Trojaner-Board - EXP/2012-4681.J.1 von Avira binnen 20 Minuten zweimal gefunden

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - EXP/2012-4681.J.1 von Avira binnen 20 Minuten zweimal gefunden (https://www.trojaner-board.de/123880-exp-2012-4681-j-1-avira-binnen-20-minuten-zweimal-gefunden.html)

EXP/2012-4681.J.1 von Avira binnen 20 Minuten zweimal gefunden

Hallo,

heute Morgen hat mir Avira Free Antivirus binnen 20 Minuten zweimal EXP/2012-4681.J.1 gefunden. Einmal gefunden in C:\Users\Dennis\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 sowie in C:\Users\Dennis\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20. Nach Bekanntwerden der Sicherheitslücke wurde von mir Java Update 7 installiert. Inzwischen habe ich Java deaktiviert, wie von euch empfohlen, da das Patch die eine Lücke schließt, eine weitere aber öffnet. Avira hat beide Funde in Quarantäne verbannt. Seitdem erstmal keine weiteren Funde. Malwarebytes Anti-Malware ist ohne Fund. Defogger hat keine Fehlermeldung angezeigt. OLT hat folgende olt.txt und extras.txt generiert:

OTL Logfile:

Code:

OTL logfile created on: 11.09.2012 09:02:27 - Run 1

OTL by OldTimer - Version 3.2.61.3     Folder = C:\Users\Dennis\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,75 Gb Total Physical Memory | 1,94 Gb Available Physical Memory | 51,84% Memory free

7,50 Gb Paging File | 5,51 Gb Available in Paging File | 73,49% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 465,66 Gb Total Space | 427,27 Gb Free Space | 91,76% Space Free | Partition Type: NTFS

Drive E: | 149,05 Gb Total Space | 137,52 Gb Free Space | 92,27% Space Free | Partition Type: NTFS

Drive F: | 37,31 Gb Total Space | 26,59 Gb Free Space | 71,26% Space Free | Partition Type: NTFS

 

Computer Name: DENNIS-PC | User Name: Dennis | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.09.11 09:02:14 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Dennis\Downloads\OTL.exe

PRC - [2012.09.11 07:28:54 | 000,059,964 | ---- | M] (Macrovision Europe Ltd.) -- C:\Users\Dennis\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001

PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2012.09.07 17:04:44 | 000,981,656 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

PRC - [2012.09.07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012.09.07 09:56:18 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2012.08.23 07:12:33 | 001,807,560 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe

PRC - [2012.08.08 11:44:45 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2012.07.11 12:21:56 | 000,079,360 | ---- | M] (Creative Labs) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe

PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

PRC - [2011.09.30 09:28:08 | 000,546,464 | ---- | M] (ESET) -- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe

PRC - [2011.09.30 09:28:06 | 000,884,304 | ---- | M] () -- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe

PRC - [2010.09.15 10:11:22 | 000,339,312 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe

PRC - [2009.07.08 15:32:50 | 001,233,195 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe

PRC - [2009.05.04 19:05:04 | 000,241,789 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe

PRC - [2009.02.23 05:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.09.11 07:28:54 | 000,697,884 | ---- | M] () -- C:\Users\Dennis\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0000\~df394b.tmp

MOD - [2012.09.11 07:28:54 | 000,592,896 | ---- | M] () -- C:\Users\Dennis\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0000\~de6248.tmp

MOD - [2012.09.07 09:56:18 | 002,244,064 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

MOD - [2012.08.23 07:12:33 | 009,813,704 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll

MOD - [2012.07.17 09:55:05 | 000,593,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\2b4d6976393bf5643a4ef2d8dffdf75b\System.Messaging.ni.dll

MOD - [2012.07.17 09:31:07 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll

MOD - [2012.07.17 09:30:43 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll

MOD - [2012.07.17 09:30:38 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll

MOD - [2012.07.17 09:30:23 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll

MOD - [2012.07.17 09:30:21 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll

MOD - [2012.07.17 09:30:20 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll

MOD - [2012.07.17 09:30:14 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll

MOD - [2011.09.30 09:28:06 | 000,884,304 | ---- | M] () -- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe

MOD - [2009.04.20 11:55:58 | 000,148,480 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL

MOD - [2009.02.06 18:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL

 

 
 ========== Services (SafeList) ==========

 

SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2012.09.07 09:56:18 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012.08.23 07:12:33 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012.07.11 12:23:49 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)

SRV - [2012.07.11 12:22:46 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)

SRV - [2012.07.11 12:21:56 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe -- (Sound Blaster X-Fi MB Licensing Service)

SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009.02.23 05:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012.07.13 09:18:50 | 000,031,808 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS -- (FNETTBOH_305)

DRV:64bit: - [2012.07.11 12:20:07 | 000,015,936 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\FNETURPX.SYS -- (FNETURPX)

DRV:64bit: - [2012.05.02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)

DRV:64bit: - [2012.04.27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)

DRV:64bit: - [2012.04.25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)

DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010.08.12 12:07:50 | 000,350,952 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)

DRV:64bit: - [2010.06.11 14:37:14 | 000,015,368 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AsrAppCharger.sys -- (AsrAppCharger)

DRV:64bit: - [2009.09.17 13:04:18 | 001,250,816 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)

DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)

DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}

IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=9d89244d-4a60-4eb2-875e-178af695acda&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=9d89244d-4a60-4eb2-875e-178af695acda&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=9d89244d-4a60-4eb2-875e-178af695acda&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=9d89244d-4a60-4eb2-875e-178af695acda&affid=110774&searchtype=hp&babsrc=lnkry_nt

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BD 3A 1B 85 46 5F CD 01  [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=9d89244d-4a60-4eb2-875e-178af695acda&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=9d89244d-4a60-4eb2-875e-178af695acda&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}

IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}

IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=9d89244d-4a60-4eb2-875e-178af695acda&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"

FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"

FF - prefs.js..browser.startup.homepage: "hxxp://www.yahoo.de"

FF - prefs.js..extensions.enabledAddons: ALone-live@ya.ru:1.3.8

FF - prefs.js..extensions.enabledAddons: foxyproxy@eric.h.jung:3.6.2

FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.2

FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10

FF - prefs.js..extensions.enabledAddons: {dc572301-7619-498c-a57d-39143191b318}:0.4.0.3

FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120827

FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33

FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}:6.0.34

FF - prefs.js..keyword.URL: "hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=9d89244d-4a60-4eb2-875e-178af695acda&affid=110774&searchtype=ds&babsrc=lnkry&q="

FF - prefs.js..network.proxy.type: 1

 

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.07 09:56:18 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.07 09:56:18 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

 

[2012.07.11 12:05:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis\AppData\Roaming\mozilla\Extensions

[2012.08.30 13:34:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\tu0p1fla.default\extensions

[2012.08.30 13:34:10 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\tu0p1fla.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

[2012.07.16 12:15:57 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\tu0p1fla.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2012.08.04 16:27:06 | 000,000,000 | ---D | M] (Roomy Bookmarks Toolbar) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\tu0p1fla.default\extensions\ALone-live@ya.ru

[2012.08.06 11:48:38 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\tu0p1fla.default\extensions\foxyproxy@eric.h.jung

[2012.07.16 12:17:31 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\tu0p1fla.default\extensions\ich@maltegoetz.de

[2012.07.25 08:59:00 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Dennis\AppData\Roaming\mozilla\firefox\profiles\tu0p1fla.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

[2012.07.21 23:40:27 | 000,702,524 | ---- | M] () (No name found) -- C:\Users\Dennis\AppData\Roaming\mozilla\firefox\profiles\tu0p1fla.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi

[2012.07.18 07:44:13 | 000,002,474 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\mozilla\firefox\profiles\tu0p1fla.default\searchplugins\Web Search.xml

[2012.09.07 09:56:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2012.09.07 09:56:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}

[2012.09.07 09:56:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}

[2012.09.07 09:56:18 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.07.11 12:37:00 | 000,002,351 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml

[2012.08.29 20:13:45 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.

O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\SysNative\AmbRunE.DLL (Creative Technology Ltd.)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [CTSyncService] C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)

O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)

O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)

O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe (Creative Technology Ltd)

O4 - HKCU..\Run: [ASRockIES]  File not found

O4 - HKCU..\Run: [ASRockOCTuner]  File not found

O4 - HKCU..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)

O4 - HKCU..\Run: [zASRockInstantBoot]  File not found

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Dennis\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Dennis\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Reg Error: Key error.)

O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Reg Error: Value error.)

O16 - DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 10.7.2)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D3027210-D3A2-4D43-B8E8-ECF87CBA31D4}: DhcpNameServer = 192.168.178.1

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.09.11 07:57:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012.09.11 07:52:16 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\Malwarebytes

[2012.09.11 07:52:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.09.11 07:52:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.09.11 07:52:01 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012.09.11 07:52:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012.09.07 09:56:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2012.08.31 10:17:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2012.08.24 10:58:34 | 000,000,000 | ---D | C] -- C:\Users\Dennis\Desktop\30-6-06-31-12-11

[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.09.11 09:01:49 | 000,000,000 | ---- | M] () -- C:\Users\Dennis\defogger_reenable

[2012.09.11 08:31:04 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.09.11 07:52:02 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.09.11 07:36:01 | 000,015,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.09.11 07:36:01 | 000,015,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.09.11 07:33:29 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012.09.11 07:33:29 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2012.09.11 07:33:29 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012.09.11 07:33:29 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2012.09.11 07:33:29 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012.09.11 07:28:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.09.11 07:28:36 | 3019,350,016 | -HS- | M] () -- C:\hiberfil.sys

[2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012.09.06 14:06:18 | 000,207,569 | ---- | M] () -- C:\Users\Dennis\.recently-used.xbel

[2012.09.05 11:55:20 | 000,010,996 | ---- | M] () -- C:\Users\Dennis\Documents\DieZEITKündigung.odt

[2012.09.03 16:41:51 | 000,000,206 | ---- | M] () -- C:\Users\Dennis\Documents\cc_20120903_164133.reg

[2012.08.26 16:54:49 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2012.08.22 17:09:40 | 004,147,334 | ---- | M] () -- C:\Users\Dennis\Desktop\30-6-06-31-12-11.rar

[2012.08.16 16:33:58 | 000,001,186 | ---- | M] () -- C:\Users\Dennis\Documents\cc_20120816_163355.reg

[2012.08.15 14:58:07 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

[2012.08.15 10:24:02 | 000,304,136 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012.08.14 14:12:30 | 000,010,783 | ---- | M] () -- C:\Users\Dennis\Desktop\Anlagespiegel2011.pdf

[2012.08.14 14:11:52 | 000,008,881 | ---- | M] () -- C:\Users\Dennis\Desktop\Anlagespiegel2010.pdf

[2012.08.14 12:48:29 | 000,269,271 | ---- | M] () -- C:\Users\Dennis\Desktop\Abschreibungen.jpg

[2012.08.14 12:33:28 | 000,011,664 | ---- | M] () -- C:\Users\Dennis\Desktop\E-Ü2011Wolter.pdf

[2012.08.14 11:27:09 | 000,006,659 | ---- | M] () -- C:\Users\Dennis\Desktop\BWA2011Wolter.pdf

[2012.08.14 11:23:55 | 000,021,980 | ---- | M] () -- C:\Users\Dennis\Desktop\SummenundSaldenlisteWolter.pdf

[2012.08.14 11:20:49 | 002,609,028 | ---- | M] () -- C:\Users\Dennis\Desktop\KontenausdruckSachkontenWolter.pdf

[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.09.11 09:01:49 | 000,000,000 | ---- | C] () -- C:\Users\Dennis\defogger_reenable

[2012.09.11 07:52:02 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.09.06 14:06:18 | 000,207,569 | ---- | C] () -- C:\Users\Dennis\.recently-used.xbel

[2012.09.05 11:55:18 | 000,010,996 | ---- | C] () -- C:\Users\Dennis\Documents\DieZEITKündigung.odt

[2012.09.03 16:41:45 | 000,000,206 | ---- | C] () -- C:\Users\Dennis\Documents\cc_20120903_164133.reg

[2012.08.22 17:09:35 | 004,147,334 | ---- | C] () -- C:\Users\Dennis\Desktop\30-6-06-31-12-11.rar

[2012.08.16 16:33:57 | 000,001,186 | ---- | C] () -- C:\Users\Dennis\Documents\cc_20120816_163355.reg

[2012.08.15 14:58:07 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

[2012.08.14 14:12:30 | 000,010,783 | ---- | C] () -- C:\Users\Dennis\Desktop\Anlagespiegel2011.pdf

[2012.08.14 14:11:51 | 000,008,881 | ---- | C] () -- C:\Users\Dennis\Desktop\Anlagespiegel2010.pdf

[2012.08.14 12:48:28 | 000,269,271 | ---- | C] () -- C:\Users\Dennis\Desktop\Abschreibungen.jpg

[2012.08.14 12:33:27 | 000,011,664 | ---- | C] () -- C:\Users\Dennis\Desktop\E-Ü2011Wolter.pdf

[2012.08.14 11:27:07 | 000,006,659 | ---- | C] () -- C:\Users\Dennis\Desktop\BWA2011Wolter.pdf

[2012.08.14 11:23:53 | 000,021,980 | ---- | C] () -- C:\Users\Dennis\Desktop\SummenundSaldenlisteWolter.pdf

[2012.08.14 11:19:55 | 002,609,028 | ---- | C] () -- C:\Users\Dennis\Desktop\KontenausdruckSachkontenWolter.pdf

[2012.07.12 16:39:33 | 000,012,772 | ---- | C] () -- C:\Users\Dennis\AppData\Local\recently-used.xbel

[2012.07.12 16:33:59 | 000,000,051 | ---- | C] () -- C:\Users\Dennis\.gtk-bookmarks

[2012.07.12 08:36:46 | 000,018,927 | ---- | C] () -- C:\Users\Dennis\Wettergebnisse.ods

[2012.07.11 15:26:12 | 000,339,456 | ---- | C] () -- C:\Windows\SysWow64\Tx32.dll

[2012.07.11 12:24:18 | 000,002,265 | ---- | C] () -- C:\Windows\FF08_Render_Spk_Hp.ini

[2012.07.11 12:24:18 | 000,001,650 | ---- | C] () -- C:\Windows\FF08_Capture.ini

[2012.07.11 12:24:18 | 000,001,540 | ---- | C] () -- C:\Windows\FF08_Render.ini

[2012.07.11 12:23:57 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL

[2012.07.11 12:23:57 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL

[2011.05.13 10:04:16 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\LXPrnUtil10.dll

[2011.05.13 10:03:16 | 000,303,104 | ---- | C] () -- C:\Windows\SysWow64\dnt27VC8.dll

[2011.05.13 10:01:22 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\dntvmc27VC8.dll

[2011.05.13 10:01:00 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\dntvm27VC8.dll

 
 ========== LOP Check ==========

 

[2012.07.11 15:24:43 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\AbeBooks

[2012.07.11 12:36:47 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Babylon

[2012.09.11 09:00:38 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\BayWotch4

[2012.07.12 08:40:14 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\DeviceVm

