum.sys
19:39:49.0465 1424  Serenum - ok
19:39:49.0465 1424  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
19:39:49.0481 1424  Serial - ok
19:39:49.0496 1424  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
19:39:49.0512 1424  sermouse - ok
19:39:49.0543 1424  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
19:39:49.0590 1424  SessionEnv - ok
19:39:49.0621 1424  [ A554811BCD09279536440C964AE35BBF ] sffdisk        C:\Windows\system32\drivers\sffdisk.sys
19:39:49.0668 1424  sffdisk - ok
19:39:49.0684 1424  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
19:39:49.0715 1424  sffp_mmc - ok
19:39:49.0746 1424  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd        C:\Windows\system32\drivers\sffp_sd.sys
19:39:49.0793 1424  sffp_sd - ok
19:39:49.0824 1424  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy        C:\Windows\system32\DRIVERS\sfloppy.sys
19:39:49.0871 1424  sfloppy - ok
19:39:49.0918 1424  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
19:39:50.0011 1424  SharedAccess - ok
19:39:50.0027 1424  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:39:50.0074 1424  ShellHWDetection - ok
19:39:50.0105 1424  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:39:50.0120 1424  SiSRaid2 - ok
19:39:50.0152 1424  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
19:39:50.0167 1424  SiSRaid4 - ok
19:39:50.0230 1424  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb            C:\Windows\system32\DRIVERS\smb.sys
19:39:50.0276 1424  Smb - ok
19:39:50.0339 1424  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
19:39:50.0386 1424  SNMPTRAP - ok
19:39:50.0417 1424  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr          C:\Windows\system32\drivers\spldr.sys
19:39:50.0432 1424  spldr - ok
19:39:50.0479 1424  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler        C:\Windows\System32\spoolsv.exe
19:39:50.0526 1424  Spooler - ok
19:39:50.0635 1424  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
19:39:50.0713 1424  sppsvc - ok
19:39:50.0744 1424  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify    C:\Windows\system32\sppuinotify.dll
19:39:50.0807 1424  sppuinotify - ok
19:39:50.0822 1424  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv            C:\Windows\system32\DRIVERS\srv.sys
19:39:50.0885 1424  srv - ok
19:39:50.0916 1424  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
19:39:50.0963 1424  srv2 - ok
19:39:51.0010 1424  [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA      C:\Windows\system32\DRIVERS\VSTAZL6.SYS
19:39:51.0041 1424  SrvHsfHDA - ok
19:39:51.0103 1424  [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92      C:\Windows\system32\DRIVERS\VSTDPV6.SYS
19:39:51.0166 1424  SrvHsfV92 - ok
19:39:51.0197 1424  [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac    C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
19:39:51.0244 1424  SrvHsfWinac - ok
19:39:51.0275 1424  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
19:39:51.0290 1424  srvnet - ok
19:39:51.0337 1424  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
19:39:51.0400 1424  SSDPSRV - ok
19:39:51.0431 1424  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc        C:\Windows\system32\sstpsvc.dll
19:39:51.0462 1424  SstpSvc - ok
19:39:51.0524 1424  [ 78CD64791F8634CF7B582FD085E57C4B ] ssudmdm        C:\Windows\system32\DRIVERS\ssudmdm.sys
19:39:51.0556 1424  ssudmdm - ok
19:39:51.0571 1424  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
19:39:51.0602 1424  stexstor - ok
19:39:51.0665 1424  [ DECACB6921DED1A38642642685D77DAC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
19:39:51.0712 1424  StillCam - ok
19:39:51.0743 1424  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
19:39:51.0774 1424  stisvc - ok
19:39:51.0805 1424  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
19:39:51.0821 1424  swenum - ok
19:39:51.0836 1424  [ E08E46FDD841B7184194011CA1955A0B ] swprv          C:\Windows\System32\swprv.dll
19:39:51.0914 1424  swprv - ok
19:39:51.0961 1424  [ CE9B5A79AEE330BC7E88C0441E5727BB ] SynTP          C:\Windows\system32\DRIVERS\SynTP.sys
19:39:51.0992 1424  SynTP - ok
19:39:52.0070 1424  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain        C:\Windows\system32\sysmain.dll
19:39:52.0148 1424  SysMain - ok
19:39:52.0164 1424  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:39:52.0180 1424  TabletInputService - ok
19:39:52.0211 1424  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv        C:\Windows\System32\tapisrv.dll
19:39:52.0258 1424  TapiSrv - ok
19:39:52.0289 1424  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS            C:\Windows\System32\tbssvc.dll
19:39:52.0351 1424  TBS - ok
19:39:52.0429 1424  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
19:39:52.0523 1424  Tcpip - ok
19:39:52.0601 1424  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
19:39:52.0648 1424  TCPIP6 - ok
19:39:52.0679 1424  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
19:39:52.0741 1424  tcpipreg - ok
19:39:52.0772 1424  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
19:39:52.0819 1424  TDPIPE - ok
19:39:52.0850 1424  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
19:39:52.0866 1424  TDTCP - ok
19:39:52.0882 1424  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
19:39:52.0944 1424  tdx - ok
19:39:52.0975 1424  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
19:39:52.0975 1424  TermDD - ok
19:39:53.0006 1424  [ 2E648163254233755035B46DD7B89123 ] TermService    C:\Windows\System32\termsrv.dll
19:39:53.0069 1424  TermService - ok
19:39:53.0100 1424  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
19:39:53.0147 1424  Themes - ok
19:39:53.0194 1424  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER    C:\Windows\system32\mmcss.dll
19:39:53.0240 1424  THREADORDER - ok
19:39:53.0256 1424  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
19:39:53.0318 1424  TrkWks - ok
19:39:53.0381 1424  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:39:53.0459 1424  TrustedInstaller - ok
19:39:53.0506 1424  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
19:39:53.0552 1424  tssecsrv - ok
19:39:53.0568 1424  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
19:39:53.0615 1424  TsUsbFlt - ok
19:39:53.0630 1424  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
19:39:53.0693 1424  tunnel - ok
19:39:53.0724 1424  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
19:39:53.0740 1424  uagp35 - ok
19:39:53.0771 1424  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
19:39:53.0818 1424  udfs - ok
19:39:53.0864 1424  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect      C:\Windows\system32\UI0Detect.exe
19:39:53.0911 1424  UI0Detect - ok
19:39:53.0958 1424  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
19:39:53.0974 1424  uliagpkx - ok
19:39:54.0036 1424  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus          C:\Windows\system32\drivers\umbus.sys
19:39:54.0083 1424  umbus - ok
19:39:54.0114 1424  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
19:39:54.0161 1424  UmPass - ok
19:39:54.0270 1424  [ 7466809E6DA561D60C2F1CE8EDE3C73F ] UNS            C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
19:39:54.0348 1424  UNS - ok
19:39:54.0364 1424  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
19:39:54.0426 1424  upnphost - ok
19:39:54.0442 1424  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
19:39:54.0520 1424  usbccgp - ok
19:39:54.0551 1424  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
19:39:54.0566 1424  usbcir - ok
19:39:54.0613 1424  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci        C:\Windows\system32\drivers\usbehci.sys
19:39:54.0644 1424  usbehci - ok
19:39:54.0676 1424  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
19:39:54.0722 1424  usbhub - ok
19:39:54.0738 1424  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci        C:\Windows\system32\drivers\usbohci.sys
19:39:54.0769 1424  usbohci - ok
19:39:54.0800 1424  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
19:39:54.0816 1424  usbprint - ok
19:39:54.0878 1424  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan        C:\Windows\system32\DRIVERS\usbscan.sys
19:39:54.0910 1424  usbscan - ok
19:39:54.0925 1424  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:39:54.0988 1424  USBSTOR - ok
19:39:55.0003 1424  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci        C:\Windows\system32\drivers\usbuhci.sys
19:39:55.0050 1424  usbuhci - ok
19:39:55.0112 1424  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
19:39:55.0175 1424  usbvideo - ok
19:39:55.0206 1424  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms          C:\Windows\System32\uxsms.dll
19:39:55.0300 1424  UxSms - ok
19:39:55.0315 1424  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
19:39:55.0315 1424  VaultSvc - ok
19:39:55.0362 1424  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
19:39:55.0393 1424  vdrvroot - ok
19:39:55.0440 1424  [ 8D6B481601D01A456E75C3210F1830BE ] vds            C:\Windows\System32\vds.exe
19:39:55.0534 1424  vds - ok
19:39:55.0565 1424  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
19:39:55.0596 1424  vga - ok
19:39:55.0612 1424  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave        C:\Windows\System32\drivers\vga.sys
19:39:55.0690 1424  VgaSave - ok
19:39:55.0736 1424  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp          C:\Windows\system32\drivers\vhdmp.sys
19:39:55.0768 1424  vhdmp - ok
19:39:55.0799 1424  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
19:39:55.0814 1424  viaide - ok
19:39:55.0830 1424  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
19:39:55.0846 1424  volmgr - ok
19:39:55.0892 1424  [ A255814907C89BE58B79EF2F189B843B ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
19:39:55.0924 1424  volmgrx - ok
19:39:55.0970 1424  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap        C:\Windows\system32\drivers\volsnap.sys
19:39:56.0017 1424  volsnap - ok
19:39:56.0048 1424  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid        C:\Windows\system32\DRIVERS\vsmraid.sys
19:39:56.0064 1424  vsmraid - ok
19:39:56.0126 1424  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS            C:\Windows\system32\vssvc.exe
19:39:56.0204 1424  VSS - ok
19:39:56.0236 1424  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
19:39:56.0282 1424  vwifibus - ok
19:39:56.0314 1424  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
19:39:56.0329 1424  vwififlt - ok
19:39:56.0376 1424  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp        C:\Windows\system32\DRIVERS\vwifimp.sys
19:39:56.0423 1424  vwifimp - ok
19:39:56.0438 1424  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time        C:\Windows\system32\w32time.dll
19:39:56.0501 1424  W32Time - ok
19:39:56.0532 1424  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
19:39:56.0563 1424  WacomPen - ok
19:39:56.0626 1424  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
19:39:56.0688 1424  WANARP - ok
19:39:56.0704 1424  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
19:39:56.0750 1424  Wanarpv6 - ok
19:39:56.0797 1424  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
19:39:56.0875 1424  wbengine - ok
19:39:56.0891 1424  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
19:39:56.0922 1424  WbioSrvc - ok
19:39:56.0969 1424  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc        C:\Windows\System32\wcncsvc.dll
19:39:57.0016 1424  wcncsvc - ok
19:39:57.0047 1424  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:39:57.0078 1424  WcsPlugInService - ok
19:39:57.0094 1424  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
19:39:57.0109 1424  Wd - ok
19:39:57.0140 1424  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
19:39:57.0172 1424  Wdf01000 - ok
19:39:57.0187 1424  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
19:39:57.0296 1424  WdiServiceHost - ok
19:39:57.0296 1424  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost  C:\Windows\system32\wdi.dll
19:39:57.0328 1424  WdiSystemHost - ok
19:39:57.0328 1424  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient      C:\Windows\System32\webclnt.dll
19:39:57.0374 1424  WebClient - ok
19:39:57.0406 1424  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
19:39:57.0484 1424  Wecsvc - ok
19:39:57.0499 1424  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport  C:\Windows\System32\wercplsupport.dll
19:39:57.0546 1424  wercplsupport - ok
19:39:57.0593 1424  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
19:39:57.0686 1424  WerSvc - ok
19:39:57.0733 1424  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
19:39:57.0764 1424  WfpLwf - ok
19:39:57.0780 1424  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
19:39:57.0796 1424  WIMMount - ok
19:39:57.0811 1424  WinDefend - ok
19:39:57.0811 1424  WinHttpAutoProxySvc - ok
19:39:57.0858 1424  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
19:39:57.0905 1424  Winmgmt - ok
19:39:57.0983 1424  [ BCB1310604AA415C4508708975B3931E ] WinRM          C:\Windows\system32\WsmSvc.dll
19:39:58.0139 1424  WinRM - ok
19:39:58.0217 1424  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
19:39:58.0248 1424  WinUsb - ok
19:39:58.0279 1424  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc        C:\Windows\System32\wlansvc.dll
19:39:58.0342 1424  Wlansvc - ok
19:39:58.0373 1424  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi        C:\Windows\system32\drivers\wmiacpi.sys
19:39:58.0420 1424  WmiAcpi - ok
19:39:58.0451 1424  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
19:39:58.0482 1424  wmiApSrv - ok
19:39:58.0513 1424  WMPNetworkSvc - ok
19:39:58.0560 1424  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
19:39:58.0591 1424  WPCSvc - ok
19:39:58.0638 1424  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
19:39:58.0669 1424  WPDBusEnum - ok
19:39:58.0700 1424  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
19:39:58.0778 1424  ws2ifsl - ok
19:39:58.0825 1424  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
19:39:58.0872 1424  wscsvc - ok
19:39:58.0888 1424  WSearch - ok
19:39:58.0981 1424  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
19:39:59.0059 1424  wuauserv - ok
19:39:59.0090 1424  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
19:39:59.0137 1424  WudfPf - ok
19:39:59.0168 1424  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
19:39:59.0215 1424  WUDFRd - ok
19:39:59.0215 1424  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
19:39:59.0262 1424  wudfsvc - ok
19:39:59.0293 1424  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc        C:\Windows\System32\wwansvc.dll
19:39:59.0309 1424  WwanSvc - ok
19:39:59.0356 1424  [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7        C:\Windows\system32\DRIVERS\yk62x64.sys
19:39:59.0418 1424  yukonw7 - ok
19:39:59.0434 1424  ================ Scan global ===============================
19:39:59.0465 1424  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:39:59.0512 1424  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
19:39:59.0527 1424  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
19:39:59.0574 1424  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:39:59.0605 1424  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:39:59.0605 1424  [Global] - ok
19:39:59.0621 1424  ================ Scan MBR ==================================
19:39:59.0621 1424  [ A3911F2EB860220A219AF130E61E7995 ] \Device\Harddisk0\DR0
19:40:00.0011 1424  \Device\Harddisk0\DR0 - ok
19:40:00.0011 1424  ================ Scan VBR ==================================
19:40:00.0026 1424  [ 6B2A8EEF5D7B151FFE9C76041E6FA968 ] \Device\Harddisk0\DR0\Partition1
19:40:00.0026 1424  \Device\Harddisk0\DR0\Partition1 - ok
19:40:00.0058 1424  [ 60FC34E1C3D8025E3CFBB85568569745 ] \Device\Harddisk0\DR0\Partition2
19:40:00.0058 1424  \Device\Harddisk0\DR0\Partition2 - ok
19:40:00.0089 1424  [ 82B9F327652B39F76DA2EE677AE24ECF ] \Device\Harddisk0\DR0\Partition3
19:40:00.0089 1424  \Device\Harddisk0\DR0\Partition3 - ok
19:40:00.0104 1424  [ 843BE6FF76D8B34DA98522957DA60D8A ] \Device\Harddisk0\DR0\Partition4
19:40:00.0104 1424  \Device\Harddisk0\DR0\Partition4 - ok
19:40:00.0104 1424  ============================================================
19:40:00.0104 1424  Scan finished
19:40:00.0104 1424  ============================================================
19:40:00.0136 2584  Detected object count: 3
19:40:00.0136 2584  Actual detected object count: 3
19:40:24.0581 2584  HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:24.0581 2584  HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:24.0581 2584  HPWMISVC ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:24.0581 2584  HPWMISVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:40:24.0581 2584  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
19:40:24.0581 2584  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 23.09.2012 19:30
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Feuerwerk 24.09.2012 23:05
Hallo cosinus,

habe combofix ausgeführt. Die Wiederherstellungskonsole wollte es nicht installieren. Anbei das Log
Code:
ComboFix 12-09-24.02 - HP 24.09.2012  23:13:07.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.3894.2523 [GMT 2:00]
ausgeführt von:: c:\users\Familie Engelhorn\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Familie Engelhorn\AppData\Roaming\chrtmp
c:\users\Public\wz145gev.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-08-24 bis 2012-09-24  ))))))))))))))))))))))))))))))
.
.
2012-09-24 21:22 . 2012-09-24 21:22        --------        d-----w-        c:\users\HP\AppData\Local\temp
2012-09-24 21:22 . 2012-09-24 21:22        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-09-22 21:01 . 2012-08-30 07:27        9308616        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{E53FD30A-1088-46C4-84C8-90640AC31524}\mpengine.dll
2012-09-20 21:00 . 2012-09-20 21:00        --------        d-----w-        c:\windows\system32\%LOCALAPPDATA%
2012-09-20 20:59 . 2012-09-20 20:59        --------        d-----w-        C:\_OTL
2012-09-14 22:59 . 2012-08-22 18:12        1913200        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2012-09-14 22:59 . 2012-08-22 18:12        376688        ----a-w-        c:\windows\system32\drivers\netio.sys
2012-09-14 22:59 . 2012-08-22 18:12        288624        ----a-w-        c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-14 20:38 . 2012-08-22 18:12        950128        ----a-w-        c:\windows\system32\drivers\ndis.sys
2012-09-14 20:38 . 2012-07-04 20:26        41472        ----a-w-        c:\windows\system32\drivers\RNDISMP.sys
2012-09-14 20:37 . 2012-08-02 17:58        574464        ----a-w-        c:\windows\system32\d3d10level9.dll
2012-09-14 20:37 . 2012-08-02 16:57        490496        ----a-w-        c:\windows\SysWow64\d3d10level9.dll
2012-09-14 19:54 . 2009-06-22 18:01        132608        ----a-w-        c:\windows\system32\drivers\ewusbnet.sys
2012-09-14 19:54 . 2009-06-22 17:38        116992        ----a-w-        c:\windows\system32\drivers\ewusbmdm.sys
2012-09-14 19:54 . 2009-06-22 17:26        113792        ----a-w-        c:\windows\system32\drivers\ewusbdev.sys
2012-09-14 19:54 . 2007-08-09 02:10        29696        ----a-w-        c:\windows\system32\drivers\ewdcsc.sys
2012-09-14 19:54 . 2012-09-14 20:21        --------        d-----w-        c:\program files (x86)\Mobile Partner
2012-09-07 19:53 . 2012-09-07 19:53        --------        d-----w-        c:\program files (x86)\ESET
2012-09-07 19:30 . 2012-09-07 19:30        --------        d-----w-        c:\users\Familie Engelhorn\AppData\Roaming\Malwarebytes
2012-09-07 18:37 . 2012-09-07 18:37        --------        d-----w-        c:\users\HP\AppData\Roaming\Malwarebytes
2012-09-07 18:37 . 2012-09-14 20:31        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-07 18:37 . 2012-09-07 18:37        --------        d-----w-        c:\programdata\Malwarebytes
2012-09-07 18:37 . 2012-09-07 15:04        25928        ----a-w-        c:\windows\system32\drivers\mbam.sys
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-22 22:29 . 2012-05-18 17:18        696240        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-22 22:29 . 2011-08-12 19:11        73136        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-14 23:09 . 2012-08-17 18:35        64462936        ----a-w-        c:\windows\system32\MRT.exe
2012-08-17 18:50 . 2009-07-14 02:36        152576        ----a-w-        c:\windows\SysWow64\msclmd.dll
2012-08-17 18:50 . 2009-07-14 02:36        175616        ----a-w-        c:\windows\system32\msclmd.dll
2012-07-18 18:15 . 2012-08-15 08:15        3148800        ----a-w-        c:\windows\system32\win32k.sys
2012-07-06 20:07 . 2012-08-15 08:25        552960        ----a-w-        c:\windows\system32\drivers\bthport.sys
2012-07-05 20:06 . 2012-08-17 18:54        772544        ----a-w-        c:\windows\SysWow64\npDeployJava1.dll
2012-07-05 20:06 . 2012-08-17 18:54        687544        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2012-07-04 22:16 . 2012-08-15 08:15        73216        ----a-w-        c:\windows\system32\netapi32.dll
2012-07-04 22:13 . 2012-08-15 08:15        59392        ----a-w-        c:\windows\system32\browcli.dll
2012-07-04 22:13 . 2012-08-15 08:15        136704        ----a-w-        c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-15 08:15        41984        ----a-w-        c:\windows\SysWow64\browcli.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe" [2010-02-09 1712184]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-02-22 2363392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-02 98304]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2010-01-25 61112]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-09 29984]
"IndexSearch"="c:\program files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-09 46368]
"PPort11reminder"="c:\program files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\users\Familie Engelhorn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-12 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-22 250288]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-02-15 99384]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-12 136176]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-23 225280]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-09 295424]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-02-15 203320]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-12-15 27760]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-03-03 202752]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-01-27 102968]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-18 20480]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-03-03 6402560]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-03-03 188928]
S3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-15 183560]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-06-22 113792]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-10 158720]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2010-03-03 7843040]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-02-22 09:38        451872        ----a-w-        c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-18 22:29]
.
2012-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-12 16:08]
.
2012-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-12 16:08]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-03-13 6234144]
"RtkOSD"="c:\program files (x86)\Realtek\Audio\OSD\RtVOsd64.exe" [2010-01-13 995840]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-03 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-03 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-03 410648]
"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-01-18 451072]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-05-12 172032]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-01-27 8192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: Interfaces\{C6166ED9-3ECE-4E4B-876A-939B0263DC10}: NameServer = 192.168.178.1
DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-ElsterFormular  ***unknown variable buildnummer*** - g:\programme\uninstall.exe
AddRemove-ElsterFormular für Privatanwender 12.0.0.5880p - g:\programme\Elster 2010\ElsterFormular\uninstall.exe
AddRemove-Mein CEWE FOTOBUCH - g:\programme\CEWE Fotobuch\Mein CEWE FOTOBUCH\uninstall.exe
AddRemove-{495A8A3C-8FD0-4C46-9979-95C26181A1AB} - c:\program files (x86)\InstallShield Installation Information\{495A8A3C-8FD0-4C46-9979-95C26181A1AB}\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-09-24  23:36:30
ComboFix-quarantined-files.txt  2012-09-24 21:36
.
Vor Suchlauf: 10 Verzeichnis(se), 403.768.197.120 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 403.830.628.352 Bytes frei
.
- - End Of File - - 8DD0C536CB1B970521F0AEAC5829ED09