[2012.07.16 12:44:24 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\DVDVideoSoft

[2012.07.16 12:15:56 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\DVDVideoSoftIEHelpers

[2012.07.11 17:02:48 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\EPSON

[2012.09.06 18:50:51 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\FileZilla

[2012.09.06 14:06:18 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\gtk-2.0

[2012.08.06 11:14:00 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\JonDo

[2012.07.17 15:38:09 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Lexware

[2012.07.17 22:44:28 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\OpenCandy

[2012.07.11 16:39:55 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\OpenOffice.org

[2012.08.26 16:28:32 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 
 

< End of report >

--- --- ---

Extras.txt

OTL Logfile:

Code:

OTL Extras logfile created on: 11.09.2012 09:02:27 - Run 1

OTL by OldTimer - Version 3.2.61.3     Folder = C:\Users\Dennis\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,75 Gb Total Physical Memory | 1,94 Gb Available Physical Memory | 51,84% Memory free

7,50 Gb Paging File | 5,51 Gb Available in Paging File | 73,49% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 465,66 Gb Total Space | 427,27 Gb Free Space | 91,76% Space Free | Partition Type: NTFS

Drive E: | 149,05 Gb Total Space | 137,52 Gb Free Space | 92,27% Space Free | Partition Type: NTFS

Drive F: | 37,31 Gb Total Space | 26,59 Gb Free Space | 71,26% Space Free | Partition Type: NTFS

 

Computer Name: DENNIS-PC | User Name: Dennis | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{02B1189D-3978-4F15-91DE-B7DAB67DA423}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{112F0011-C15E-4974-871A-F93458C5FEB2}" = rport=445 | protocol=6 | dir=out | app=system | 

"{1AFA8785-70BF-4E4A-A024-6E21B47EBB46}" = rport=139 | protocol=6 | dir=out | app=system | 

"{299F4D7B-33E0-4C99-A65A-2C842FCED951}" = rport=10243 | protocol=6 | dir=out | app=system | 

"{2AE6545E-5A42-4FA4-B4D0-35BC62B3C1E7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{2DF64AA4-6355-477E-B8C0-D87DF92F6F55}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{2FE8C3B7-C365-497E-8F7F-DFFA69A83EED}" = lport=139 | protocol=6 | dir=in | app=system | 

"{335C4A70-4810-4C32-BB60-51C5584F560C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{381A55A4-F720-419F-B0FA-805ADB5D14D5}" = lport=137 | protocol=17 | dir=in | app=system | 

"{3A526173-7BBA-465B-8959-EFA6A0FBA6E4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{4DEF1656-E77A-4E0C-A01E-EC5D81D78084}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{52BD8497-D93E-4D73-999F-7F0EE688EEE7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{63F8A6C4-6327-48DD-806B-9081991BDB43}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{64494704-7B85-4C4D-ADA2-DA14F688703B}" = lport=138 | protocol=17 | dir=in | app=system | 

"{6C2F4DA8-E950-4F58-924C-E97767F8D4B6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{6C3A6AD2-BE02-4AF6-A731-DC9B9C1FCC31}" = rport=138 | protocol=17 | dir=out | app=system | 

"{78168426-D485-4794-8227-3ABDBEFA9380}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{7AA47D3C-A842-4BDF-91F2-98D7B069DCD1}" = lport=445 | protocol=6 | dir=in | app=system | 

"{7CB7E00D-3799-4004-B880-7086380D8935}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{896A18B2-AA00-4889-BEC5-B36F142B525A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{A27BF488-5D0E-4E61-BF7B-87D45BD63BA5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

"{BAFBA56A-DB00-4B8B-BBCC-A94D332A4E84}" = lport=10243 | protocol=6 | dir=in | app=system | 

"{BB73AB4F-0F09-43FD-8683-7473CA0F96F6}" = rport=137 | protocol=17 | dir=out | app=system | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{097292A4-F9F3-4710-8B41-0DF7F5CC5122}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{296AF6F5-8FC0-4BB0-8113-D9CC125E0E60}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{3313D4EB-E062-4E1A-A6F6-C30D3407D629}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{37D60920-3053-44CF-A0C0-FB4734E74A74}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{4AB077A2-F459-4FE4-8EE0-A76826C18F9D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{6554F6D3-087F-4851-B6ED-F1DCFB1944A0}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{67C61171-C600-48DD-ABCD-BCA70E8B8EFF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{7229006A-F18A-425A-A243-C890969A95B9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{93ECE110-DB02-4028-99C9-738BAADEFA01}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{A17726FA-F46D-4C39-AE27-DAB50134D2AE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{AB061C08-B869-4F97-A8B6-1EE559A721DB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 

"{B1F4CE40-27E5-421F-819C-AA11B5E18D4E}" = protocol=6 | dir=out | app=system | 

"{BA318F39-26A1-4614-BFF4-81941FECDC32}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{C8C786BB-0981-48BB-9F6B-548BFEF467D6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{DDADD0F5-020B-4AF6-9BEF-638C8EC94576}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

"{F2E8172A-FEBD-4262-9505-B6FBB2B6F90C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{F350B5CE-7225-4739-BE71-F99C0D8295E5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{F52A52C3-07B9-4A3B-A656-8154ABC6AA56}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

"{FA07AE71-7C1D-49DF-ADA5-2946565E785C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"TCP Query User{CE40BD36-F9C4-42D8-B133-E8756D5D7C65}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 

"UDP Query User{823E98E0-B15C-41CD-BDF7-CDC48D91B275}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)

"{26A24AE4-039D-4CA4-87B4-2F86416013FF}" = Java(TM) 6 Update 13 (64-bit)

"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"ASRock App Charger_is1" = ASRock App Charger v1.0.4

"CCleaner" = CCleaner

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"NVIDIA Display Control Panel" = NVIDIA Display Control Panel

"NVIDIA Drivers" = NVIDIA Drivers

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{09359BE4-C819-485F-AEF8-DCD4D1CBBFC5}" = HomeBase 3

"{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}" = Lexware Info Service

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform

"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 34

"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7

"{2B443CC6-7EBE-43FF-91A8-6AC3B5A085FD}" = Lexware buchhalter 2011

"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4

"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411

"{62B7C52C-CAB6-48B1-8245-52356C141C92}" = RENESIS® Player Browser Plugins

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7A70FCC4-E09F-45CE-ADB5-C208CEBF0A82}" = Servicepack Datumsaktualisierung

"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch

"{C8E00BC8-D619-4081-813A-6B5BCC846534}" = Lexware Elster

"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime

"{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}" = Sound Blaster X-Fi MB

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"ASRock IES_is1" = ASRock IES v2.0.80

"ASRock InstantBoot_is1" = ASRock InstantBoot v1.24

"ASRock OC Tuner_is1" = ASRock OC Tuner v2.3.87

"Avira AntiVir Desktop" = Avira Free Antivirus

"baywotch4_is1" = BayWotch v4.2.15

"EPSON Scanner" = EPSON Scan

"ESET Online Scanner" = ESET Online Scanner v3

"Extended Clipboard_is1" = Extended Clipboard v. Extended Clipboard v. 1.4.24

"FileZilla Client" = FileZilla Client 3.5.3

"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.26.706

"HomeBase 2.3" = HomeBase 2.3

"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400

"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"SopCast" = SopCast 3.5.0

"WinGimp-2.0_is1" = GIMP 2.6.11

"XFastUsb" = XFastUsb

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 11.09.2012 01:29:03 | Computer Name = Dennis-PC | Source = Windows Search Service | ID = 7040

Description = 

 

Error - 11.09.2012 01:29:03 | Computer Name = Dennis-PC | Source = Windows Search Service | ID = 7042

Description = 

 

Error - 11.09.2012 01:29:03 | Computer Name = Dennis-PC | Source = Windows Search Service | ID = 9002

Description = 

 

Error - 11.09.2012 01:29:03 | Computer Name = Dennis-PC | Source = Windows Search Service | ID = 3029

Description = 

 

Error - 11.09.2012 01:29:03 | Computer Name = Dennis-PC | Source = Windows Search Service | ID = 3029

Description = 

 

Error - 11.09.2012 01:29:03 | Computer Name = Dennis-PC | Source = Windows Search Service | ID = 3028

Description = 

 

Error - 11.09.2012 01:29:03 | Computer Name = Dennis-PC | Source = Windows Search Service | ID = 3058

Description = 

 

Error - 11.09.2012 01:29:03 | Computer Name = Dennis-PC | Source = Windows Search Service | ID = 7010

Description = 

 

Error - 11.09.2012 01:57:37 | Computer Name = Dennis-PC | Source = SideBySide | ID = 16842832

Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Dennis\Downloads\esetsmartinstaller_deu.exe".

 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche

 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.

In

 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Komponente

 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Error - 11.09.2012 01:57:41 | Computer Name = Dennis-PC | Source = SideBySide | ID = 16842832

Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Dennis\Downloads\esetsmartinstaller_deu.exe".

 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche

 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.

In

 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Komponente

 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

[ System Events ]

Error - 09.09.2012 02:37:29 | Computer Name = Dennis-PC | Source = Service Control Manager | ID = 7031

Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits

 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:

 Neustart des Diensts.

 

Error - 09.09.2012 12:27:35 | Computer Name = Dennis-PC | Source = Service Control Manager | ID = 7024

Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem

 Fehler beendet: %%-1073473535.

 

Error - 09.09.2012 12:27:35 | Computer Name = Dennis-PC | Source = Service Control Manager | ID = 7031

Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits

 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:

 Neustart des Diensts.

 

Error - 10.09.2012 01:46:07 | Computer Name = Dennis-PC | Source = Service Control Manager | ID = 7024

Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem

 Fehler beendet: %%-1073473535.

 

Error - 10.09.2012 01:46:07 | Computer Name = Dennis-PC | Source = Service Control Manager | ID = 7031

Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits

 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:

 Neustart des Diensts.

 

Error - 11.09.2012 01:29:03 | Computer Name = Dennis-PC | Source = DCOM | ID = 10005

Description = 

 

Error - 11.09.2012 01:29:03 | Computer Name = Dennis-PC | Source = Service Control Manager | ID = 7024

Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem

 Fehler beendet: %%-1073473535.

 

Error - 11.09.2012 01:29:03 | Computer Name = Dennis-PC | Source = Service Control Manager | ID = 7031

Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits

 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:

 Neustart des Diensts.

 

Error - 11.09.2012 01:29:03 | Computer Name = Dennis-PC | Source = Service Control Manager | ID = 7009

Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst

 Windows Search erreicht.

 

Error - 11.09.2012 01:29:03 | Computer Name = Dennis-PC | Source = Service Control Manager | ID = 7000

Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht

 gestartet:   %%1053

 

 

< End of report >

--- --- ---

Zitat:

Malwarebytes Anti-Malware (Test) 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.11.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Dennis :: DENNIS-PC [Administrator]

Schutz: Aktiviert

11.09.2012 07:53:13
mbam-log-2012-09-11 (07-53-13).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 451564
Laufzeit: 2 Stunde(n), 44 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Vor einigen Tagen rief ich die Seite antiquariatsrecht.de aus beruflichen Gründen auf. Bisher war diese von Anwälten betriebene Seite sicher. Jetzt wird sie von Google wegen Verbreitung von Malware vorläufig gesperrt. Ob ein Zusammenhang besteht, kann ich nicht beurteilen.

Vielen Dank bereits für die Hilfe und liebe Grüße

Dennis

Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

Bitte auch ESET ausführen, danach sehen wir weiter!

Hinweis: ESET zeigt durchaus öfter ein paar Fehlalarme. Deswegen soll auch von ESET immer nur erst das Log gepostet und nichts entfernt werden.

ESET Online Scanner
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.

Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt als Administrator starten.
Dein Anti-Virus-Programm während des Scans deaktivieren.

Button http://larusso.trojaner-board.de/Images/eset.jpg (<< klick) drücken.
- Firefox-User:
  Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
- IE-User:
  müssen das Installieren eines ActiveX Elements erlauben.
Setze den einen Hacken bei Yes, i accept the Terms of Use.
Drücke den http://img707.imageshack.us/img707/687/starteg.jpg Button.
Warte bis die Komponenten herunter geladen wurden.
Setze einen Haken bei "Scan archives".
Gehe sicher, dass bei Remove Found Threads kein Haken gesetzt ist.
http://img707.imageshack.us/img707/687/starteg.jpg drücken.
Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.

Wenn der Scan beendet wurde

Klicke http://billy-oneal.com/Canned%20Spee...istThreats.png.
Klicke http://billy-oneal.com/Canned%20Spee...esetExport.png und speichere das Logfile als ESET.txt auf dem Desktop.
Klicke Back und Finish

Bitte poste die Logfile hier.

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

Malwarebytes wurde von mir bisher nur einmal ausgeführt. Das Ergebnis habe ich hier veröffentlicht. ESET hatte ich heute morgen nur heruntergeladen, aber nicht ausgeführt. Beim jetzigen Scan wurde nichts gefunden. "No threats found" zeigt er mir an. Die zwei Funde heute morgen habe ich an Avira gesendet und folgende Antworten getrennt für beide Funde bekommen.

Code:

Vielen Dank für Ihre Email an Avira's Virenlabor.

Auftragsnummer: INC01264054.
 

Wir haben folgende Archivdateien empfangen:

Datei ID         Dateiname         Größe (Byte)         Ergebnis

27119438         504f1291c2a90.zip         4.5 KB         OK
 

Eine Auflistung der Dateien und Ergebnisse, die in Archiven enthalten waren, sind im folgenden aufgeführt:

Datei ID         Dateiname         Größe (Byte)         Ergebnis

26970747         MANIFEST.MF         177 Byte         CLEAN

27112846         Alas.class         2.32 KB         MALWARE

27112847         Bil.class         1.33 KB         MALWARE

27112848         Hwes.class         2.09 KB         MALWARE

27112849         Ini.class         2.52 KB         MALWARE
 
 

Genaue Ergebnisse für jede Datei finden sie im folgenden Abschnitt:

Dateiname         Ergebnis

MANIFEST.MF         CLEAN
 

Die Datei 'MANIFEST.MF' wurde als 'CLEAN' eingestuft. Unsere Analytiker haben in dieser Datei keinen Schadcode gefunden.

Dateiname         Ergebnis

Alas.class         MALWARE
 

Die Datei 'Alas.class' wurde als 'MALWARE' eingestuft. Unsere Analytiker haben dieser Bedrohung den Namen Java/Agent.LW gegeben. Bei der Bezeichnung "JAVA/" handelt es sich um eine virulentes Java-Applet oder-Anwendung. Ein Erkennungsmuster wird mit einem der nächsten Updates der Virendefinitionsdatei (VDF) hinzugefügt werden.

Dateiname         Ergebnis

Bil.class         MALWARE
 

Die Datei 'Bil.class' wurde als 'MALWARE' eingestuft. Unsere Analytiker haben dieser Bedrohung den Namen EXP/2012-4681.J.1 gegeben. Bei der Bezeichnung "EXP/" handelt es sich um eine spezielle Erkennung von Sicherheitslücken, welche es einem Angreifer ermöglichen könnte, Zugriff auf das System zu erhalten. Ein Erkennungsmuster ist mit Version der Virendefinitionsdatei (VDF) hinzugefügt.