cosinus 25.09.2012 12:04
Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Feuerwerk 25.09.2012 21:19
Hallo cosinus,

uff, das hat jetzt ein bißchen gedauert. Aber die Programme sind nicht abgestürzt oder so was. Ich habe bei allen dreien nur gescannt.

Hier die Logs:

GMER
Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-09-25 21:34:56
Windows 6.1.7601 Service Pack 1
Running: pqhbf0br.exe


---- Registry - GMER 1.0.15 ----

Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002713d5d391                                             
Reg  HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Linkage@Bind                                                                \Device\{333FB703-6DC1-4AA7-B870-26CBBFEDBD4A}?\Device\{B33810E9-1E1F-48DA-BB17-911FDBE26529}?\Device\{C6166ED9-3ECE-4E4B-876A-939B0263DC10}?\Device\{53C021D9-70D5-46EF-B00E-88225CDC05FA}?
Reg  HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{333FB703-6DC1-4AA7-B870-26CBBFEDBD4A}@DhcpIPAddress  10.162.157.180
Reg  HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{333FB703-6DC1-4AA7-B870-26CBBFEDBD4A}@DhcpSubnetMask  255.255.255.255
Reg  HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{333FB703-6DC1-4AA7-B870-26CBBFEDBD4A}@NameServer      193.189.244.225 193.189.244.206
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002713d5d391 (not active ControlSet)                         

---- EOF - GMER 1.0.15 ----
OSAM
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 21:51:12 on 25.09.2012

OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 64-bit
Default Browser: Microsoft Corporation Internet Explorer 9.00.8112.16421

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"HPWA.cpl" - "Hewlett-Packard" - C:\Windows\system32\HPWA.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"FssFltr" (fssfltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\fssfltr.sys

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" - "Hewlett-Packard Company" - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{E54729E8-BB3D-4270-9D49-7389EA579090} "EasyBits ShellExecute Hook" - "EasyBits Software Corp." - C:\Windows\SysWow64\EZUPBH~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{5E2121EE-0300-11D4-8D3B-444553540000} "Catalyst Context Menu extension" - ? -  (File not found | COM-object registry key not found)
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~4\Office12\ONFILTER.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
ITBar7Height64 "ITBar7Height64" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{888078C6-70B2-4F88-8EE7-1F50DDEA6120} "CeWe Color AG & Co. OHG Control" - "CeWe Color AG & Co. OHG" - C:\Windows\Downloaded Program Files\ImageUploader6.ocx / https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\SysWOW64\Macromed\Flash\Flash32_11_4_402_278.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{8dcb7100-df86-4384-8842-8fa844297b3f} "Bing Bar" - "Microsoft Corporation." - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{d2ce3e00-f94a-4740-988e-03dc2f38c34f} "Bing Bar Helper" - "Microsoft Corporation." - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Oracle Corporation" - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" - "Microsoft Corp." - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"HPAdvisorDock" - ? - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
"LightScribe Control Panel" - "Hewlett-Packard Company" - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
"BrMfcWnd" - "Brother Industries, Ltd." - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
"ControlCenter3" - "Brother Industries, Ltd." - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
"Easybits Recovery" - "EasyBits Software AS" - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
"HP Software Update" - "Hewlett-Packard" - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
"IndexSearch" - "Nuance Communications, Inc." - "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
"PaperPort PTD" - "Nuance Communications, Inc." - "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
"PPort11reminder" - "Nuance Communications, Inc." - "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
"SSBkgdUpdate" - "Nuance Communications, Inc." - "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll  (File not found)
"@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe"  (File not found)
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
"Bing Bar Update Service" (BBSvc) - "Microsoft Corporation." - C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
"Easybits Services for Windows" (ezSharedSvc) - ? - C:\Windows\System32\ezSharedSvcHost.exe  (File not found)
"GameConsoleService" (GameConsoleService) - "WildTangent, Inc." - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"HP Health Check Service" (HP Health Check Service) - "Hewlett-Packard" - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
"HP Wireless Assistant Service" (HP Wireless Assistant Service) - "Hewlett-Packard" - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
"hpqwmiex" (hpqwmiex) - "Hewlett-Packard Company" - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
"HPWMISVC" (HPWMISVC) - ? - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe  (File found, but it contains no detailed information)
"Intel(R) Management & Security Application User Notification Service" (UNS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
"Intel(R) Management and Security Application Local Management Service" (LMS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
"Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
"Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"SeaPort" (SeaPort) - "Microsoft Corp." - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
"Windows Live Family Safety-Dienst" (fsssvc) - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe

[Winlogon]
-----( HKCU\Control Panel\Desktop )-----
"SCRNSAVE.EXE" - "Digital Illusions Software - ss3d.com" - C:\Windows\NEMO'S~1.SCR

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
aswMBR
Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-25 21:53:47
-----------------------------
21:53:47.010    OS Version: Windows x64 6.1.7601 Service Pack 1
21:53:47.010    Number of processors: 4 586 0x2502
21:53:47.010    ComputerName: HP-PC  UserName: HP
21:53:48.602    Initialize success
22:06:50.625    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:06:50.625    Disk 0 Vendor: ST950042 0006 Size: 476940MB BusType: 3
22:06:50.656    Disk 0 MBR read successfully
22:06:50.656    Disk 0 MBR scan
22:06:50.656    Disk 0 unknown MBR code
22:06:50.672    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          199 MB offset 2048
22:06:50.672    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS      462381 MB offset 409600
22:06:50.719    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS        14255 MB offset 947365888
22:06:50.734    Disk 0 Partition 4 00    0C    FAT32 LBA MSDOS5.0      103 MB offset 976560128
22:06:50.781    Disk 0 scanning C:\Windows\system32\drivers
22:07:00.890    Service scanning
22:07:16.568    Modules scanning
22:07:16.583    Disk 0 trace - called modules:
22:07:16.599    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
22:07:16.599    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005d9d060]
22:07:16.615    3 CLASSPNP.SYS[fffff880013b943f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004f11050]
22:07:16.615    Scan finished successfully
22:12:34.028    Disk 0 MBR has been saved successfully to "C:\Users\Familie Engelhorn\Desktop\MBR.dat"
22:12:34.028    The log file has been saved successfully to "C:\Users\Familie Engelhorn\Desktop\aswMBR_1.txt"

cosinus 26.09.2012 13:51
Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.

Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar.
Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast

Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Anschließend Windows neu starten und ein neues Log mit aswMBR machen.

Feuerwerk 26.09.2012 23:00
Hallo cosinus,

der Rechner enthält eine unsichtbare Partition System (ganz links in der Datenträgerverwaltung auf dem Datenträger 0)
Kann es sein, daß diese Partitionen unbenutzbar wird?

cosinus 27.09.2012 16:05
Nein, das ist nur die Startpartition von Win7 - du meinst doch das 100MB Häppchen oder?

Feuerwerk 27.09.2012 21:16
Hallo cosinus,

vielen Dank für die Hilfe bisher!
Ich hoffe, wir haben es bald geschafft.

ja, das ist eine ganz kleine Partition, 200MB.

Den Fixmbr habe ich durchgeführt. Windows ist danach normal gestartet. Die insg. 4 Partitionen sind noch da.

Anbei das Log direkt nach dem Fix (vor Neustart)
Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-27 21:36:00
-----------------------------
21:36:00.684    OS Version: Windows x64 6.1.7601 Service Pack 1
21:36:00.684    Number of processors: 4 586 0x2502
21:36:00.684    ComputerName: HP-PC  UserName: HP
21:36:07.580    Initialize success
21:46:52.660    AVAST engine defs: 12092700
21:47:39.318    Verifying
21:47:49.334    Disk 0 Windows 601 MBR fixed successfully
21:49:12.025    Disk 0 MBR has been saved successfully to "C:\Users\Familie Engelhorn\Desktop\MBR.dat"
21:49:12.025    The log file has been saved successfully to "C:\Users\Familie Engelhorn\Desktop\aswMBR _Log nach fixmbr 12-09-27.txt"
Und das ist das Log nach Neustart. Ich habe auf Scan geklickt und danach auf Log. Ich hoffe das war deine Intention
Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-27 21:53:59
-----------------------------
21:53:59.021    OS Version: Windows x64 6.1.7601 Service Pack 1
21:53:59.021    Number of processors: 4 586 0x2502
21:53:59.021    ComputerName: HP-PC  UserName: HP
21:54:00.815    Initialize success
21:54:10.799    AVAST engine defs: 12092700
21:55:57.461    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:55:57.477    Disk 0 Vendor: ST950042 0006 Size: 476940MB BusType: 3
21:55:57.492    Disk 0 MBR read successfully
21:55:57.492    Disk 0 MBR scan
21:55:57.523    Disk 0 Windows 7 default MBR code
21:55:57.539    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          199 MB offset 2048
21:55:57.555    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS      462381 MB offset 409600
21:55:57.586    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS        14255 MB offset 947365888
21:55:57.601    Disk 0 Partition 4 00    0C    FAT32 LBA MSDOS5.0      103 MB offset 976560128
21:55:57.664    Disk 0 scanning C:\Windows\system32\drivers
21:56:11.189    Service scanning
21:56:36.789    Modules scanning
21:56:36.804    Disk 0 trace - called modules:
21:56:36.820    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
21:56:36.835    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005d9d060]
21:56:36.835    3 CLASSPNP.SYS[fffff88000daf43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004f3b050]
21:56:41.547    AVAST engine scan C:\Windows
21:57:06.475    AVAST engine scan C:\Windows\system32
22:01:06.856    AVAST engine scan C:\Windows\system32\drivers
22:01:29.882    AVAST engine scan C:\Users\HP
22:01:54.093    AVAST engine scan C:\ProgramData
22:04:14.603    Scan finished successfully
22:07:00.057    Disk 0 MBR has been saved successfully to "C:\Users\Familie Engelhorn\Desktop\MBR.dat"
22:07:00.057    The log file has been saved successfully to "C:\Users\Familie Engelhorn\Desktop\aswMBR _Log nACH.txt"

cosinus 27.09.2012 21:21
Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Feuerwerk 28.09.2012 23:47
Hallo cosinus,

das wäre super. Habe beide scans durchgeführt:

Superantispyware:
Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 09/28/2012 at 03:08 AM

Application Version : 5.5.1022

Core Rules Database Version : 9305
Trace Rules Database Version: 7117

Scan type      : Complete Scan
Total Scan Time : 02:11:21

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator

Memory items scanned      : 814
Memory threats detected  : 0
Registry items scanned    : 71295
Registry threats detected : 0
File items scanned        : 237240
File threats detected    : 377