Dateiname         Ergebnis

Hwes.class         MALWARE
 

Die Datei 'Hwes.class' wurde als 'MALWARE' eingestuft. Unsere Analytiker haben dieser Bedrohung den Namen Java/Agent.LU gegeben. Bei der Bezeichnung "JAVA/" handelt es sich um eine virulentes Java-Applet oder-Anwendung. Ein Erkennungsmuster wird mit einem der nächsten Updates der Virendefinitionsdatei (VDF) hinzugefügt werden.

Dateiname         Ergebnis

Ini.class         MALWARE
 

Die Datei 'Ini.class' wurde als 'MALWARE' eingestuft. Unsere Analytiker haben dieser Bedrohung den Namen Java/Agent.LT gegeben. Bei der Bezeichnung "JAVA/" handelt es sich um eine virulentes Java-Applet oder-Anwendung. Ein Erkennungsmuster wird mit einem der nächsten Updates der Virendefinitionsdatei (VDF) hinzugefügt werden.

sowie

Code:

Vielen Dank für Ihre Email an Avira's Virenlabor.

Auftragsnummer: INC01264053.
 

Wir haben folgende Archivdateien empfangen:

Datei ID         Dateiname         Größe (Byte)         Ergebnis

27119437         504f1283e1b6b.zip         4.34 KB         OK
 

Eine Auflistung der Dateien und Ergebnisse, die in Archiven enthalten waren, sind im folgenden aufgeführt:

Datei ID         Dateiname         Größe (Byte)         Ergebnis

26970747         MANIFEST.MF         177 Byte         CLEAN

27111601         Bil.class         1.33 KB         MALWARE

27111602         Ini.class         2.1 KB         MALWARE

27111056         Jarw.class         2.31 KB         MALWARE

27111603         Yedsa.class         2.11 KB         MALWARE
 
 

Genaue Ergebnisse für jede Datei finden sie im folgenden Abschnitt:

Dateiname         Ergebnis

MANIFEST.MF         CLEAN
 

Die Datei 'MANIFEST.MF' wurde als 'CLEAN' eingestuft. Unsere Analytiker haben in dieser Datei keinen Schadcode gefunden.

Dateiname         Ergebnis

Bil.class         MALWARE
 

Die Datei 'Bil.class' wurde als 'MALWARE' eingestuft. Unsere Analytiker haben dieser Bedrohung den Namen EXP/2012-4681.J.1 gegeben. Bei der Bezeichnung "EXP/" handelt es sich um eine spezielle Erkennung von Sicherheitslücken, welche es einem Angreifer ermöglichen könnte, Zugriff auf das System zu erhalten. Ein Erkennungsmuster ist mit Version 7.11.42.36 der Virendefinitionsdatei (VDF) hinzugefügt.

Dateiname         Ergebnis

Ini.class         MALWARE
 

Die Datei 'Ini.class' wurde als 'MALWARE' eingestuft. Unsere Analytiker haben dieser Bedrohung den Namen EXP/4681.AP gegeben. Bei der Bezeichnung "EXP/" handelt es sich um eine spezielle Erkennung von Sicherheitslücken, welche es einem Angreifer ermöglichen könnte, Zugriff auf das System zu erhalten. Ein Erkennungsmuster ist mit Version 7.11.42.36 der Virendefinitionsdatei (VDF) hinzugefügt.

Dateiname         Ergebnis

Jarw.class         MALWARE
 

Die Datei 'Jarw.class' wurde als 'MALWARE' eingestuft. Unsere Analytiker haben dieser Bedrohung den Namen Java/Dldr.Treams.EJ gegeben. Bei der Bezeichnung "JAVA/" handelt es sich um eine virulentes Java-Applet oder-Anwendung. Ein Erkennungsmuster ist mit Version 7.11.42.36 der Virendefinitionsdatei (VDF) hinzugefügt.

Dateiname         Ergebnis

Yedsa.class         MALWARE
 

Die Datei 'Yedsa.class' wurde als 'MALWARE' eingestuft. Unsere Analytiker haben dieser Bedrohung den Namen EXP/0840.CR gegeben. Bei der Bezeichnung "EXP/" handelt es sich um eine spezielle Erkennung von Sicherheitslücken, welche es einem Angreifer ermöglichen könnte, Zugriff auf das System zu erhalten. Ein Erkennungsmuster ist mit Version 7.11.42.36 der Virendefinitionsdatei (VDF) hinzugefügt.

Beide habe ich inzwischen aus der Quarantäne gelöscht.

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Suche.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

Code:

# AdwCleaner v2.001 - Datei am 09/11/2012 um 22:28:35 erstellt

# Aktualisiert am 09/09/2012 von Xplode

# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)

# Benutzer : Dennis - DENNIS-PC

# Bootmodus : Normal

# Ausgeführt unter : C:\Users\Dennis\Downloads\adwcleaner.exe

# Option [Suche]
 
 

**** [Dienste] ****
 
 

***** [Dateien / Ordner] *****
 

Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml

Datei Gefunden : C:\user.js

Ordner Gefunden : C:\ProgramData\Babylon

Ordner Gefunden : C:\Users\Dennis\AppData\Roaming\Babylon

Ordner Gefunden : C:\Users\Dennis\AppData\Roaming\OpenCandy
 

***** [Registrierungsdatenbank] *****
 

Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}

Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Schlüssel Gefunden : HKLM\Software\Babylon

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Schlüssel Gefunden : HKU\S-1-5-21-683461252-1616162198-591752608-1001\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}

Schlüssel Gefunden : HKU\S-1-5-21-683461252-1616162198-591752608-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
 

***** [Internet Browser] *****
 

-\\ Internet Explorer v9.0.8112.16421
 

[HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=9d89244d-4a60-4eb2-875e-178af695acda&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=9d89244d-4a60-4eb2-875e-178af695acda&affid=110774&searchtype=hp&babsrc=lnkry_nt

[HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=9d89244d-4a60-4eb2-875e-178af695acda&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}

[HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=9d89244d-4a60-4eb2-875e-178af695acda&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}

[HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=9d89244d-4a60-4eb2-875e-178af695acda&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
 

-\\ Mozilla Firefox v15.0 (de)
 

Profilname : default [Profil par défaut]

Datei : C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\tu0p1fla.default\prefs.js
 

Gefunden : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");

Gefunden : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");

Gefunden : user_pref("browser.search.order.1", "Search the web (Babylon)");

Gefunden : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");

Gefunden : user_pref("extensions.BabylonToolbar_i.babExt", "");

Gefunden : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=109958&tt=010712_2");

Gefunden : user_pref("extensions.BabylonToolbar_i.hardId", "4c06a13f000000000000002522e431ac");

Gefunden : user_pref("extensions.BabylonToolbar_i.id", "4c06a13f000000000000002522e431ac");

Gefunden : user_pref("extensions.BabylonToolbar_i.instlDay", "15532");

Gefunden : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");

Gefunden : user_pref("extensions.BabylonToolbar_i.newTab", true);

Gefunden : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=109958&tt=01071[...]

Gefunden : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");

Gefunden : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");

Gefunden : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");

Gefunden : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");

Gefunden : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");

Gefunden : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");

Gefunden : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1712:37:12");

Gefunden : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");

Gefunden : user_pref("keyword.URL", "hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&u[...]
 

*************************
 

AdwCleaner[R1].txt - [5233 octets] - [11/09/2012 22:28:35]
 

########## EOF - C:\AdwCleaner[R1].txt - [5293 octets] ##########

Diese BabylonToolbar habe ich schon vor einigen Monaten zu löschen versucht, aber die steht scheinbar noch immer irgendwo drin. Aktiv sichtbar ist die nicht mehr, aber hier taucht sie immer noch auf. Ziemlich penetrant dieses Teil.

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Löschen.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Code:

# AdwCleaner v2.001 - Datei am 09/12/2012 um 08:22:59 erstellt

# Aktualisiert am 09/09/2012 von Xplode

# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)

# Benutzer : Dennis - DENNIS-PC

# Bootmodus : Normal

# Ausgeführt unter : C:\Users\Dennis\Downloads\adwcleaner.exe

# Option [Löschen]
 
 

**** [Dienste] ****
 
 

***** [Dateien / Ordner] *****
 

Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml

Datei Gelöscht : C:\user.js

Ordner Gelöscht : C:\ProgramData\Babylon

Ordner Gelöscht : C:\Users\Dennis\AppData\Roaming\Babylon

Ordner Gelöscht : C:\Users\Dennis\AppData\Roaming\OpenCandy
 

***** [Registrierungsdatenbank] *****
 

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Schlüssel Gelöscht : HKLM\Software\Babylon

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
 

***** [Internet Browser] *****
 

-\\ Internet Explorer v9.0.8112.16421
 

Wiederhergestellt : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Wiederhergestellt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=9d89244d-4a60-4eb2-875e-178af695acda&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=9d89244d-4a60-4eb2-875e-178af695acda&affid=110774&searchtype=hp&babsrc=lnkry_nt --> hxxp://www.google.com

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=9d89244d-4a60-4eb2-875e-178af695acda&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=9d89244d-4a60-4eb2-875e-178af695acda&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=9d89244d-4a60-4eb2-875e-178af695acda&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com
 

-\\ Mozilla Firefox v15.0 (de)
 

Profilname : default [Profil par défaut]

Datei : C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\tu0p1fla.default\prefs.js
 

C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\tu0p1fla.default\user.js ... Gelöscht !
 

Gelöscht : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");

Gelöscht : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");

Gelöscht : user_pref("browser.search.order.1", "Search the web (Babylon)");

Gelöscht : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");

Gelöscht : user_pref("extensions.BabylonToolbar_i.babExt", "");

Gelöscht : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=109958&tt=010712_2");

Gelöscht : user_pref("extensions.BabylonToolbar_i.hardId", "4c06a13f000000000000002522e431ac");

Gelöscht : user_pref("extensions.BabylonToolbar_i.id", "4c06a13f000000000000002522e431ac");

Gelöscht : user_pref("extensions.BabylonToolbar_i.instlDay", "15532");

Gelöscht : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");

Gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", true);

Gelöscht : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=109958&tt=01071[...]

Gelöscht : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");

Gelöscht : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");

Gelöscht : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");

Gelöscht : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");

Gelöscht : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");

Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");

Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1712:37:12");

Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");

Gelöscht : user_pref("keyword.URL", "hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&u[...]
 

*************************
 

AdwCleaner[S1].txt - [5803 octets] - [12/09/2012 08:22:59]
 

########## EOF - C:\AdwCleaner[S1].txt - [5863 octets] ##########

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Der normale Windows-Modus funktionierte auch schon vorher uneingeschränkt. Beeinträchtigungen hatte ich zu keiner Zeit. Mir wurden nur die zwei Funde von Avira gemeldet am gestrigen Morgen. Leere Ordner oder Fehlendes kann ich nicht ausmachen. Eigentlich funktioniert alles wie bisher auch.

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Code:

OTL logfile created on: 12.09.2012 15:54:35 - Run 2

OTL by OldTimer - Version 3.2.61.3     Folder = C:\Users\Dennis\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,75 Gb Total Physical Memory | 2,77 Gb Available Physical Memory | 73,97% Memory free

7,50 Gb Paging File | 6,33 Gb Available in Paging File | 84,39% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 465,66 Gb Total Space | 427,19 Gb Free Space | 91,74% Space Free | Partition Type: NTFS

Drive E: | 149,05 Gb Total Space | 137,52 Gb Free Space | 92,27% Space Free | Partition Type: NTFS

Drive F: | 37,31 Gb Total Space | 26,59 Gb Free Space | 71,26% Space Free | Partition Type: NTFS

 

Computer Name: DENNIS-PC | User Name: Dennis | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.09.12 15:52:27 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Dennis\Downloads\OTL(1).exe

PRC - [2012.09.12 08:24:43 | 000,059,964 | ---- | M] (Macrovision Europe Ltd.) -- C:\Users\Dennis\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001

PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2012.08.08 11:44:45 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2012.07.11 12:21:56 | 000,079,360 | ---- | M] (Creative Labs) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe

PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

PRC - [2009.07.08 15:32:50 | 001,233,195 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe

PRC - [2009.05.04 19:05:04 | 000,241,789 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe

PRC - [2009.02.23 05:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.09.12 08:24:43 | 000,697,884 | ---- | M] () -- C:\Users\Dennis\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0000\~df394b.tmp

MOD - [2012.09.12 08:24:43 | 000,592,896 | ---- | M] () -- C:\Users\Dennis\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0000\~de6248.tmp

MOD - [2009.04.20 11:55:58 | 000,148,480 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL

MOD - [2009.02.06 18:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL

 

 
 ========== Services (SafeList) ==========

 

SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2012.09.07 09:56:18 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012.08.23 07:12:33 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012.07.11 12:23:49 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)

SRV - [2012.07.11 12:22:46 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)

SRV - [2012.07.11 12:21:56 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe -- (Sound Blaster X-Fi MB Licensing Service)

SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009.02.23 05:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012.07.13 09:18:50 | 000,031,808 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS -- (FNETTBOH_305)

DRV:64bit: - [2012.07.11 12:20:07 | 000,015,936 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\FNETURPX.SYS -- (FNETURPX)

DRV:64bit: - [2012.05.02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)

DRV:64bit: - [2012.04.27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)

DRV:64bit: - [2012.04.25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)

DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010.08.12 12:07:50 | 000,350,952 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)

DRV:64bit: - [2010.06.11 14:37:14 | 000,015,368 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AsrAppCharger.sys -- (AsrAppCharger)

DRV:64bit: - [2009.09.17 13:04:18 | 001,250,816 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)

DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)

DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

 

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

 

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

 

IE - HKU\S-1-5-21-683461252-1616162198-591752608-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com

IE - HKU\S-1-5-21-683461252-1616162198-591752608-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com

IE - HKU\S-1-5-21-683461252-1616162198-591752608-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com

IE - HKU\S-1-5-21-683461252-1616162198-591752608-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-683461252-1616162198-591752608-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKU\S-1-5-21-683461252-1616162198-591752608-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BD 3A 1B 85 46 5F CD 01  [binary data]

IE - HKU\S-1-5-21-683461252-1616162198-591752608-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com

IE - HKU\S-1-5-21-683461252-1616162198-591752608-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com

IE - HKU\S-1-5-21-683461252-1616162198-591752608-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-683461252-1616162198-591752608-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-683461252-1616162198-591752608-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"

FF - prefs.js..browser.startup.homepage: "hxxp://www.yahoo.de"

FF - prefs.js..extensions.enabledAddons: ALone-live@ya.ru:1.3.8

FF - prefs.js..extensions.enabledAddons: foxyproxy@eric.h.jung:3.6.2

FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.2

FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10

FF - prefs.js..extensions.enabledAddons: {dc572301-7619-498c-a57d-39143191b318}:0.4.0.3

FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120827

FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33

FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}:6.0.34

FF - prefs.js..network.proxy.type: 1

FF - user.js - File not found

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.07 09:56:18 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.07 09:56:18 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

 

[2012.07.11 12:05:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis\AppData\Roaming\mozilla\Extensions

[2012.08.30 13:34:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\tu0p1fla.default\extensions

[2012.08.30 13:34:10 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\tu0p1fla.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

[2012.07.16 12:15:57 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\tu0p1fla.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2012.08.04 16:27:06 | 000,000,000 | ---D | M] (Roomy Bookmarks Toolbar) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\tu0p1fla.default\extensions\ALone-live@ya.ru

[2012.08.06 11:48:38 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\tu0p1fla.default\extensions\foxyproxy@eric.h.jung

[2012.07.16 12:17:31 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\tu0p1fla.default\extensions\ich@maltegoetz.de

[2012.07.25 08:59:00 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Dennis\AppData\Roaming\mozilla\firefox\profiles\tu0p1fla.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

[2012.07.21 23:40:27 | 000,702,524 | ---- | M] () (No name found) -- C:\Users\Dennis\AppData\Roaming\mozilla\firefox\profiles\tu0p1fla.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi

[2012.07.18 07:44:13 | 000,002,474 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\mozilla\firefox\profiles\tu0p1fla.default\searchplugins\Web Search.xml

[2012.09.07 09:56:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2012.09.07 09:56:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}

[2012.09.07 09:56:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}

[2012.09.07 09:56:18 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.08.29 20:13:45 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\SysNative\AmbRunE.DLL (Creative Technology Ltd.)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [CTSyncService] C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)

O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)

O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)

O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe (Creative Technology Ltd)

O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-683461252-1616162198-591752608-1001..\Run: [ASRockIES]  File not found

O4 - HKU\S-1-5-21-683461252-1616162198-591752608-1001..\Run: [ASRockOCTuner]  File not found

O4 - HKU\S-1-5-21-683461252-1616162198-591752608-1001..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)

O4 - HKU\S-1-5-21-683461252-1616162198-591752608-1001..\Run: [zASRockInstantBoot]  File not found

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Dennis\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Dennis\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Reg Error: Key error.)