Adware.Tracking Cookie
        C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\0C7IMRCC.txt [ /atdmt.com ]
        C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\YJB7J2K4.txt [ /serving-sys.com ]
        C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\0A2KGAOS.txt [ /bs.serving-sys.com ]
        C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\FNPFUHN1.txt [ /doubleclick.net ]
        C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\YYOPB85D.txt [ /c.atdmt.com ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\4L6X9XG9.txt [ Cookie:familie engelhorn@deutschporno.eu/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\AIGTHJS4.txt [ Cookie:familie engelhorn@www.momisnaked.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\4ADJSDCX.txt [ Cookie:familie engelhorn@ad3.adfarm1.adition.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\UECXMHJA.txt [ Cookie:familie engelhorn@ad1.adfarm1.adition.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\ESYE8COU.txt [ Cookie:familie engelhorn@server.adformdsp.net/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\JCI5TG6T.txt [ Cookie:familie engelhorn@adxpansion.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\EN7PUL14.txt [ Cookie:familie engelhorn@ad.yieldmanager.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\YPD6GRR9.txt [ Cookie:familie engelhorn@ad.adnet.de/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\91Q3KPYX.txt [ Cookie:familie engelhorn@track.adform.net/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\1J5129XH.txt [ Cookie:familie engelhorn@pornodoktor.info/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\3TG041K4.txt [ Cookie:familie engelhorn@serving-sys.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\FVQNU7YZ.txt [ Cookie:familie engelhorn@www.geficktporno.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\B194N9DC.txt [ Cookie:familie engelhorn@adtech.de/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\HQMADYMU.txt [ Cookie:familie engelhorn@www.zanox-affiliate.de/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\6F33VRMB.txt [ Cookie:familie engelhorn@www.gaypornofilme.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\UC624TSF.txt [ Cookie:familie engelhorn@amazon-adsystem.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\UGWZBNLI.txt [ Cookie:familie engelhorn@insightexpressai.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\4JBZF8F8.txt [ Cookie:familie engelhorn@smartadserver.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\JYT303Y8.txt [ Cookie:familie engelhorn@youpornos.info/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\C9DFWGJP.txt [ Cookie:familie engelhorn@adultfriendfinder.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\WKR9LWVV.txt [ Cookie:familie engelhorn@ww251.smartadserver.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\XNIV3S6B.txt [ Cookie:familie engelhorn@deutsche-pornos.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\8FGAX08Q.txt [ Cookie:familie engelhorn@gpornofilme.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\9CVTDRZ8.txt [ Cookie:familie engelhorn@feuchtetube.com/pornos/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\SIRCBZW7.txt [ Cookie:familie engelhorn@xhamster-porno.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\AXZJ1DNZ.txt [ Cookie:familie engelhorn@mediaplex.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\7EJ2DWHK.txt [ Cookie:familie engelhorn@ad2.adfarm1.adition.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\SZSSG0SM.txt [ Cookie:familie engelhorn@www.usenext.de/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\PIP3J2FH.txt [ Cookie:familie engelhorn@pornlist.tv/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\0XZ9UOKW.txt [ Cookie:familie engelhorn@www.realgfporn.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\W6GLQH73.txt [ Cookie:familie engelhorn@tradedoubler.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\EYIYYS3A.txt [ Cookie:familie engelhorn@a.revenuemax.de/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\YQ80PWQA.txt [ Cookie:familie engelhorn@fuckedtime.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\6LLJPHEZ.txt [ Cookie:familie engelhorn@www.germanypornos.net/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\5SBB5NVB.txt [ Cookie:familie engelhorn@tomtailor.dyntracker.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\XP0YBFOO.txt [ Cookie:familie engelhorn@tracking.quisma.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\VFCM1G26.txt [ Cookie:familie engelhorn@ad.zanox.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\GV25ZVBI.txt [ Cookie:familie engelhorn@sexfilmchen.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\2QYQ8WFR.txt [ Cookie:familie engelhorn@server.adform.net/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\C3LBKEOX.txt [ Cookie:familie engelhorn@ad4.adfarm1.adition.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\MY3FN0HH.txt [ Cookie:familie engelhorn@traffictrack.de/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\OQY023QG.txt [ Cookie:familie engelhorn@fastclick.net/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\ZBUYCGOR.txt [ Cookie:familie engelhorn@toplist.eu/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\WHZDGQD2.txt [ Cookie:familie engelhorn@zanox-affiliate.de/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\4R2IX8JI.txt [ Cookie:familie engelhorn@pornokantine.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\82IUCA52.txt [ Cookie:familie engelhorn@adbrite.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\714U996E.txt [ Cookie:familie engelhorn@www.deutschporno.eu/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\QCXA2L59.txt [ Cookie:familie engelhorn@welcome.hp.com/country/de/de/cs/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\0GZP4H4Q.txt [ Cookie:familie engelhorn@doubleclick.net/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\N0ZI2SU8.txt [ Cookie:familie engelhorn@yadro.ru/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\C6DQP5OE.txt [ Cookie:familie engelhorn@www.freesexnavigator.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\6RQDFFSD.txt [ Cookie:familie engelhorn@de.sitestat.com/br/br/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\043AD22E.txt [ Cookie:familie engelhorn@porno-deutsch.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\7SAASGYJ.txt [ Cookie:familie engelhorn@deutsch-porno.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\GHWFNQ9Q.txt [ Cookie:familie engelhorn@msnportal.112.2o7.net/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\DTX3ATPM.txt [ Cookie:familie engelhorn@bs.serving-sys.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Y9U9H6NA.txt [ Cookie:familie engelhorn@statcounter.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\QF0S7DKL.txt [ Cookie:familie engelhorn@kontera.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\2RQAQ52W.txt [ Cookie:familie engelhorn@specificclick.net/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Y4EEVHTQ.txt [ Cookie:familie engelhorn@imrworldwide.com/cgi-bin ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\YNWP09GT.txt [ Cookie:familie engelhorn@track.effiliation.com/servlet/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\SV4QS1JW.txt [ Cookie:familie engelhorn@www.deutsch-porno.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\27NA0WZK.txt [ Cookie:familie engelhorn@wlw.122.2o7.net/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\U4G53D78.txt [ Cookie:familie engelhorn@www.pornme.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\2JXUKQ4P.txt [ Cookie:familie engelhorn@ru4.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\RP1DWKCP.txt [ Cookie:familie engelhorn@questionmarket.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\0RGTZM6G.txt [ Cookie:familie engelhorn@adform.net/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\O1CMASLZ.txt [ Cookie:familie engelhorn@ad.dyntracker.de/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\MKVQ9URS.txt [ Cookie:familie engelhorn@adformdsp.net/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\IGT4L54D.txt [ Cookie:familie engelhorn@lfstmedia.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\0RSTM4ZR.txt [ Cookie:familie engelhorn@lucidmedia.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\G8BIVRHU.txt [ Cookie:familie engelhorn@tracking.mindshare.de/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Z72CSTIL.txt [ Cookie:familie engelhorn@c.atdmt.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\XKTW6LBH.txt [ Cookie:familie engelhorn@toplist.sk/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\MA97NJVJ.txt [ Cookie:familie engelhorn@www.gpornofilme.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\G2OS8HH2.txt [ Cookie:familie engelhorn@tribalfusion.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\M4U7EIXP.txt [ Cookie:familie engelhorn@www.bangbrosteenporn.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\8Z1M3Z7F.txt [ Cookie:familie engelhorn@www.pornlist.tv/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\LD15PH2K.txt [ Cookie:familie engelhorn@cashforyoursextape.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\XYIIMYBF.txt [ Cookie:familie engelhorn@2o7.net/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\PYMHRLO8.txt [ Cookie:familie engelhorn@eas4.emediate.eu/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\FC7WWIZ1.txt [ Cookie:familie engelhorn@www.googleadservices.com/pagead/conversion/966276644/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\OZKJ2WH0.txt [ Cookie:familie engelhorn@histats.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\C7A1FU0Z.txt [ Cookie:familie engelhorn@www.googleadservices.com/pagead/conversion/1059070878/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Z1P7MIQ0.txt [ Cookie:familie engelhorn@casalemedia.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\F1VTHAHC.txt [ Cookie:familie engelhorn@gaypornofilme.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\UEWYGUSY.txt [ Cookie:familie engelhorn@thehun-porno.info/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\KCKAZYWO.txt [ Cookie:familie engelhorn@rachesex.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\UVI4EMLN.txt [ Cookie:familie engelhorn@media.gan-online.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\LE47ETLR.txt [ Cookie:familie engelhorn@www.deutschsexvideo.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\WYOLANBO.txt [ Cookie:familie engelhorn@xvideos-porno.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\61TG6043.txt [ Cookie:familie engelhorn@ad-emea.doubleclick.net/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\ZYQV41AZ.txt [ Cookie:familie engelhorn@www.googleadservices.com/pagead/conversion/1007531228/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\33IYFQ35.txt [ Cookie:familie engelhorn@adx.chip.de/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\HTZG0H43.txt [ Cookie:familie engelhorn@de.sitestat.com/edeka/edeka-test/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Y4YBLQ3A.txt [ Cookie:familie engelhorn@fucktapes.org/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\C5BL2530.txt [ Cookie:familie engelhorn@www.fuckedtime.