O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Reg Error: Value error.)

O16 - DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 10.7.2)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D3027210-D3A2-4D43-B8E8-ECF87CBA31D4}: DhcpNameServer = 192.168.178.1

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

 

MsConfig:64bit - StartUpReg: LexwareInfoService - hkey= - key= - C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)

MsConfig:64bit - StartUpReg: XFastUsb - hkey= - key= - C:\Program Files (x86)\XFastUsb\XFastUsb.exe (FNet Co., Ltd.)

 

SafeBootMin:64bit: AppMgmt - Service

SafeBootMin:64bit: Base - Driver Group

SafeBootMin:64bit: Boot Bus Extender - Driver Group

SafeBootMin:64bit: Boot file system - Driver Group

SafeBootMin:64bit: File system - Driver Group

SafeBootMin:64bit: Filter - Driver Group

SafeBootMin:64bit: HelpSvc - Service

SafeBootMin:64bit: PCI Configuration - Driver Group

SafeBootMin:64bit: PNP Filter - Driver Group

SafeBootMin:64bit: Primary disk - Driver Group

SafeBootMin:64bit: sacsvr - Service

SafeBootMin:64bit: SCSI Class - Driver Group

SafeBootMin:64bit: System Bus Extender - Driver Group

SafeBootMin:64bit: vmms - Service

SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet:64bit: AppMgmt - Service

SafeBootNet:64bit: Base - Driver Group

SafeBootNet:64bit: Boot Bus Extender - Driver Group

SafeBootNet:64bit: Boot file system - Driver Group

SafeBootNet:64bit: File system - Driver Group

SafeBootNet:64bit: Filter - Driver Group

SafeBootNet:64bit: HelpSvc - Service

SafeBootNet:64bit: Messenger - Service

SafeBootNet:64bit: NDIS Wrapper - Driver Group

SafeBootNet:64bit: NetBIOSGroup - Driver Group

SafeBootNet:64bit: NetDDEGroup - Driver Group

SafeBootNet:64bit: Network - Driver Group

SafeBootNet:64bit: NetworkProvider - Driver Group

SafeBootNet:64bit: PCI Configuration - Driver Group

SafeBootNet:64bit: PNP Filter - Driver Group

SafeBootNet:64bit: PNP_TDI - Driver Group

SafeBootNet:64bit: Primary disk - Driver Group

SafeBootNet:64bit: rdsessmgr - Service

SafeBootNet:64bit: sacsvr - Service

SafeBootNet:64bit: SCSI Class - Driver Group

SafeBootNet:64bit: Streams Drivers - Driver Group

SafeBootNet:64bit: System Bus Extender - Driver Group

SafeBootNet:64bit: TDI - Driver Group

SafeBootNet:64bit: vmms - Service

SafeBootNet:64bit: WudfUsbccidDriver - Driver

SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.09.11 07:52:16 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\Malwarebytes

[2012.09.11 07:52:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.09.11 07:52:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.09.11 07:52:01 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012.09.11 07:52:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012.09.07 09:56:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2012.08.31 10:17:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2012.08.24 10:58:34 | 000,000,000 | ---D | C] -- C:\Users\Dennis\Desktop\30-6-06-31-12-11

[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.09.12 15:40:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.09.12 15:31:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.09.12 15:00:28 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012.09.12 15:00:28 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2012.09.12 15:00:28 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012.09.12 15:00:28 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2012.09.12 15:00:28 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012.09.12 08:31:58 | 000,015,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.09.12 08:31:58 | 000,015,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.09.12 08:24:20 | 3019,350,016 | -HS- | M] () -- C:\hiberfil.sys

[2012.09.11 09:01:49 | 000,000,000 | ---- | M] () -- C:\Users\Dennis\defogger_reenable

[2012.09.11 07:52:02 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012.09.06 14:06:18 | 000,207,569 | ---- | M] () -- C:\Users\Dennis\.recently-used.xbel

[2012.09.05 11:55:20 | 000,010,996 | ---- | M] () -- C:\Users\Dennis\Documents\DieZEITKündigung.odt

[2012.09.03 16:41:51 | 000,000,206 | ---- | M] () -- C:\Users\Dennis\Documents\cc_20120903_164133.reg

[2012.08.26 16:54:49 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2012.08.22 17:09:40 | 004,147,334 | ---- | M] () -- C:\Users\Dennis\Desktop\30-6-06-31-12-11.rar

[2012.08.16 16:33:58 | 000,001,186 | ---- | M] () -- C:\Users\Dennis\Documents\cc_20120816_163355.reg

[2012.08.15 14:58:07 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

[2012.08.15 10:24:02 | 000,304,136 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012.08.14 14:12:30 | 000,010,783 | ---- | M] () -- C:\Users\Dennis\Desktop\Anlagespiegel2011.pdf

[2012.08.14 14:11:52 | 000,008,881 | ---- | M] () -- C:\Users\Dennis\Desktop\Anlagespiegel2010.pdf

[2012.08.14 12:48:29 | 000,269,271 | ---- | M] () -- C:\Users\Dennis\Desktop\Abschreibungen.jpg

[2012.08.14 12:33:28 | 000,011,664 | ---- | M] () -- C:\Users\Dennis\Desktop\E-Ü2011Wolter.pdf

[2012.08.14 11:27:09 | 000,006,659 | ---- | M] () -- C:\Users\Dennis\Desktop\BWA2011Wolter.pdf

[2012.08.14 11:23:55 | 000,021,980 | ---- | M] () -- C:\Users\Dennis\Desktop\SummenundSaldenlisteWolter.pdf

[2012.08.14 11:20:49 | 002,609,028 | ---- | M] () -- C:\Users\Dennis\Desktop\KontenausdruckSachkontenWolter.pdf

[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.09.11 09:01:49 | 000,000,000 | ---- | C] () -- C:\Users\Dennis\defogger_reenable

[2012.09.11 07:52:02 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.09.06 14:06:18 | 000,207,569 | ---- | C] () -- C:\Users\Dennis\.recently-used.xbel

[2012.09.05 11:55:18 | 000,010,996 | ---- | C] () -- C:\Users\Dennis\Documents\DieZEITKündigung.odt

[2012.09.03 16:41:45 | 000,000,206 | ---- | C] () -- C:\Users\Dennis\Documents\cc_20120903_164133.reg

[2012.08.22 17:09:35 | 004,147,334 | ---- | C] () -- C:\Users\Dennis\Desktop\30-6-06-31-12-11.rar

[2012.08.16 16:33:57 | 000,001,186 | ---- | C] () -- C:\Users\Dennis\Documents\cc_20120816_163355.reg

[2012.08.15 14:58:07 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

[2012.08.14 14:12:30 | 000,010,783 | ---- | C] () -- C:\Users\Dennis\Desktop\Anlagespiegel2011.pdf

[2012.08.14 14:11:51 | 000,008,881 | ---- | C] () -- C:\Users\Dennis\Desktop\Anlagespiegel2010.pdf

[2012.08.14 12:48:28 | 000,269,271 | ---- | C] () -- C:\Users\Dennis\Desktop\Abschreibungen.jpg

[2012.08.14 12:33:27 | 000,011,664 | ---- | C] () -- C:\Users\Dennis\Desktop\E-Ü2011Wolter.pdf

[2012.08.14 11:27:07 | 000,006,659 | ---- | C] () -- C:\Users\Dennis\Desktop\BWA2011Wolter.pdf

[2012.08.14 11:23:53 | 000,021,980 | ---- | C] () -- C:\Users\Dennis\Desktop\SummenundSaldenlisteWolter.pdf

[2012.08.14 11:19:55 | 002,609,028 | ---- | C] () -- C:\Users\Dennis\Desktop\KontenausdruckSachkontenWolter.pdf

[2012.07.12 16:39:33 | 000,012,772 | ---- | C] () -- C:\Users\Dennis\AppData\Local\recently-used.xbel

[2012.07.12 16:33:59 | 000,000,051 | ---- | C] () -- C:\Users\Dennis\.gtk-bookmarks

[2012.07.12 08:36:46 | 000,018,927 | ---- | C] () -- C:\Users\Dennis\Wettergebnisse.ods

[2012.07.11 15:26:12 | 000,339,456 | ---- | C] () -- C:\Windows\SysWow64\Tx32.dll

[2012.07.11 12:24:18 | 000,002,265 | ---- | C] () -- C:\Windows\FF08_Render_Spk_Hp.ini

[2012.07.11 12:24:18 | 000,001,650 | ---- | C] () -- C:\Windows\FF08_Capture.ini

[2012.07.11 12:24:18 | 000,001,540 | ---- | C] () -- C:\Windows\FF08_Render.ini

[2012.07.11 12:23:57 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL

[2012.07.11 12:23:57 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL

[2011.05.13 10:04:16 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\LXPrnUtil10.dll

[2011.05.13 10:03:16 | 000,303,104 | ---- | C] () -- C:\Windows\SysWow64\dnt27VC8.dll

[2011.05.13 10:01:22 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\dntvmc27VC8.dll

[2011.05.13 10:01:00 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\dntvm27VC8.dll

 
 ========== LOP Check ==========

 

[2012.07.11 15:24:43 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\AbeBooks

[2012.09.12 10:18:36 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\BayWotch4

[2012.07.12 08:40:14 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\DeviceVm

[2012.07.16 12:44:24 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\DVDVideoSoft

[2012.07.16 12:15:56 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\DVDVideoSoftIEHelpers

[2012.07.11 17:02:48 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\EPSON

[2012.09.06 18:50:51 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\FileZilla

[2012.09.06 14:06:18 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\gtk-2.0

[2012.08.06 11:14:00 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\JonDo

[2012.07.17 15:38:09 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Lexware

[2012.07.11 16:39:55 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\OpenOffice.org

[2012.08.26 16:28:32 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2012.07.11 15:24:43 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\AbeBooks

[2012.07.11 19:17:29 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Adobe

[2012.07.11 12:21:41 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Avira

[2012.09.12 10:18:36 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\BayWotch4

[2012.07.12 08:40:14 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\DeviceVm

[2012.07.16 12:44:24 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\DVDVideoSoft

[2012.07.16 12:15:56 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\DVDVideoSoftIEHelpers

[2012.07.11 17:02:48 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\EPSON

[2012.09.06 18:50:51 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\FileZilla

[2012.09.06 14:06:18 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\gtk-2.0

[2012.07.11 11:19:53 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Identities

[2012.07.17 15:45:06 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\InstallShield

[2012.08.06 11:14:00 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\JonDo

[2012.07.17 15:38:09 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Lexware

[2012.07.11 12:20:57 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Macromedia

[2012.09.11 07:52:16 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Malwarebytes

[2009.07.14 20:18:18 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Media Center Programs

[2012.07.18 17:04:04 | 000,000,000 | --SD | M] -- C:\Users\Dennis\AppData\Roaming\Microsoft

[2012.07.11 12:05:41 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Mozilla

[2012.07.11 16:39:55 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\OpenOffice.org

 
 < %APPDATA%\*.exe /s >

 
 < %SYSTEMDRIVE%\*.exe >

[2008.04.11 08:03:48 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

 
 < MD5 for: AGP440.SYS  >

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll

[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

 
 < MD5 for: IASTORV.SYS  >

[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys

[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys

[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys

[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys

[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys

[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys

[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys

[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys

[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll

[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll

[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll

[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll

[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys

[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys

[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys

[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys

[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys

[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys

[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys

[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll

[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll

[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll

[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll

[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll

[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll

[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll

[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll

[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll

[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe

[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe

[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe

[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe

[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe

[2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe

[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys

[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 

< End of report >

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

FF - user.js - File not found

FF - prefs.js..network.proxy.type: 1

O4 - HKU\S-1-5-21-683461252-1616162198-591752608-1001..\Run: [ASRockIES]  File not found

O4 - HKU\S-1-5-21-683461252-1616162198-591752608-1001..\Run: [ASRockOCTuner]  File not found

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

:Files

ipconfig /flushdns /c

:Commands

[purity]

[emptytemp]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Avira lässt sich nicht beenden. Auch der Autostarteintrag lässt sich nicht deaktivieren. Avira springt sofort an und meldet einen unerlaubten Zugriff auf die Registry (über CCleaner probiert) und aktiviert den Eintrag umgehend wieder.

Code:

All processes killed

========== OTL ==========

Prefs.js: 1 removed from network.proxy.type

Registry value HKEY_USERS\S-1-5-21-683461252-1616162198-591752608-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ASRockIES deleted successfully.

Registry value HKEY_USERS\S-1-5-21-683461252-1616162198-591752608-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ASRockOCTuner deleted successfully.

Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.

========== FILES ==========
 < ipconfig /flushdns /c >

Windows-IP-Konfiguration

Der DNS-Aufl”sungscache wurde geleert.

C:\Users\Dennis\Downloads\cmd.bat deleted successfully.

C:\Users\Dennis\Downloads\cmd.txt deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Dennis

->Temp folder emptied: 231376 bytes

->Temporary Internet Files folder emptied: 82452 bytes

->Java cache emptied: 159747 bytes

->FireFox cache emptied: 82081847 bytes

->Flash cache emptied: 523 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 1618992 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 1824 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 80,00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.61.3 log created on 09122012_164150
 

Files\Folders moved on Reboot...