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\X6YPO6DA.txt [ Cookie:familie engelhorn@adxpose.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\V3QCOAFW.txt [ Cookie:familie engelhorn@www.realitykingsteenporn.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\N316JKX4.txt [ Cookie:familie engelhorn@unister-adservices.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\6RSWL5Z5.txt [ Cookie:familie engelhorn@www.rachesex.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\CLB7513Y.txt [ Cookie:familie engelhorn@www.deutsche-pornos.in/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\NUXNI0UK.txt [ Cookie:familie engelhorn@realgfporn.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\VUQVGJ14.txt [ Cookie:familie engelhorn@deutschpornofilme.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\2S0HM22W.txt [ Cookie:familie engelhorn@www.pornwave.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\TOSUOB8N.txt [ Cookie:familie engelhorn@realitykingsteenporn.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\GOZM8X7C.txt [ Cookie:familie engelhorn@tracker.vinsight.de/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\3RCQB51F.txt [ Cookie:familie engelhorn@momisnaked.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\OWR1283R.txt [ Cookie:familie engelhorn@www.8teenxxx.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\8NZSHKYD.txt [ Cookie:familie engelhorn@im.banner.t-online.de/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\D4N200AZ.txt [ Cookie:familie engelhorn@loyaltypartner.122.2o7.net/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\6T6SK21T.txt [ Cookie:familie engelhorn@www.fpctraffic.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\XS2TJFRM.txt [ Cookie:familie engelhorn@ad3.adfarm1.adition.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\7CGCFBWE.txt [ Cookie:familie engelhorn@ad.yieldmanager.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\SNNAMJLZ.txt [ Cookie:familie engelhorn@ad.adnet.de/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\F95LOELY.txt [ Cookie:familie engelhorn@track.adform.net/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\M4MUMO5U.txt [ Cookie:familie engelhorn@serving-sys.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\0Y65DY2J.txt [ Cookie:familie engelhorn@exoclick.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\L3UWGHIJ.txt [ Cookie:familie engelhorn@www.trackamg.com/tracker/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\I3BH84KM.txt [ Cookie:familie engelhorn@smartadserver.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\FPGRU6YR.txt [ Cookie:familie engelhorn@ww251.smartadserver.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\PUASMK4K.txt [ Cookie:familie engelhorn@mediaplex.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\ESTLJS37.txt [ Cookie:familie engelhorn@ad2.adfarm1.adition.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\5RYYOFX1.txt [ Cookie:familie engelhorn@content.yieldmanager.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\JKMMB4I6.txt [ Cookie:familie engelhorn@tradedoubler.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\NJCOU1ZL.txt [ Cookie:familie engelhorn@server.lon.liveperson.net/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\LPI2B40S.txt [ Cookie:familie engelhorn@ad.zanox.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\9UT492BH.txt [ Cookie:familie engelhorn@tracking.quisma.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\1TT50PVI.txt [ Cookie:familie engelhorn@adx.chip.de/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\LKWBV5N8.txt [ Cookie:familie engelhorn@deutschepostag.112.2o7.net/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\5SHCOH19.txt [ Cookie:familie engelhorn@ad4.adfarm1.adition.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\DVJIA2V4.txt [ Cookie:familie engelhorn@ad.dyntracker.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\AN2OSH3L.txt [ Cookie:familie engelhorn@traffictrack.de/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\MJLJ7ORX.txt [ Cookie:familie engelhorn@fastclick.net/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\UMYZCZJG.txt [ Cookie:familie engelhorn@zanox-affiliate.de/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\O7AS7FPQ.txt [ Cookie:familie engelhorn@doubleclick.net/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\T04VX4RF.txt [ Cookie:familie engelhorn@bs.serving-sys.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\HSKR9K3O.txt [ Cookie:familie engelhorn@overture.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\4A8IBZVW.txt [ Cookie:familie engelhorn@imrworldwide.com/cgi-bin ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\QK3FWX3J.txt [ Cookie:familie engelhorn@track.effiliation.com/servlet/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\PSNQBAGV.txt [ Cookie:familie engelhorn@eas.apm.emediate.eu/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\0TGTIHIB.txt [ Cookie:familie engelhorn@questionmarket.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\BV1Z1PJP.txt [ Cookie:familie engelhorn@liveperson.net/hc/85950269 ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\S7XDMKRN.txt [ Cookie:familie engelhorn@tracking.mindshare.de/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\DZ6FR10Z.txt [ Cookie:familie engelhorn@im.banner.t-online.de/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\ARQTZ1I2.txt [ Cookie:familie engelhorn@ad1.adfarm1.adition.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\247N0FK7.txt [ Cookie:familie engelhorn@ad.adserver01.de/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\PMKIYR68.txt [ Cookie:familie engelhorn@eas4.emediate.eu/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\W1OP5JX1.txt [ Cookie:familie engelhorn@adtech.de/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\AQTHO3RA.txt [ Cookie:familie engelhorn@www.zanox-affiliate.de/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\9Y4PH1U6.txt [ Cookie:familie engelhorn@googleads.g.doubleclick.net/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\LG8LDI1O.txt [ Cookie:familie engelhorn@eyewonder.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\C9OGGZOC.txt [ Cookie:familie engelhorn@adxpose.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\5K44SPL2.txt [ Cookie:familie engelhorn@statcounter.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZY203BBD.txt [ Cookie:familie engelhorn@specificclick.net/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\JJ6R6OP1.txt [ Cookie:familie engelhorn@adform.net/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\QM8TIE3V.txt [ Cookie:familie engelhorn@loyaltypartner.122.2o7.net/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\4UVQ7MAZ.txt [ Cookie:familie engelhorn@tribalfusion.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\K31EYWHO.txt [ Cookie:familie engelhorn@adxpansion.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\UMINYYGW.txt [ Cookie:familie engelhorn@ad.adition.net/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\AG28XS3L.txt [ Cookie:familie engelhorn@insightexpressai.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\K8N1SHTI.txt [ Cookie:familie engelhorn@www.burstnet.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\7ITGCWYI.txt [ Cookie:familie engelhorn@deutsche-pornos.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\EKYPXHZW.txt [ Cookie:familie engelhorn@collective-media.net/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\KUNN3AEM.txt [ Cookie:familie engelhorn@advertising.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\EUFMUDRT.txt [ Cookie:familie engelhorn@www.pornos-ansehen.com/Teens/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\8C6BTZG7.txt [ Cookie:familie engelhorn@passende-gedichte-finden.de/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\LNQTP9YE.txt [ Cookie:familie engelhorn@stat.onestat.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\891GMHSM.txt [ Cookie:familie engelhorn@flvtools.spacash.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\EDWPXW96.txt [ Cookie:familie engelhorn@yadro.ru/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\QXG8PIEE.txt [ Cookie:familie engelhorn@www.googleadservices.com/pagead/conversion/1071668411/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\BJUQ3W51.txt [ Cookie:familie engelhorn@adult-empire.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\UV7FAUZ4.txt [ Cookie:familie engelhorn@flexyteens.ultimate-erotic.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\XLN90JF1.txt [ Cookie:familie engelhorn@pornoadler.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\2A51AB8S.txt [ Cookie:familie engelhorn@games.sl3.kfactormedia.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\VAHDU0A6.txt [ Cookie:familie engelhorn@counter.sexsuche.tv/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\0BXDXTTV.txt [ Cookie:familie engelhorn@m1.webstats.motigo.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\JQY0D6M0.txt [ Cookie:familie engelhorn@hardsextube.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\L8WVK45Y.txt [ Cookie:familie engelhorn@de.sitestat.com/sueddeutsche/sueddeutsche/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\8RJ8CRWK.txt [ Cookie:familie engelhorn@adultfriendfinder.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\O4DNA9QG.txt [ Cookie:familie engelhorn@www.googleadservices.com/pagead/conversion/1027785393/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\RFDVGIG2.txt [ Cookie:familie engelhorn@casalemedia.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\QLAXYZZ3.txt [ Cookie:familie engelhorn@media.gan-online.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\MU5CNT3O.txt [ Cookie:familie engelhorn@www.funnyadultgamesplay.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\QOFYI020.txt [ Cookie:familie engelhorn@adserver.hardsextube.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZK4M8XAA.txt [ Cookie:familie engelhorn@mediathek.tvtouring.de/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\A2XK73P1.txt [ Cookie:familie engelhorn@hightraffic.hugoboss.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\70D5CTGV.txt [ Cookie:familie engelhorn@sales.liveperson.net/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\O6QIDZ4E.txt [ Cookie:familie engelhorn@adbrite.