C:\Users\Dennis\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
 

PendingFileRenameOperations files...
 

Registry entries deleted on Reboot...

Kann ich eigentlich auch Logfiles von Rechnern posten, die augenscheinlich erstmal kein Problem haben, um all den Müll der sich scheinbar mit der Zeit so ansammelt loszuwerden oder liegt der Fokus ausschließlich auf Rechnern die irgendeine Fehlermeldung produzieren oder von Viren etc. befallen sind?

Erstmal soll hier kein Chaos ausbrechen deswegen macht man schön übersichtlich pro PC auch einen Strang auf. Jeder Rechner hat genau einen Strang. Aber wenn es nur um angesammelten Müll angeht, dann mach erstmal das hier, neue Themen gibt es schon wirklich genug => http://www.trojaner-board.de/71631-p...tml#post425616

So nun gehts aber witer mit dem Rechner in diesem Strang

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtg4nzy0ywy5/settings_2012-09-04.png

Die Frage nach anderen Logs anderer Rechner war auch eher generell gemeint. Ich hatte nicht vor hier in diesem Strang weitere Logs zu posten, die mit dem Problem hier nichts zu tun haben.

Code:

21:06:14.0620 1104  TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48

21:06:14.0948 1104  ============================================================

21:06:14.0948 1104  Current date / time: 2012/09/12 21:06:14.0948

21:06:14.0948 1104  SystemInfo:

21:06:14.0948 1104  

21:06:14.0948 1104  OS Version: 6.1.7601 ServicePack: 1.0

21:06:14.0948 1104  Product type: Workstation

21:06:14.0948 1104  ComputerName: DENNIS-PC

21:06:14.0948 1104  UserName: Dennis

21:06:14.0948 1104  Windows directory: C:\Windows

21:06:14.0948 1104  System windows directory: C:\Windows

21:06:14.0948 1104  Running under WOW64

21:06:14.0948 1104  Processor architecture: Intel x64

21:06:14.0948 1104  Number of processors: 2

21:06:14.0948 1104  Page size: 0x1000

21:06:14.0948 1104  Boot type: Normal boot

21:06:14.0948 1104  ============================================================

21:06:20.0838 1104  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

21:06:20.0854 1104  Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0x38080, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000040

21:06:20.0854 1104  Drive \Device\Harddisk3\DR3 - Size: 0x953C94000 (37.31 Gb), SectorSize: 0x200, Cylinders: 0x1306, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

21:06:21.0276 1104  ============================================================

21:06:21.0276 1104  \Device\Harddisk0\DR0:

21:06:21.0276 1104  MBR partitions:

21:06:21.0276 1104  \Device\Harddisk1\DR1:

21:06:21.0276 1104  MBR partitions:

21:06:21.0276 1104  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

21:06:21.0276 1104  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000

21:06:21.0276 1104  \Device\Harddisk3\DR3:

21:06:21.0276 1104  MBR partitions:

21:06:21.0291 1104  \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x2, BlocksNum 0x4A9DFFE

21:06:21.0291 1104  ============================================================

21:06:21.0307 1104  C: <-> \Device\Harddisk1\DR1\Partition2

21:06:21.0338 1104  F: <-> \Device\Harddisk3\DR3\Partition1

21:06:21.0338 1104  ============================================================

21:06:21.0338 1104  Initialize success

21:06:21.0338 1104  ============================================================

21:07:02.0276 1032  ============================================================

21:07:02.0276 1032  Scan started

21:07:02.0276 1032  Mode: Manual; SigCheck; TDLFS; 

21:07:02.0276 1032  ============================================================

21:07:02.0948 1032  ================ Scan system memory ========================

21:07:02.0948 1032  System memory - ok

21:07:02.0963 1032  ================ Scan services =============================

21:07:03.0104 1032  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys

21:07:03.0229 1032  1394ohci - ok

21:07:03.0291 1032  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys

21:07:03.0307 1032  ACPI - ok

21:07:03.0338 1032  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys

21:07:03.0416 1032  AcpiPmi - ok

21:07:03.0541 1032  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

21:07:03.0557 1032  AdobeARMservice - ok

21:07:03.0651 1032  [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

21:07:03.0666 1032  AdobeFlashPlayerUpdateSvc - ok

21:07:03.0698 1032  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys

21:07:03.0713 1032  adp94xx - ok

21:07:03.0729 1032  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys

21:07:03.0745 1032  adpahci - ok

21:07:03.0760 1032  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys

21:07:03.0776 1032  adpu320 - ok

21:07:03.0807 1032  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll

21:07:03.0963 1032  AeLookupSvc - ok

21:07:04.0041 1032  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys

21:07:04.0104 1032  AFD - ok

21:07:04.0135 1032  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys

21:07:04.0135 1032  agp440 - ok

21:07:04.0151 1032  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe

21:07:04.0229 1032  ALG - ok

21:07:04.0245 1032  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys

21:07:04.0276 1032  aliide - ok

21:07:04.0323 1032  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys

21:07:04.0338 1032  amdide - ok

21:07:04.0354 1032  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys

21:07:04.0416 1032  AmdK8 - ok

21:07:04.0463 1032  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys

21:07:04.0526 1032  AmdPPM - ok

21:07:04.0573 1032  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys

21:07:04.0604 1032  amdsata - ok

21:07:04.0635 1032  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys

21:07:04.0651 1032  amdsbs - ok

21:07:04.0666 1032  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys

21:07:04.0682 1032  amdxata - ok

21:07:04.0729 1032  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

21:07:04.0745 1032  AntiVirSchedulerService - ok

21:07:04.0745 1032  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

21:07:04.0760 1032  AntiVirService - ok

21:07:04.0791 1032  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys

21:07:04.0838 1032  AppID - ok

21:07:04.0870 1032  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll

21:07:04.0932 1032  AppIDSvc - ok

21:07:04.0979 1032  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll

21:07:05.0010 1032  Appinfo - ok

21:07:05.0026 1032  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys

21:07:05.0041 1032  arc - ok

21:07:05.0057 1032  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys

21:07:05.0073 1032  arcsas - ok

21:07:05.0120 1032  [ 912A215CE180A6E7C923C662D7EC777D ] AsrAppCharger   C:\Windows\system32\DRIVERS\AsrAppCharger.sys

21:07:05.0416 1032  AsrAppCharger - ok

21:07:05.0432 1032  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys

21:07:05.0463 1032  AsyncMac - ok

21:07:05.0495 1032  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys

21:07:05.0495 1032  atapi - ok

21:07:05.0588 1032  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

21:07:05.0682 1032  AudioEndpointBuilder - ok

21:07:05.0698 1032  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll

21:07:05.0729 1032  AudioSrv - ok

21:07:05.0760 1032  [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys

21:07:05.0760 1032  avgntflt - ok

21:07:05.0791 1032  [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys

21:07:05.0807 1032  avipbb - ok

21:07:05.0807 1032  [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys

21:07:05.0823 1032  avkmgr - ok

21:07:05.0870 1032  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll

21:07:06.0010 1032  AxInstSV - ok

21:07:06.0088 1032  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys

21:07:06.0166 1032  b06bdrv - ok

21:07:06.0213 1032  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys

21:07:06.0307 1032  b57nd60a - ok

21:07:06.0370 1032  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll

21:07:06.0416 1032  BDESVC - ok

21:07:06.0448 1032  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys

21:07:06.0495 1032  Beep - ok

21:07:06.0588 1032  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll

21:07:06.0651 1032  BFE - ok

21:07:06.0698 1032  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll

21:07:06.0745 1032  BITS - ok

21:07:06.0791 1032  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys

21:07:06.0807 1032  blbdrive - ok

21:07:06.0838 1032  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys

21:07:06.0854 1032  bowser - ok

21:07:06.0870 1032  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys

21:07:06.0916 1032  BrFiltLo - ok

21:07:06.0932 1032  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys

21:07:06.0932 1032  BrFiltUp - ok

21:07:06.0995 1032  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll

21:07:07.0010 1032  Browser - ok

21:07:07.0041 1032  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys

21:07:07.0073 1032  Brserid - ok

21:07:07.0088 1032  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys

21:07:07.0104 1032  BrSerWdm - ok

21:07:07.0104 1032  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys

21:07:07.0151 1032  BrUsbMdm - ok

21:07:07.0151 1032  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys

21:07:07.0166 1032  BrUsbSer - ok

21:07:07.0166 1032  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys

21:07:07.0198 1032  BTHMODEM - ok

21:07:07.0245 1032  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll

21:07:07.0276 1032  bthserv - ok

21:07:07.0307 1032  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys

21:07:07.0338 1032  cdfs - ok

21:07:07.0385 1032  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\drivers\cdrom.sys

21:07:07.0432 1032  cdrom - ok

21:07:07.0510 1032  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll

21:07:07.0573 1032  CertPropSvc - ok

21:07:07.0588 1032  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys

21:07:07.0635 1032  circlass - ok

21:07:07.0666 1032  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys

21:07:07.0682 1032  CLFS - ok

21:07:07.0745 1032  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

21:07:07.0776 1032  clr_optimization_v2.0.50727_32 - ok

21:07:07.0807 1032  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

21:07:07.0823 1032  clr_optimization_v2.0.50727_64 - ok

21:07:07.0901 1032  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

21:07:07.0916 1032  clr_optimization_v4.0.30319_32 - ok

21:07:07.0948 1032  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

21:07:07.0963 1032  clr_optimization_v4.0.30319_64 - ok

21:07:07.0995 1032  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys

21:07:08.0026 1032  CmBatt - ok

21:07:08.0073 1032  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys

21:07:08.0104 1032  cmdide - ok

21:07:08.0151 1032  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys

21:07:08.0182 1032  CNG - ok

21:07:08.0213 1032  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys

21:07:08.0213 1032  Compbatt - ok

21:07:08.0245 1032  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys

21:07:08.0291 1032  CompositeBus - ok

21:07:08.0354 1032  COMSysApp - ok

21:07:08.0370 1032  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys

21:07:08.0385 1032  crcdisk - ok

21:07:08.0416 1032  [ C8BD651E13895B93ED9EC5B4F1DF42BC ] Creative ALchemy AL6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe

21:07:08.0432 1032  Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - warning

21:07:08.0432 1032  Creative ALchemy AL6 Licensing Service - detected UnsignedFile.Multi.Generic (1)

21:07:08.0479 1032  [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe

21:07:08.0541 1032  Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - warning

21:07:08.0541 1032  Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic (1)

21:07:08.0620 1032  [ 4F5414602E2544A4554D95517948B705 ] CryptSvc        C:\Windows\system32\cryptsvc.dll

21:07:08.0666 1032  CryptSvc - ok

21:07:08.0729 1032  [ 07BA6D17E66879018B30B6C3F976EBED ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

21:07:08.0745 1032  CTAudSvcService ( UnsignedFile.Multi.Generic ) - warning

21:07:08.0745 1032  CTAudSvcService - detected UnsignedFile.Multi.Generic (1)

21:07:08.0823 1032  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll

21:07:08.0885 1032  DcomLaunch - ok

21:07:08.0901 1032  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll

21:07:08.0948 1032  defragsvc - ok

21:07:08.0979 1032  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys

21:07:09.0010 1032  DfsC - ok

21:07:09.0088 1032  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll

21:07:09.0166 1032  Dhcp - ok

21:07:09.0198 1032  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys

21:07:09.0245 1032  discache - ok

21:07:09.0276 1032  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys

21:07:09.0276 1032  Disk - ok

21:07:09.0307 1032  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll

21:07:09.0323 1032  Dnscache - ok

21:07:09.0370 1032  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll

21:07:09.0432 1032  dot3svc - ok

21:07:09.0463 1032  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll

21:07:09.0495 1032  DPS - ok

21:07:09.0526 1032  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys

21:07:09.0526 1032  drmkaud - ok

21:07:09.0573 1032  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys

21:07:09.0604 1032  DXGKrnl - ok

21:07:09.0620 1032  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll

21:07:09.0666 1032  EapHost - ok

21:07:09.0745 1032  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys

21:07:09.0870 1032  ebdrv - ok

21:07:09.0901 1032  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe

21:07:09.0932 1032  EFS - ok

21:07:10.0010 1032  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe

21:07:10.0073 1032  ehRecvr - ok

21:07:10.0120 1032  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe

21:07:10.0151 1032  ehSched - ok

21:07:10.0182 1032  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys

21:07:10.0213 1032  elxstor - ok

21:07:10.0229 1032  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys

21:07:10.0260 1032  ErrDev - ok

21:07:10.0323 1032  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll

21:07:10.0385 1032  EventSystem - ok

21:07:10.0401 1032  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys

21:07:10.0463 1032  exfat - ok

21:07:10.0495 1032  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys

21:07:10.0541 1032  fastfat - ok

21:07:10.0666 1032  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe

21:07:10.0729 1032  Fax - ok

21:07:10.0760 1032  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys

21:07:10.0791 1032  fdc - ok

21:07:10.0807 1032  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll

21:07:10.0870 1032  fdPHost - ok

21:07:10.0901 1032  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll

21:07:10.0948 1032  FDResPub - ok

21:07:10.0963 1032  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys

21:07:10.0979 1032  FileInfo - ok

21:07:10.0995 1032  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys

21:07:11.0026 1032  Filetrace - ok

21:07:11.0041 1032  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys

21:07:11.0041 1032  flpydisk - ok

21:07:11.0073 1032  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys

21:07:11.0088 1032  FltMgr - ok

21:07:11.0135 1032  [ FE95AE537B41A7E2F4CFE353064DC4AF ] FNETTBOH_305    C:\Windows\system32\drivers\FNETTBOH_305.SYS

21:07:11.0151 1032  FNETTBOH_305 - ok

21:07:11.0182 1032  [ 7C3C4B4C951EC1BDFD4F769D05E2CC68 ] FNETURPX        C:\Windows\system32\drivers\FNETURPX.SYS

21:07:11.0182 1032  FNETURPX - ok

21:07:11.0229 1032  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll

21:07:11.0276 1032  FontCache - ok

21:07:11.0323 1032  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

21:07:11.0354 1032  FontCache3.0.0.0 - ok

21:07:11.0370 1032  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys

21:07:11.0370 1032  FsDepends - ok

21:07:11.0401 1032  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys

21:07:11.0416 1032  Fs_Rec - ok

21:07:11.0448 1032  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys

21:07:11.0463 1032  fvevol - ok

21:07:11.0479 1032  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys

21:07:11.0495 1032  gagp30kx - ok

21:07:11.0541 1032  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll

21:07:11.0588 1032  gpsvc - ok

21:07:11.0604 1032  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys

21:07:11.0651 1032  hcw85cir - ok

21:07:11.0698 1032  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

21:07:11.0745 1032  HdAudAddService - ok

21:07:11.0791 1032  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys

21:07:11.0823 1032  HDAudBus - ok

21:07:11.0823 1032  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys

21:07:11.0854 1032  HidBatt - ok

21:07:11.0870 1032  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys

21:07:11.0901 1032  HidBth - ok

21:07:11.0901 1032  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys

21:07:11.0948 1032  HidIr - ok

21:07:11.0979 1032  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll

21:07:12.0041 1032  hidserv - ok

21:07:12.0057 1032  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\drivers\hidusb.sys

21:07:12.0073 1032  HidUsb - ok

21:07:12.0104 1032  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll

21:07:12.0166 1032  hkmsvc - ok

21:07:12.0198 1032  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

21:07:12.0260 1032  HomeGroupListener - ok

21:07:12.0291 1032  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

21:07:12.0307 1032  HomeGroupProvider - ok

21:07:12.0338 1032  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys

21:07:12.0354 1032  HpSAMD - ok

21:07:12.0416 1032  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys

21:07:12.0479 1032  HTTP - ok

21:07:12.0526 1032  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys

21:07:12.0526 1032  hwpolicy - ok

21:07:12.0557 1032  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys

21:07:12.0557 1032  i8042prt - ok

21:07:12.0604 1032  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys

21:07:12.0604 1032  iaStorV - ok

21:07:12.0651 1032  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

21:07:12.0666 1032  idsvc - ok

21:07:12.0698 1032  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys

21:07:12.0713 1032  iirsp - ok

21:07:12.0729 1032  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll

21:07:12.0776 1032  IKEEXT - ok

21:07:12.0807 1032  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys

21:07:12.0807 1032  intelide - ok

21:07:12.0838 1032  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys

21:07:12.0854 1032  intelppm - ok

21:07:12.0885 1032  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll

21:07:12.0932 1032  IPBusEnum - ok

21:07:12.0948 1032  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys

21:07:12.0995 1032  IpFilterDriver - ok

21:07:13.0026 1032  [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll

21:07:13.0073 1032  iphlpsvc - ok

21:07:13.0120 1032  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys

21:07:13.0135 1032  IPMIDRV - ok

21:07:13.0135 1032  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys

21:07:13.0166 1032  IPNAT - ok

21:07:13.0198 1032  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys

21:07:13.0245 1032  IRENUM - ok

21:07:13.0260 1032  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys

21:07:13.0260 1032  isapnp - ok

21:07:13.0291 1032  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys

21:07:13.0307 1032  iScsiPrt - ok

21:07:13.0338 1032  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys

21:07:13.0354 1032  kbdclass - ok

21:07:13.0401 1032  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys

21:07:13.0416 1032  kbdhid - ok

21:07:13.0448 1032  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe

21:07:13.0448 1032  KeyIso - ok

21:07:13.0479 1032  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys

21:07:13.0495 1032  KSecDD - ok

21:07:13.0510 1032  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys

21:07:13.0526 1032  KSecPkg - ok

21:07:13.0541 1032  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys

21:07:13.0573 1032  ksthunk - ok

21:07:13.0604 1032  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll

21:07:13.0651 1032  KtmRm - ok

21:07:13.0713 1032  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll

21:07:13.0745 1032  LanmanServer - ok

21:07:13.0791 1032  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

21:07:13.0854 1032  LanmanWorkstation - ok

21:07:13.0885 1032  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys

21:07:13.0932 1032  lltdio - ok

21:07:13.0948 1032  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll

21:07:13.0995 1032  lltdsvc - ok

21:07:14.0026 1032  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll

21:07:14.0057 1032  lmhosts - ok

21:07:14.0073 1032  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys

21:07:14.0088 1032  LSI_FC - ok

21:07:14.0104 1032  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys

21:07:14.0120 1032  LSI_SAS - ok

21:07:14.0120 1032  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys

21:07:14.0135 1032  LSI_SAS2 - ok

21:07:14.0151 1032  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys

21:07:14.0151 1032  LSI_SCSI - ok

21:07:14.0166 1032  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys

21:07:14.0213 1032  luafv - ok

21:07:14.0276 1032  [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys

21:07:14.0276 1032  MBAMProtector - ok

21:07:14.0338 1032  [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

21:07:14.0370 1032  MBAMScheduler - ok

21:07:14.0401 1032  [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

21:07:14.0416 1032  MBAMService - ok

21:07:14.0463 1032  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll

21:07:14.0495 1032  Mcx2Svc - ok

21:07:14.0510 1032  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys

21:07:14.0510 1032  megasas - ok

21:07:14.0541 1032  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys

21:07:14.0557 1032  MegaSR - ok

21:07:14.0588 1032  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll

21:07:14.0635 1032  MMCSS - ok

21:07:14.0666 1032  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys

21:07:14.0698 1032  Modem - ok

21:07:14.0713 1032  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys

21:07:14.0745 1032  monitor - ok

21:07:14.0776 1032  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\drivers\mouclass.sys

21:07:14.0776 1032  mouclass - ok

21:07:14.0791 1032  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys

21:07:14.0807 1032  mouhid - ok

21:07:14.0838 1032  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys

21:07:14.0854 1032  mountmgr - ok

21:07:14.0916 1032  [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

21:07:14.0948 1032  MozillaMaintenance - ok

21:07:14.0979 1032  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys

21:07:14.0979 1032  mpio - ok

21:07:15.0010 1032  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys

21:07:15.0041 1032  mpsdrv - ok

21:07:15.0073 1032  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll

21:07:15.0120 1032  MpsSvc - ok

21:07:15.0151 1032  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys

21:07:15.0182 1032  MRxDAV - ok

21:07:15.0213 1032  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys

21:07:15.0260 1032  mrxsmb - ok

21:07:15.0291 1032  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys

21:07:15.0307 1032  mrxsmb10 - ok

21:07:15.0338 1032  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys

21:07:15.0370 1032  mrxsmb20 - ok

21:07:15.0401 1032  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys

21:07:15.0416 1032  msahci - ok

21:07:15.0448 1032  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys

21:07:15.0463 1032  msdsm - ok

21:07:15.0479 1032  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe

21:07:15.0495 1032  MSDTC - ok

21:07:15.0541 1032  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys

21:07:15.0573 1032  Msfs - ok

21:07:15.0588 1032  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys

21:07:15.0620 1032  mshidkmdf - ok

21:07:15.0651 1032  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys

21:07:15.0651 1032  msisadrv - ok

21:07:15.0729 1032  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll

21:07:15.0823 1032  MSiSCSI - ok

21:07:15.0823 1032  msiserver - ok

21:07:15.0838 1032  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys

21:07:15.0885 1032  MSKSSRV - ok

21:07:15.0916 1032  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys

21:07:15.0979 1032  MSPCLOCK - ok

21:07:16.0010 1032  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys

21:07:16.0073 1032  MSPQM - ok

21:07:16.0104 1032  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys

21:07:16.0120 1032  MsRPC - ok

21:07:16.0135 1032  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys

21:07:16.0151 1032  mssmbios - ok

21:07:16.0151 1032  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys

21:07:16.0182 1032  MSTEE - ok

21:07:16.0213 1032  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys

21:07:16.0213 1032  MTConfig - ok

21:07:16.0245 1032  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys

21:07:16.0260 1032  Mup - ok

21:07:16.0291 1032  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll

21:07:16.0338 1032  napagent - ok

21:07:16.0354 1032  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys

21:07:16.0370 1032  NativeWifiP - ok

21:07:16.0401 1032  [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS            C:\Windows\system32\drivers\ndis.sys

21:07:16.0432 1032  NDIS - ok

21:07:16.0448 1032  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys

21:07:16.0479 1032  NdisCap - ok

21:07:16.0510 1032  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys

21:07:16.0541 1032  NdisTapi - ok

21:07:16.0573 1032  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys

21:07:16.0588 1032  Ndisuio - ok

21:07:16.0620 1032  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys

21:07:16.0698 1032  NdisWan - ok

21:07:16.0713 1032  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys

21:07:16.0760 1032  NDProxy - ok

21:07:16.0760 1032  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys

21:07:16.0807 1032  NetBIOS - ok

21:07:16.0838 1032  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys

21:07:16.0901 1032  NetBT - ok

21:07:16.0916 1032  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe

21:07:16.0932 1032  Netlogon - ok

21:07:16.0963 1032  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll

21:07:17.0010 1032  Netman - ok

21:07:17.0026 1032  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll

21:07:17.0073 1032  netprofm - ok

21:07:17.0088 1032  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

21:07:17.0104 1032  NetTcpPortSharing - ok

21:07:17.0120 1032  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys

21:07:17.0120 1032  nfrd960 - ok

21:07:17.0166 1032  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll

21:07:17.0213 1032  NlaSvc - ok

21:07:17.0229 1032  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys

21:07:17.0260 1032  Npfs - ok

21:07:17.0276 1032  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll

21:07:17.0307 1032  nsi - ok

21:07:17.0323 1032  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys

21:07:17.0354 1032  nsiproxy - ok

21:07:17.0432 1032  [ A2F74975097F52A00745F9637451FDD8 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys

21:07:17.0479 1032  Ntfs - ok

21:07:17.0495 1032  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys

21:07:17.0526 1032  Null - ok

21:07:17.0557 1032  [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD        C:\Windows\system32\DRIVERS\nvm62x64.sys

21:07:17.0573 1032  NVENETFD - ok

21:07:17.0854 1032  [ E55CAB397F77D5208DB18A78B1B7C0D5 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys

21:07:18.0198 1032  nvlddmkm - ok

21:07:18.0260 1032  [ 0AD267A4674805B61A5D7B911D2A978A ] NVNET           C:\Windows\system32\DRIVERS\nvmf6264.sys

21:07:18.0291 1032  NVNET - ok

21:07:18.0307 1032  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys

21:07:18.0323 1032  nvraid - ok

21:07:18.0338 1032  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys

21:07:18.0354 1032  nvstor - ok

21:07:18.0385 1032  [ 662A129CEBB4C0B01F95612A7F6DCC9A ] nvstor64        C:\Windows\system32\DRIVERS\nvstor64.sys

21:07:18.0401 1032  nvstor64 - ok

21:07:18.0432 1032  [ 43BC8151893AE6AFE42E149D663C2221 ] nvsvc           C:\Windows\system32\nvvsvc.exe

21:07:18.0448 1032  nvsvc - ok

21:07:18.0495 1032  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys

21:07:18.0510 1032  nv_agp - ok

21:07:18.0541 1032  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys

21:07:18.0573 1032  ohci1394 - ok

21:07:18.0604 1032  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll

21:07:18.0635 1032  p2pimsvc - ok

21:07:18.0698 1032  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll

21:07:18.0713 1032  p2psvc - ok

21:07:18.0760 1032  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys

21:07:18.0776 1032  Parport - ok

21:07:18.0791 1032  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys

21:07:18.0807 1032  partmgr - ok

21:07:18.0823 1032  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll

21:07:18.0838 1032  PcaSvc - ok

21:07:18.0854 1032  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys

21:07:18.0870 1032  pci - ok

21:07:18.0885 1032  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys

21:07:18.0901 1032  pciide - ok

21:07:18.0916 1032  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys

21:07:18.0916 1032  pcmcia - ok

21:07:18.0932 1032  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys

21:07:18.0948 1032  pcw - ok

21:07:18.0979 1032  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys

21:07:19.0010 1032  PEAUTH - ok

21:07:19.0104 1032  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe

21:07:19.0135 1032  PerfHost - ok

21:07:19.0213 1032  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll

21:07:19.0291 1032  pla - ok

21:07:19.0338 1032  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll

21:07:19.0354 1032  PlugPlay - ok

21:07:19.0385 1032  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll

21:07:19.0416 1032  PNRPAutoReg - ok

21:07:19.0448 1032  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll

21:07:19.0463 1032  PNRPsvc - ok

21:07:19.0479 1032  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll

21:07:19.0541 1032  PolicyAgent - ok

21:07:19.0573 1032  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll

21:07:19.0604 1032  Power - ok

21:07:19.0635 1032  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys

21:07:19.0682 1032  PptpMiniport - ok

21:07:19.0698 1032  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys

21:07:19.0713 1032  Processor - ok

21:07:19.0745 1032  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll

21:07:19.0776 1032  ProfSvc - ok

21:07:19.0807 1032  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

21:07:19.0823 1032  ProtectedStorage - ok

21:07:19.0854 1032  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys

21:07:19.0916 1032  Psched - ok

21:07:19.0963 1032  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys

21:07:20.0026 1032  ql2300 - ok

21:07:20.0041 1032  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys

21:07:20.0057 1032  ql40xx - ok

21:07:20.0088 1032  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll

21:07:20.0104 1032  QWAVE - ok

21:07:20.0120 1032  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys

21:07:20.0151 1032  QWAVEdrv - ok

21:07:20.0182 1032  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys

21:07:20.0213 1032  RasAcd - ok

21:07:20.0245 1032  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys

21:07:20.0276 1032  RasAgileVpn - ok

21:07:20.0291 1032  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll

21:07:20.0338 1032  RasAuto - ok

21:07:20.0370 1032  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys

21:07:20.0416 1032  Rasl2tp - ok

21:07:20.0448 1032  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll

21:07:20.0495 1032  RasMan - ok

21:07:20.0526 1032  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys

21:07:20.0557 1032  RasPppoe - ok

21:07:20.0573 1032  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys

21:07:20.0604 1032  RasSstp - ok

21:07:20.0620 1032  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys

21:07:20.0682 1032  rdbss - ok

21:07:20.0698 1032  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys

21:07:20.0698 1032  rdpbus - ok

21:07:20.0713 1032  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys

21:07:20.0745 1032  RDPCDD - ok

21:07:20.0776 1032  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys

21:07:20.0807 1032  RDPENCDD - ok

21:07:20.0823 1032  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys

21:07:20.0854 1032  RDPREFMP - ok

21:07:20.0885 1032  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys

21:07:20.0916 1032  RDPWD - ok

21:07:20.0948 1032  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys

21:07:20.0963 1032  rdyboost - ok

21:07:20.0995 1032  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll

21:07:21.0026 1032  RemoteAccess - ok

21:07:21.0041 1032  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll

21:07:21.0073 1032  RemoteRegistry - ok

21:07:21.0088 1032  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll

21:07:21.0120 1032  RpcEptMapper - ok

21:07:21.0151 1032  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe

21:07:21.0166 1032  RpcLocator - ok

21:07:21.0182 1032  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll

21:07:21.0213 1032  RpcSs - ok

21:07:21.0229 1032  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys

21:07:21.0260 1032  rspndr - ok

21:07:21.0276 1032  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe

21:07:21.0291 1032  SamSs - ok

21:07:21.0323 1032  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys

21:07:21.0323 1032  sbp2port - ok

21:07:21.0338 1032  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll

21:07:21.0370 1032  SCardSvr - ok

21:07:21.0401 1032  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys

21:07:21.0432 1032  scfilter - ok

21:07:21.0479 1032  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll

21:07:21.0526 1032  Schedule - ok

21:07:21.0573 1032  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll

21:07:21.0635 1032  SCPolicySvc - ok

21:07:21.0666 1032  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll

21:07:21.0698 1032  SDRSVC - ok

21:07:21.0729 1032  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys

21:07:21.0760 1032  secdrv - ok

21:07:21.0791 1032  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll

21:07:21.0823 1032  seclogon - ok

21:07:21.0838 1032  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll

21:07:21.0885 1032  SENS - ok

21:07:21.0885 1032  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll

21:07:21.0916 1032  SensrSvc - ok

21:07:21.0932 1032  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys

21:07:21.0948 1032  Serenum - ok

21:07:21.0979 1032  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys

21:07:22.0010 1032  Serial - ok

21:07:22.0041 1032  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys

21:07:22.0057 1032  sermouse - ok

21:07:22.0104 1032  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll

21:07:22.0135 1032  SessionEnv - ok

21:07:22.0182 1032  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys

21:07:22.0213 1032  sffdisk - ok

21:07:22.0245 1032  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys

21:07:22.0260 1032  sffp_mmc - ok

21:07:22.0276 1032  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys

21:07:22.0307 1032  sffp_sd - ok

21:07:22.0307 1032  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys

21:07:22.0323 1032  sfloppy - ok

21:07:22.0354 1032  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll

21:07:22.0401 1032  SharedAccess - ok

21:07:22.0432 1032  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

21:07:22.0510 1032  ShellHWDetection - ok

21:07:22.0558 1032  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys

21:07:22.0558 1032  SiSRaid2 - ok

21:07:22.0574 1032  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys

21:07:22.0589 1032  SiSRaid4 - ok

21:07:22.0605 1032  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys

21:07:22.0636 1032  Smb - ok

21:07:22.0683 1032  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe

21:07:22.0699 1032  SNMPTRAP - ok

21:07:22.0746 1032  [ FFC5F7ED77AA59AA0A6B70F3D7A22A93 ] Sound Blaster X-Fi MB Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe