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\CVR5KX1K.txt [ Cookie:familie engelhorn@w00tpublishers.wootmedia.net/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\T0H7FNVW.txt [ Cookie:familie engelhorn@content.yieldmanager.com/ak/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\AIYQX23T.txt [ Cookie:familie engelhorn@s1.trafficmaxx.de/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\KQA9SAYV.txt [ Cookie:familie engelhorn@www.123counter.at/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\37DNWTJK.txt [ Cookie:familie engelhorn@weihnachtsmarkt-finder.de/admin/phpmv/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\PJWV05UX.txt [ Cookie:familie engelhorn@www.adservercentral.info/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\1JG7KXEL.txt [ Cookie:familie engelhorn@pornrabbit.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\2N8V7C0N.txt [ Cookie:familie engelhorn@germansexvideo.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\X7TV7F3K.txt [ Cookie:familie engelhorn@count.xhit.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\XR1U9LW3.txt [ Cookie:familie engelhorn@lfstmedia.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\2RYS17SF.txt [ Cookie:familie engelhorn@dc.tremormedia.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\UMBP3MCE.txt [ Cookie:familie engelhorn@hardsextube.com/video/716742/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\1XJR1W9D.txt [ Cookie:familie engelhorn@edge.download.newmedia.nacamar.net/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\R01SKL32.txt [ Cookie:familie engelhorn@amazon-adsystem.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\C8L9CX86.txt [ Cookie:familie engelhorn@ad1.dyntracker.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\UKGJ1G5P.txt [ Cookie:familie engelhorn@www.casualteensex.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\XX8CFZ32.txt [ Cookie:familie engelhorn@sextracker.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\EDZMDON2.txt [ Cookie:familie engelhorn@ads.crakmedia.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\QW9Q5L4G.txt [ Cookie:familie engelhorn@www.nakedandclothed.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\ROZV29FZ.txt [ Cookie:familie engelhorn@gaypornofilme.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\3GYPVG30.txt [ Cookie:familie engelhorn@www.sunporno.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\D602RZQC.txt [ Cookie:familie engelhorn@adserver.momo-net.ch/adrevolver/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\K2KN53LM.txt [ Cookie:familie engelhorn@accounts.google.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\4DQAVA8F.txt [ Cookie:familie engelhorn@adserv.adservercentral.info/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\GYT17AQK.txt [ Cookie:familie engelhorn@cheaptickets.122.2o7.net/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\GQI6WUMQ.txt [ Cookie:familie engelhorn@ads2.zeusclicks.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\KWLOHH32.txt [ Cookie:familie engelhorn@sunporno.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y89EED5O.txt [ Cookie:familie engelhorn@www.alphaporno.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\VHTR60I3.txt [ Cookie:familie engelhorn@www.googleadservices.com/pagead/conversion/1041276112/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\QI12PN4J.txt [ Cookie:familie engelhorn@www.stats.casio.de/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\KVUI6K8L.txt [ Cookie:familie engelhorn@alotporn.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\3KCQ4BI9.txt [ Cookie:familie engelhorn@www.googleadservices.com/pagead/conversion/1037021889/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\A5OHBCVW.txt [ Cookie:familie engelhorn@www.pornrabbit.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\9MCOIQ63.txt [ Cookie:familie engelhorn@ad.dyntracker.de/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\YNK66Y72.txt [ Cookie:familie engelhorn@teenyparade.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\X7WR4D4L.txt [ Cookie:familie engelhorn@www.googleadservices.com/pagead/conversion/1066862399/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\6S1HJL3J.txt [ Cookie:familie engelhorn@yieldmanager.net/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\3JFBUGUS.txt [ Cookie:familie engelhorn@c.atdmt.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\OCOTXRER.txt [ Cookie:familie engelhorn@pornoeye.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\IRUZHM65.txt [ Cookie:familie engelhorn@track.gridlockparadise.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\A111NFOV.txt [ Cookie:familie engelhorn@2o7.net/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\17WRV53P.txt [ Cookie:familie engelhorn@gostats.de/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\PIAL0QEZ.txt [ Cookie:familie engelhorn@www.gaypornofilme.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\HG0W419U.txt [ Cookie:familie engelhorn@www.googleadservices.com/pagead/conversion/1071895527/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\KGDYW9OM.txt [ Cookie:familie engelhorn@www.googleadservices.com/pagead/conversion/1030230369/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\1A8I9I9B.txt [ Cookie:familie engelhorn@delivery.trafficbroker.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZI3KH5RJ.txt [ Cookie:familie engelhorn@www.googleadservices.com/pagead/conversion/1036059906/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\NKLHQ81D.txt [ Cookie:familie engelhorn@www.hardsextube.com/ ]
        C:\USERS\FAMILIE ENGELHORN\AppData\Roaming\Microsoft\Windows\Cookies\Low\DB79PGD6.txt [ Cookie:familie engelhorn@dev.hardsextube.com/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\4L6X9XG9.txt [ Cookie:familie engelhorn@deutschporno.eu/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\AIGTHJS4.txt [ Cookie:familie engelhorn@www.momisnaked.com/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\4ADJSDCX.txt [ Cookie:familie engelhorn@ad3.adfarm1.adition.com/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\UECXMHJA.txt [ Cookie:familie engelhorn@ad1.adfarm1.adition.com/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\ESYE8COU.txt [ Cookie:familie engelhorn@server.adformdsp.net/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\JCI5TG6T.txt [ Cookie:familie engelhorn@adxpansion.com/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\EN7PUL14.txt [ Cookie:familie engelhorn@ad.yieldmanager.com/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\YPD6GRR9.txt [ Cookie:familie engelhorn@ad.adnet.de/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\91Q3KPYX.txt [ Cookie:familie engelhorn@track.adform.net/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\1J5129XH.txt [ Cookie:familie engelhorn@pornodoktor.info/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\3TG041K4.txt [ Cookie:familie engelhorn@serving-sys.com/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\FVQNU7YZ.txt [ Cookie:familie engelhorn@www.geficktporno.com/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\B194N9DC.txt [ Cookie:familie engelhorn@adtech.de/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\HQMADYMU.txt [ Cookie:familie engelhorn@www.zanox-affiliate.de/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\6F33VRMB.txt [ Cookie:familie engelhorn@www.gaypornofilme.com/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\UC624TSF.txt [ Cookie:familie engelhorn@amazon-adsystem.com/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\UGWZBNLI.txt [ Cookie:familie engelhorn@insightexpressai.com/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\4JBZF8F8.txt [ Cookie:familie engelhorn@smartadserver.com/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\JYT303Y8.txt [ Cookie:familie engelhorn@youpornos.info/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\C9DFWGJP.txt [ Cookie:familie engelhorn@adultfriendfinder.com/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\WKR9LWVV.txt [ Cookie:familie engelhorn@ww251.smartadserver.com/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\XNIV3S6B.txt [ Cookie:familie engelhorn@deutsche-pornos.com/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\8FGAX08Q.txt [ Cookie:familie engelhorn@gpornofilme.com/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\9CVTDRZ8.txt [ Cookie:familie engelhorn@feuchtetube.com/pornos/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\SIRCBZW7.txt [ Cookie:familie engelhorn@xhamster-porno.com/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\AXZJ1DNZ.txt [ Cookie:familie engelhorn@mediaplex.com/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\7EJ2DWHK.txt [ Cookie:familie engelhorn@ad2.adfarm1.adition.com/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\SZSSG0SM.txt [ Cookie:familie engelhorn@www.usenext.de/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\PIP3J2FH.txt [ Cookie:familie engelhorn@pornlist.tv/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\0XZ9UOKW.txt [ Cookie:familie engelhorn@www.realgfporn.com/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\W6GLQH73.txt [ Cookie:familie engelhorn@tradedoubler.com/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\EYIYYS3A.txt [ Cookie:familie engelhorn@a.revenuemax.de/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\YQ80PWQA.txt [ Cookie:familie engelhorn@fuckedtime.com/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\6LLJPHEZ.txt [ Cookie:familie engelhorn@www.germanypornos.net/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\5SBB5NVB.txt [ Cookie:familie engelhorn@tomtailor.dyntracker.com/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\XP0YBFOO.txt [ Cookie:familie engelhorn@tracking.quisma.com/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\VFCM1G26.txt [ Cookie:familie engelhorn@ad.zanox.com/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\GV25ZVBI.txt [ Cookie:familie engelhorn@sexfilmchen.com/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\2QYQ8WFR.txt [ Cookie:familie engelhorn@server.adform.net/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\C3LBKEOX.txt [ Cookie:familie engelhorn@ad4.adfarm1.adition.com/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\MY3FN0HH.txt [ Cookie:familie engelhorn@traffictrack.de/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\OQY023QG.txt [ Cookie:familie engelhorn@fastclick.net/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\ZBUYCGOR.txt [ Cookie:familie engelhorn@toplist.eu/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\WHZDGQD2.txt [ Cookie:familie engelhorn@zanox-affiliate.de/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\4R2IX8JI.txt [ Cookie:familie engelhorn@pornokantine.com/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\82IUCA52.txt [ Cookie:familie engelhorn@adbrite.com/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\714U996E.txt [ Cookie:familie engelhorn@www.deutschporno.eu/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\QCXA2L59.txt [ Cookie:familie engelhorn@welcome.hp.com/country/de/de/cs/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\0GZP4H4Q.txt [ Cookie:familie engelhorn@doubleclick.net/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\N0ZI2SU8.txt [ Cookie:familie engelhorn@yadro.ru/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\C6DQP5OE.txt [ Cookie:familie engelhorn@www.freesexnavigator.com/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\6RQDFFSD.txt [ Cookie:familie engelhorn@de.sitestat.com/br/br/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\043AD22E.txt [ Cookie:familie engelhorn@porno-deutsch.com/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\7SAASGYJ.txt [ Cookie:familie engelhorn@deutsch-porno.com/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\GHWFNQ9Q.txt [ Cookie:familie engelhorn@msnportal.112.2o7.net/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\DTX3ATPM.txt [ Cookie:familie engelhorn@bs.serving-sys.com/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\Y9U9H6NA.txt [ Cookie:familie engelhorn@statcounter.com/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\QF0S7DKL.txt [ Cookie:familie engelhorn@kontera.com/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\2RQAQ52W.txt [ Cookie:familie engelhorn@specificclick.net/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\Y4EEVHTQ.txt [ Cookie:familie engelhorn@imrworldwide.com/cgi-bin ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\YNWP09GT.txt [ Cookie:familie engelhorn@track.effiliation.com/servlet/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\SV4QS1JW.txt [ Cookie:familie engelhorn@www.deutsch-porno.com/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\27NA0WZK.txt [ Cookie:familie engelhorn@wlw.122.2o7.net/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\U4G53D78.txt [ Cookie:familie engelhorn@www.pornme.com/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\2JXUKQ4P.txt [ Cookie:familie engelhorn@ru4.com/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\RP1DWKCP.txt [ Cookie:familie engelhorn@questionmarket.com/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\0RGTZM6G.txt [ Cookie:familie engelhorn@adform.net/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\O1CMASLZ.txt [ Cookie:familie engelhorn@ad.dyntracker.de/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\MKVQ9URS.txt [ Cookie:familie engelhorn@adformdsp.net/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\IGT4L54D.txt [ Cookie:familie engelhorn@lfstmedia.com/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\0RSTM4ZR.txt [ Cookie:familie engelhorn@lucidmedia.com/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\G8BIVRHU.txt [ Cookie:familie engelhorn@tracking.mindshare.de/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\Z72CSTIL.txt [ Cookie:familie engelhorn@c.atdmt.com/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\XKTW6LBH.txt [ Cookie:familie engelhorn@toplist.sk/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\MA97NJVJ.txt [ Cookie:familie engelhorn@www.gpornofilme.com/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\G2OS8HH2.txt [ Cookie:familie engelhorn@tribalfusion.com/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\M4U7EIXP.txt [ Cookie:familie engelhorn@www.bangbrosteenporn.com/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\8Z1M3Z7F.txt [ Cookie:familie engelhorn@www.pornlist.tv/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\LD15PH2K.txt [ Cookie:familie engelhorn@cashforyoursextape.com/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\XYIIMYBF.txt [ Cookie:familie engelhorn@2o7.net/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\PYMHRLO8.txt [ Cookie:familie engelhorn@eas4.emediate.eu/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\FC7WWIZ1.txt [ Cookie:familie engelhorn@www.googleadservices.com/pagead/conversion/966276644/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\OZKJ2WH0.txt [ Cookie:familie engelhorn@histats.com/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\C7A1FU0Z.txt [ Cookie:familie engelhorn@www.googleadservices.com/pagead/conversion/1059070878/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\Z1P7MIQ0.txt [ Cookie:familie engelhorn@casalemedia.com/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\F1VTHAHC.txt [ Cookie:familie engelhorn@gaypornofilme.com/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\UEWYGUSY.txt [ Cookie:familie engelhorn@thehun-porno.info/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\KCKAZYWO.txt [ Cookie:familie engelhorn@rachesex.com/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\UVI4EMLN.txt [ Cookie:familie engelhorn@media.gan-online.com/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\LE47ETLR.txt [ Cookie:familie engelhorn@www.deutschsexvideo.com/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\WYOLANBO.txt [ Cookie:familie engelhorn@xvideos-porno.com/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\61TG6043.txt [ Cookie:familie engelhorn@ad-emea.doubleclick.net/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\ZYQV41AZ.txt [ Cookie:familie engelhorn@www.googleadservices.com/pagead/conversion/1007531228/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\33IYFQ35.txt [ Cookie:familie engelhorn@adx.chip.de/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\HTZG0H43.txt [ Cookie:familie engelhorn@de.sitestat.com/edeka/edeka-test/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\Y4YBLQ3A.txt [ Cookie:familie engelhorn@fucktapes.org/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\C5BL2530.txt [ Cookie:familie engelhorn@www.fuckedtime.com/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\X6YPO6DA.txt [ Cookie:familie engelhorn@adxpose.com/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\V3QCOAFW.txt [ Cookie:familie engelhorn@www.realitykingsteenporn.com/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\N316JKX4.txt [ Cookie:familie engelhorn@unister-adservices.com/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\6RSWL5Z5.txt [ Cookie:familie engelhorn@www.rachesex.com/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\CLB7513Y.txt [ Cookie:familie engelhorn@www.deutsche-pornos.in/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\NUXNI0UK.txt [ Cookie:familie engelhorn@realgfporn.com/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\VUQVGJ14.txt [ Cookie:familie engelhorn@deutschpornofilme.com/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\2S0HM22W.txt [ Cookie:familie engelhorn@www.pornwave.com/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\TOSUOB8N.txt [ Cookie:familie engelhorn@realitykingsteenporn.com/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\GOZM8X7C.txt [ Cookie:familie engelhorn@tracker.vinsight.de/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\3RCQB51F.txt [ Cookie:familie engelhorn@momisnaked.com/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\OWR1283R.txt [ Cookie:familie engelhorn@www.8teenxxx.com/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\8NZSHKYD.txt [ Cookie:familie engelhorn@im.banner.t-online.de/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\D4N200AZ.txt [ Cookie:familie engelhorn@loyaltypartner.122.2o7.net/ ]
        C:\USERS\FAMILIE ENGELHORN\Cookies\6T6SK21T.txt [ Cookie:familie engelhorn@www.fpctraffic.com/ ]
        C:\USERS\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\SEU09TO1.txt [ Cookie:hp@atdmt.com/ ]
        C:\USERS\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@int.sitestat[1].txt [ Cookie:hp@int.sitestat.com/brother/brother-eu/ ]
        C:\USERS\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@int.sitestat[3].txt [ Cookie:hp@int.sitestat.com/brother/brother-de/ ]
        C:\USERS\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@int.sitestat[2].txt [ Cookie:hp@int.sitestat.com/brother/ ]
        C:\USERS\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\U2HT4XHF.txt [ Cookie:hp@invitemedia.com/ ]
        C:\USERS\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\N10Z33BZ.txt [ Cookie:hp@ad.zanox.com/ ]
        C:\USERS\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\9KS7G8V7.txt [ Cookie:hp@www.etracker.de/ ]
        C:\USERS\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\77CU0XC5.txt [ Cookie:hp@apmebf.com/ ]
        C:\USERS\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\JWELRFCP.txt [ Cookie:hp@ad.yieldmanager.com/ ]
        C:\USERS\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\5YGFQVV9.txt [ Cookie:hp@revsci.net/ ]
        C:\USERS\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp@studivz.adfarm1.adition[1].txt [ Cookie:hp@studivz.adfarm1.adition.com/ ]
        C:\USERS\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\54FF00CM.txt [ Cookie:hp@tracking.mlsat02.de/tmobile/ ]
        C:\USERS\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\M679TCZK.txt [ Cookie:hp@www.googleadservices.com/pagead/conversion/1059070878/ ]
        C:\USERS\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\MGF1QGN2.txt [ Cookie:hp@doubleclick.net/ ]
        C:\USERS\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\SALLZ2T0.txt [ Cookie:hp@zanox.com/ ]
        C:\USERS\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\X6S7VCRE.txt [ Cookie:hp@c.atdmt.com/ ]
        C:\USERS\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\A6YBUXRY.txt [ Cookie:hp@adfarm1.adition.com/ ]
        C:\USERS\HP\AppData\Roaming\Microsoft\Windows\Cookies\Low\T2B74EUR.txt [ Cookie:hp@ad.adnet.de/ ]
        C:\USERS\HP\Cookies\0C7IMRCC.txt [ Cookie:hp@atdmt.com/ ]
        C:\USERS\HP\Cookies\FNPFUHN1.txt [ Cookie:hp@doubleclick.net/ ]
        C:\USERS\HP\Cookies\YYOPB85D.txt [ Cookie:hp@c.atdmt.com/ ]
        secure-it.imrworldwide.com [ C:\USERS\FAMILIE ENGELHORN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RVUWNZC6 ]
teilweise seltsame Cookies ...


Und hier Malwarebytes
Code:
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.28.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
HP :: HP-PC [Administrator]

28.09.2012 20:56:03
mbam-log-2012-09-28 (20-56-03).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 450148
Laufzeit: 55 Minute(n), 55 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

cosinus 29.09.2012 00:02
Sieht ok aus, da wurden nur Cookies gefunden.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )


Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Feuerwerk 29.09.2012 18:20
Hallo cosinus,

ich habe nichts besonderes festgestellt. Scheint alles zu funktionieren. Nehme jetzt den Firefox :-)

Was war denn die Ursache, daß der Trojaner auf meinen Computer kam? Hast du eine Idee?

Bisher nutze ich Avira als Virenscanner. Ist der OK oder empfielst du einen anderen?

Vielen lieben Dank für deine Geduld und Ausdauer!

Viele Grüße,
Feuerwerk

cosinus 01.10.2012 12:03
Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen:

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.


Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.


Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks => Adobe Flash Player Distribution | Adobe

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.


Alle Zeitangaben in WEZ +1. Es ist jetzt 10:45 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19