21:07:22.0746 1032  Sound Blaster X-Fi MB Licensing Service ( UnsignedFile.Multi.Generic ) - warning

21:07:22.0746 1032  Sound Blaster X-Fi MB Licensing Service - detected UnsignedFile.Multi.Generic (1)

21:07:22.0761 1032  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys

21:07:22.0777 1032  spldr - ok

21:07:22.0808 1032  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe

21:07:22.0855 1032  Spooler - ok

21:07:22.0949 1032  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe

21:07:23.0058 1032  sppsvc - ok

21:07:23.0074 1032  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll

21:07:23.0121 1032  sppuinotify - ok

21:07:23.0136 1032  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys

21:07:23.0183 1032  srv - ok

21:07:23.0199 1032  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys

21:07:23.0214 1032  srv2 - ok

21:07:23.0230 1032  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys

21:07:23.0246 1032  srvnet - ok

21:07:23.0277 1032  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll

21:07:23.0308 1032  SSDPSRV - ok

21:07:23.0324 1032  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll

21:07:23.0355 1032  SstpSvc - ok

21:07:23.0386 1032  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys

21:07:23.0402 1032  stexstor - ok

21:07:23.0433 1032  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll

21:07:23.0464 1032  stisvc - ok

21:07:23.0496 1032  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys

21:07:23.0511 1032  swenum - ok

21:07:23.0527 1032  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll

21:07:23.0558 1032  swprv - ok

21:07:23.0652 1032  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll

21:07:23.0746 1032  SysMain - ok

21:07:23.0777 1032  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

21:07:23.0824 1032  TabletInputService - ok

21:07:23.0855 1032  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll

21:07:23.0902 1032  TapiSrv - ok

21:07:23.0917 1032  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll

21:07:23.0949 1032  TBS - ok

21:07:24.0058 1032  [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys

21:07:24.0105 1032  Tcpip - ok

21:07:24.0152 1032  [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys

21:07:24.0183 1032  TCPIP6 - ok

21:07:24.0230 1032  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys

21:07:24.0246 1032  tcpipreg - ok

21:07:24.0292 1032  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys

21:07:24.0308 1032  TDPIPE - ok

21:07:24.0324 1032  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys

21:07:24.0355 1032  TDTCP - ok

21:07:24.0402 1032  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys

21:07:24.0433 1032  tdx - ok

21:07:24.0464 1032  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys

21:07:24.0464 1032  TermDD - ok

21:07:24.0496 1032  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll

21:07:24.0542 1032  TermService - ok

21:07:24.0574 1032  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll

21:07:24.0589 1032  Themes - ok

21:07:24.0621 1032  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll

21:07:24.0636 1032  THREADORDER - ok

21:07:24.0667 1032  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll

21:07:24.0699 1032  TrkWks - ok

21:07:24.0746 1032  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

21:07:24.0824 1032  TrustedInstaller - ok

21:07:24.0855 1032  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys

21:07:24.0886 1032  tssecsrv - ok

21:07:24.0949 1032  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys

21:07:24.0996 1032  TsUsbFlt - ok

21:07:25.0042 1032  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys

21:07:25.0105 1032  tunnel - ok

21:07:25.0121 1032  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys

21:07:25.0121 1032  uagp35 - ok

21:07:25.0136 1032  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys

21:07:25.0183 1032  udfs - ok

21:07:25.0214 1032  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe

21:07:25.0230 1032  UI0Detect - ok

21:07:25.0246 1032  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys

21:07:25.0261 1032  uliagpkx - ok

21:07:25.0277 1032  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys

21:07:25.0308 1032  umbus - ok

21:07:25.0324 1032  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys

21:07:25.0324 1032  UmPass - ok

21:07:25.0339 1032  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll

21:07:25.0371 1032  upnphost - ok

21:07:25.0402 1032  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys

21:07:25.0464 1032  usbccgp - ok

21:07:25.0496 1032  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys

21:07:25.0527 1032  usbcir - ok

21:07:25.0558 1032  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys

21:07:25.0574 1032  usbehci - ok

21:07:25.0589 1032  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys

21:07:25.0621 1032  usbhub - ok

21:07:25.0636 1032  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys

21:07:25.0667 1032  usbohci - ok

21:07:25.0683 1032  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys

21:07:25.0714 1032  usbprint - ok

21:07:25.0746 1032  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys

21:07:25.0761 1032  usbscan - ok

21:07:25.0761 1032  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS

21:07:25.0777 1032  USBSTOR - ok

21:07:25.0808 1032  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys

21:07:25.0808 1032  usbuhci - ok

21:07:25.0824 1032  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll

21:07:25.0949 1032  UxSms - ok

21:07:26.0011 1032  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe

21:07:26.0027 1032  VaultSvc - ok

21:07:26.0042 1032  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys

21:07:26.0058 1032  vdrvroot - ok

21:07:26.0105 1032  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe

21:07:26.0167 1032  vds - ok

21:07:26.0183 1032  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys

21:07:26.0199 1032  vga - ok

21:07:26.0230 1032  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys

21:07:26.0261 1032  VgaSave - ok

21:07:26.0292 1032  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys

21:07:26.0308 1032  vhdmp - ok

21:07:26.0355 1032  [ 906A7C6B6659A650648CF21998270945 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys

21:07:26.0433 1032  VIAHdAudAddService - ok

21:07:26.0464 1032  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys

21:07:26.0480 1032  viaide - ok

21:07:26.0511 1032  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys

21:07:26.0527 1032  volmgr - ok

21:07:26.0589 1032  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys

21:07:26.0621 1032  volmgrx - ok

21:07:26.0636 1032  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys

21:07:26.0667 1032  volsnap - ok

21:07:26.0683 1032  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys

21:07:26.0699 1032  vsmraid - ok

21:07:26.0746 1032  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe

21:07:26.0808 1032  VSS - ok

21:07:26.0824 1032  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys

21:07:26.0839 1032  vwifibus - ok

21:07:26.0886 1032  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll

21:07:26.0933 1032  W32Time - ok

21:07:26.0949 1032  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys

21:07:26.0980 1032  WacomPen - ok

21:07:26.0996 1032  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys

21:07:27.0042 1032  WANARP - ok

21:07:27.0058 1032  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys

21:07:27.0089 1032  Wanarpv6 - ok

21:07:27.0136 1032  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe

21:07:27.0183 1032  wbengine - ok

21:07:27.0199 1032  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll

21:07:27.0214 1032  WbioSrvc - ok

21:07:27.0261 1032  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll

21:07:27.0277 1032  wcncsvc - ok

21:07:27.0292 1032  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

21:07:27.0308 1032  WcsPlugInService - ok

21:07:27.0308 1032  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys

21:07:27.0324 1032  Wd - ok

21:07:27.0355 1032  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys

21:07:27.0371 1032  Wdf01000 - ok

21:07:27.0386 1032  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll

21:07:27.0433 1032  WdiServiceHost - ok

21:07:27.0433 1032  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll

21:07:27.0449 1032  WdiSystemHost - ok

21:07:27.0480 1032  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll

21:07:27.0511 1032  WebClient - ok

21:07:27.0527 1032  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll

21:07:27.0558 1032  Wecsvc - ok

21:07:27.0574 1032  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll

21:07:27.0621 1032  wercplsupport - ok

21:07:27.0636 1032  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll

21:07:27.0667 1032  WerSvc - ok

21:07:27.0683 1032  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys

21:07:27.0714 1032  WfpLwf - ok

21:07:27.0730 1032  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys

21:07:27.0746 1032  WIMMount - ok

21:07:27.0746 1032  WinDefend - ok

21:07:27.0761 1032  WinHttpAutoProxySvc - ok

21:07:27.0808 1032  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll

21:07:27.0902 1032  Winmgmt - ok

21:07:27.0949 1032  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll

21:07:28.0027 1032  WinRM - ok

21:07:28.0074 1032  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys

21:07:28.0089 1032  WinUsb - ok

21:07:28.0136 1032  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll

21:07:28.0230 1032  Wlansvc - ok

21:07:28.0277 1032  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys

21:07:28.0308 1032  WmiAcpi - ok

21:07:28.0339 1032  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe

21:07:28.0371 1032  wmiApSrv - ok

21:07:28.0402 1032  WMPNetworkSvc - ok

21:07:28.0417 1032  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll

21:07:28.0449 1032  WPCSvc - ok

21:07:28.0480 1032  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll

21:07:28.0496 1032  WPDBusEnum - ok

21:07:28.0511 1032  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys

21:07:28.0558 1032  ws2ifsl - ok

21:07:28.0574 1032  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll

21:07:28.0605 1032  wscsvc - ok

21:07:28.0605 1032  WSearch - ok

21:07:28.0683 1032  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll

21:07:28.0808 1032  wuauserv - ok

21:07:28.0839 1032  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys

21:07:28.0902 1032  WudfPf - ok

21:07:28.0917 1032  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys

21:07:28.0964 1032  WUDFRd - ok

21:07:28.0996 1032  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll

21:07:29.0011 1032  wudfsvc - ok

21:07:29.0042 1032  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll

21:07:29.0074 1032  WwanSvc - ok

21:07:29.0074 1032  ================ Scan global ===============================

21:07:29.0105 1032  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

21:07:29.0136 1032  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll

21:07:29.0152 1032  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll

21:07:29.0183 1032  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

21:07:29.0214 1032  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

21:07:29.0214 1032  [Global] - ok

21:07:29.0214 1032  ================ Scan MBR ==================================

21:07:29.0214 1032  [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0

21:07:29.0324 1032  \Device\Harddisk0\DR0 - ok

21:07:29.0355 1032  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1

21:07:29.0667 1032  \Device\Harddisk1\DR1 - ok

21:07:30.0074 1032  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk3\DR3

21:07:30.0324 1032  \Device\Harddisk3\DR3 - ok

21:07:30.0324 1032  ================ Scan VBR ==================================

21:07:30.0324 1032  [ FF42F8E8710E2BB603F23FCE91D3F685 ] \Device\Harddisk1\DR1\Partition1

21:07:30.0324 1032  \Device\Harddisk1\DR1\Partition1 - ok

21:07:30.0339 1032  [ 768D76892728158091488AC6BC75E81F ] \Device\Harddisk1\DR1\Partition2

21:07:30.0355 1032  \Device\Harddisk1\DR1\Partition2 - ok

21:07:30.0355 1032  [ 23110E5DB0D6D2413C04B715D79E5266 ] \Device\Harddisk3\DR3\Partition1

21:07:30.0355 1032  \Device\Harddisk3\DR3\Partition1 - ok

21:07:30.0355 1032  ============================================================

21:07:30.0355 1032  Scan finished

21:07:30.0355 1032  ============================================================

21:07:30.0371 2316  Detected object count: 4

21:07:30.0371 2316  Actual detected object count: 4

21:08:17.0277 2316  Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user

21:08:17.0277 2316  Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 

21:08:17.0277 2316  Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user

21:08:17.0277 2316  Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 

21:08:17.0277 2316  CTAudSvcService ( UnsignedFile.Multi.Generic ) - skipped by user

21:08:17.0277 2316  CTAudSvcService ( UnsignedFile.Multi.Generic ) - User select action: Skip 

21:08:17.0277 2316  Sound Blaster X-Fi MB Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user

21:08:17.0277 2316  Sound Blaster X-Fi MB Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

Zitat:

Die Frage nach anderen Logs anderer Rechner war auch eher generell gemeint. Ich hatte nicht vor hier in diesem Strang weitere Logs zu posten, die mit dem Problem hier nichts zu tun haben.

Naja ich hab das gepostet weil viele andere TOs auf die Idee kommen "hey ist ja mein Strang also pack ich da mal alles rein - alle Logs von allen Rechnern" http://cosgan.de/images/smilie/konfus/a080.gif

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Code:

ComboFix 12-09-12.03 - Dennis 13.09.2012  14:35:49.1.2 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3839.2723 [GMT 2:00]

ausgeführt von:: c:\users\Dennis\Downloads\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\programdata\ntuser.dat

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-08-13 bis 2012-09-13  ))))))))))))))))))))))))))))))

.

.

2012-09-12 16:23 . 2012-08-22 18:12        950128        ----a-w-        c:\windows\system32\drivers\ndis.sys

2012-09-12 16:23 . 2012-07-04 20:26        41472        ----a-w-        c:\windows\system32\drivers\RNDISMP.sys

2012-09-12 16:23 . 2012-08-02 17:58        574464        ----a-w-        c:\windows\system32\d3d10level9.dll

2012-09-12 16:23 . 2012-08-02 16:57        490496        ----a-w-        c:\windows\SysWow64\d3d10level9.dll

2012-09-12 16:23 . 2012-08-22 18:12        1913200        ----a-w-        c:\windows\system32\drivers\tcpip.sys

2012-09-12 16:23 . 2012-08-22 18:12        376688        ----a-w-        c:\windows\system32\drivers\netio.sys

2012-09-12 16:23 . 2012-08-22 18:12        288624        ----a-w-        c:\windows\system32\drivers\FWPKCLNT.SYS

2012-09-12 14:41 . 2012-09-12 14:41        --------        d-----w-        C:\_OTL

2012-09-11 05:52 . 2012-09-11 05:52        --------        d-----w-        c:\users\Dennis\AppData\Roaming\Malwarebytes

2012-09-11 05:52 . 2012-09-11 05:52        --------        d-----w-        c:\programdata\Malwarebytes

2012-09-11 05:52 . 2012-09-11 05:52        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware

2012-09-11 05:52 . 2012-09-07 15:04        25928        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-08-31 08:17 . 2012-08-31 08:17        --------        d-----w-        c:\program files (x86)\Common Files\Java

2012-08-31 08:17 . 2012-08-31 08:16        95208        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-08-15 05:25 . 2012-05-05 08:36        503808        ----a-w-        c:\windows\system32\srcore.dll

2012-08-15 05:25 . 2012-05-05 07:46        43008        ----a-w-        c:\windows\SysWow64\srclient.dll

2012-08-15 05:25 . 2012-02-11 06:43        751104        ----a-w-        c:\windows\system32\win32spl.dll

2012-08-15 05:25 . 2012-02-11 06:36        559104        ----a-w-        c:\windows\system32\spoolsv.exe

2012-08-15 05:25 . 2012-02-11 06:36        67072        ----a-w-        c:\windows\splwow64.exe

2012-08-15 05:25 . 2012-02-11 05:43        492032        ----a-w-        c:\windows\SysWow64\win32spl.dll

2012-08-15 05:25 . 2012-07-04 22:16        73216        ----a-w-        c:\windows\system32\netapi32.dll

2012-08-15 05:25 . 2012-07-04 22:13        59392        ----a-w-        c:\windows\system32\browcli.dll

2012-08-15 05:25 . 2012-07-04 22:13        136704        ----a-w-        c:\windows\system32\browser.dll

2012-08-15 05:25 . 2012-07-04 21:14        41984        ----a-w-        c:\windows\SysWow64\browcli.dll

2012-08-15 05:25 . 2012-07-18 18:15        3148800        ----a-w-        c:\windows\system32\win32k.sys

2012-08-15 05:25 . 2012-05-14 05:26        956928        ----a-w-        c:\windows\system32\localspl.dll

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-09-12 20:11 . 2012-07-11 11:51        64462936        ----a-w-        c:\windows\system32\MRT.exe

2012-08-31 08:16 . 2012-07-17 20:33        746984        ----a-w-        c:\windows\SysWow64\deployJava1.dll

2012-08-23 05:12 . 2012-07-11 10:59        73416        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-23 05:12 . 2012-07-11 10:59        696520        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

2012-07-27 13:35 . 2012-07-27 13:35        455680        ----a-w-        c:\windows\system32\deploytk.dll

2012-07-27 13:35 . 2012-07-27 13:35        181760        ----a-w-        c:\windows\system32\javaws.exe

2012-07-27 13:35 . 2012-07-27 13:35        165888        ----a-w-        c:\windows\system32\javaw.exe

2012-07-27 13:35 . 2012-07-27 13:35        165888        ----a-w-        c:\windows\system32\java.exe

2012-07-16 18:20 . 2009-07-14 02:36        175616        ----a-w-        c:\windows\system32\msclmd.dll

2012-07-16 18:20 . 2009-07-14 02:36        152576        ----a-w-        c:\windows\SysWow64\msclmd.dll

2012-07-13 07:18 . 2012-07-13 07:18        31808        ----a-w-        c:\windows\system32\drivers\FNETTBOH_305.SYS

2012-07-11 11:58 . 2012-07-11 11:58        86528        ----a-w-        c:\windows\SysWow64\iesysprep.dll

2012-07-11 11:58 . 2012-07-11 11:58        76800        ----a-w-        c:\windows\SysWow64\SetIEInstalledDate.exe

2012-07-11 11:58 . 2012-07-11 11:58        74752        ----a-w-        c:\windows\SysWow64\RegisterIEPKEYs.exe

2012-07-11 11:58 . 2012-07-11 11:58        48640        ----a-w-        c:\windows\SysWow64\mshtmler.dll

2012-07-11 11:58 . 2012-07-11 11:58        161792        ----a-w-        c:\windows\SysWow64\msls31.dll

2012-07-11 11:58 . 2012-07-11 11:58        110592        ----a-w-        c:\windows\SysWow64\IEAdvpack.dll

2012-07-11 11:58 . 2012-07-11 11:58        74752        ----a-w-        c:\windows\SysWow64\iesetup.dll

2012-07-11 11:58 . 2012-07-11 11:58        63488        ----a-w-        c:\windows\SysWow64\tdc.ocx

2012-07-11 11:58 . 2012-07-11 11:58        420864        ----a-w-        c:\windows\SysWow64\vbscript.dll

2012-07-11 11:58 . 2012-07-11 11:58        367104        ----a-w-        c:\windows\SysWow64\html.iec

2012-07-11 11:58 . 2012-07-11 11:58        23552        ----a-w-        c:\windows\SysWow64\licmgr10.dll

2012-07-11 11:58 . 2012-07-11 11:58        152064        ----a-w-        c:\windows\SysWow64\wextract.exe

2012-07-11 11:58 . 2012-07-11 11:58        150528        ----a-w-        c:\windows\SysWow64\iexpress.exe

2012-07-11 11:58 . 2012-07-11 11:58        89088        ----a-w-        c:\windows\system32\RegisterIEPKEYs.exe

2012-07-11 11:58 . 2012-07-11 11:58        65024        ----a-w-        c:\windows\system32\pngfilt.dll

2012-07-11 11:58 . 2012-07-11 11:58        55296        ----a-w-        c:\windows\system32\msfeedsbs.dll

2012-07-11 11:58 . 2012-07-11 11:58        49664        ----a-w-        c:\windows\system32\imgutil.dll

2012-07-11 11:58 . 2012-07-11 11:58        35840        ----a-w-        c:\windows\SysWow64\imgutil.dll

2012-07-11 11:58 . 2012-07-11 11:58        267776        ----a-w-        c:\windows\system32\ieaksie.dll

2012-07-11 11:58 . 2012-07-11 11:58        222208        ----a-w-        c:\windows\system32\msls31.dll

2012-07-11 11:58 . 2012-07-11 11:58        197120        ----a-w-        c:\windows\system32\msrating.dll

2012-07-11 11:58 . 2012-07-11 11:58        163840        ----a-w-        c:\windows\system32\ieakui.dll

2012-07-11 11:58 . 2012-07-11 11:58        149504        ----a-w-        c:\windows\system32\occache.dll

2012-07-11 11:58 . 2012-07-11 11:58        145920        ----a-w-        c:\windows\system32\iepeers.dll

2012-07-11 11:58 . 2012-07-11 11:58        12288        ----a-w-        c:\windows\system32\mshta.exe

2012-07-11 11:58 . 2012-07-11 11:58        11776        ----a-w-        c:\windows\SysWow64\mshta.exe

2012-07-11 11:58 . 2012-07-11 11:58        114176        ----a-w-        c:\windows\system32\admparse.dll

2012-07-11 11:58 . 2012-07-11 11:58        101888        ----a-w-        c:\windows\SysWow64\admparse.dll

2012-07-11 11:58 . 2012-07-11 11:58        10752        ----a-w-        c:\windows\system32\msfeedssync.exe

2012-07-11 11:58 . 2012-07-11 11:58        91648        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe

2012-07-11 11:58 . 2012-07-11 11:58        89088        ----a-w-        c:\windows\system32\ie4uinit.exe

2012-07-11 11:58 . 2012-07-11 11:58        85504        ----a-w-        c:\windows\system32\iesetup.dll

2012-07-11 11:58 . 2012-07-11 11:58        82432        ----a-w-        c:\windows\system32\icardie.dll

2012-07-11 11:58 . 2012-07-11 11:58        76800        ----a-w-        c:\windows\system32\tdc.ocx

2012-07-11 11:58 . 2012-07-11 11:58        697344        ----a-w-        c:\windows\system32\msfeeds.dll

2012-07-11 11:58 . 2012-07-11 11:58        603648        ----a-w-        c:\windows\system32\vbscript.dll

2012-07-11 11:58 . 2012-07-11 11:58        534528        ----a-w-        c:\windows\system32\ieapfltr.dll

2012-07-11 11:58 . 2012-07-11 11:58        48640        ----a-w-        c:\windows\system32\mshtmler.dll

2012-07-11 11:58 . 2012-07-11 11:58        452608        ----a-w-        c:\windows\system32\dxtmsft.dll

2012-07-11 11:58 . 2012-07-11 11:58        448512        ----a-w-        c:\windows\system32\html.iec

2012-07-11 11:58 . 2012-07-11 11:58        403248        ----a-w-        c:\windows\system32\iedkcs32.dll

2012-07-11 11:58 . 2012-07-11 11:58        39936        ----a-w-        c:\windows\system32\iernonce.dll

2012-07-11 11:58 . 2012-07-11 11:58        3695416        ----a-w-        c:\windows\system32\ieapfltr.dat

2012-07-11 11:58 . 2012-07-11 11:58        30720        ----a-w-        c:\windows\system32\licmgr10.dll

2012-07-11 11:58 . 2012-07-11 11:58        282112        ----a-w-        c:\windows\system32\dxtrans.dll

2012-07-11 11:58 . 2012-07-11 11:58        249344        ----a-w-        c:\windows\system32\webcheck.dll

2012-07-11 11:58 . 2012-07-11 11:58        165888        ----a-w-        c:\windows\system32\iexpress.exe

2012-07-11 11:58 . 2012-07-11 11:58        160256        ----a-w-        c:\windows\system32\wextract.exe

2012-07-11 11:58 . 2012-07-11 11:58        160256        ----a-w-        c:\windows\system32\ieakeng.dll

2012-07-11 11:58 . 2012-07-11 11:58        135168        ----a-w-        c:\windows\system32\IEAdvpack.dll

2012-07-11 11:58 . 2012-07-11 11:58        111616        ----a-w-        c:\windows\system32\iesysprep.dll

2012-07-11 11:58 . 2012-07-11 11:58        103936        ----a-w-        c:\windows\system32\inseng.dll

2012-07-11 10:23 . 2012-07-11 10:23        466456        ----a-w-        c:\windows\system32\wrap_oal.dll

2012-07-11 10:23 . 2012-07-11 10:23        444952        ----a-w-        c:\windows\SysWow64\wrap_oal.dll

2012-07-11 10:23 . 2012-07-11 10:23        122904        ----a-w-        c:\windows\system32\OpenAL32.dll

2012-07-11 10:23 . 2012-07-11 10:23        109080        ----a-w-        c:\windows\SysWow64\OpenAL32.dll

2012-07-11 10:20 . 2012-07-11 10:20        15936        ----a-w-        c:\windows\system32\drivers\FNETURPX.SYS

2012-07-05 20:06 . 2012-07-17 20:33        772544        ----a-w-        c:\windows\SysWow64\npDeployJava1.dll

2012-06-22 14:32 . 2012-07-16 10:15        405144        ----a-w-        c:\windows\SysWow64\Newtonsoft.Json.Net20.dll

2012-06-19 10:04 . 2012-06-19 10:04        49152        ----a-r-        c:\windows\SysWow64\inetwh32.dll

2012-06-19 10:04 . 2012-06-19 10:04        1044480        ----a-r-        c:\windows\SysWow64\roboex32.dll

2012-06-18 01:12 . 2012-07-11 09:14        9013136        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{07C7DE33-E480-427E-A91F-EC64CE59E0CB}\mpengine.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ccleaner"="c:\program files\CCleaner\CCleaner64.exe" [2012-08-22 5352288]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-09-21 2583040]

"CTSyncService"="c:\program files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe" [2009-07-08 1233195]

"VolPanel"="c:\program files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" [2009-05-04 241789]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"LexwareInfoService"="c:\program files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe" [2010-09-15 339312]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-23 250568]

R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-07-11 79360]

R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-07-11 79360]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-07 114144]

R3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2012-07-11 79360]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [2010-06-11 15368]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-05-02 27760]

S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2012-07-11 15936]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]

S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-01 86224]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]

S3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS [2012-07-13 31808]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]

S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-09-17 1250816]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - WS2IFSL

.

Inhalt des "geplante Tasks" Ordners

.

2012-09-13 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-11 05:12]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RunDLLEntry"="c:\windows\system32\AmbRunE.dll" [2009-02-26 17920]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2012-07-27 170496]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uSearchAssistant = hxxp://www.google.com

IE: Free YouTube to MP3 Converter - c:\users\Dennis\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

TCP: DhcpNameServer = 192.168.178.1

FF - ProfilePath - c:\users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\tu0p1fla.default\

FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.de

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

Wow6432Node-HKCU-Run-zASRockInstantBoot - (no file)

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2012-09-13  14:44:28 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2012-09-13 12:44

.

Vor Suchlauf: 8 Verzeichnis(se), 458.759.725.056 Bytes frei

Nach Suchlauf: 11 Verzeichnis(se), 458.357.850.112 Bytes frei

.

- - End Of File - - 07B3F87476A012F9D78DA51083AEBE91

Ich habe zwei Ordner gefunden, die vorher nicht da waren. $Recycle.bin (leer) sowie Recycler mit einem Ordner (S-1-5-21-1390067357-861567501-682003330-500), dieser schreibgeschützt.

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Gmer habe ich weggelassen, da ich bei euch gelesen habe, dass es mit 64 Bit-Systemen nicht angewendet werden soll.

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 09:05:15 on 14.09.2012
 

OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 64-bit

Default Browser: Mozilla Corporation Firefox 15.0.1
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Common]

-----( %SystemRoot%\Tasks )-----

"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"CreativeAudioConsole" - "Creative Technology Ltd" - C:\Program Files (x86)\Creative\SB X-Fi MB\AudioCS\CTAudCS.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"AsrAppCharger" (AsrAppCharger) - "Windows (R) Win 7 DDK provider" - C:\Windows\System32\DRIVERS\AsrAppCharger.sys

"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys

"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys

"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys

"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)

"FNETTBOH_305" (FNETTBOH_305) - "FNet Co., Ltd." - C:\Windows\System32\drivers\FNETTBOH_305.SYS

"FNETURPX" (FNETURPX) - "FNet Co., Ltd." - C:\Windows\System32\drivers\FNETURPX.SYS

"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
 

[Explorer]

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll

{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
 

[Internet Explorer]

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} "Java Plug-in 1.6.0_34" - "Oracle Corporation" - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 10.7.2" - "Oracle Corporation" - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab

{8AD9C840-044E-11D1-B3E9-00805F499D93} "{8AD9C840-044E-11D1-B3E9-00805F499D93}" - "Oracle Corporation" - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Oracle Corporation" - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
 

[Logon]

-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"ccleaner" - "Piriform Ltd" - "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO

-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----

"StartupPrograms" - ? - rdpclip  (File not found)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

"CTSyncService" - "Creative Technology Ltd" - C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe /StartRunKey

"HDAudDeck" - "VIA" - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r

"LexwareInfoService" - "Haufe-Lexware GmbH & Co. KG" - C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart

"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

"UpdReg" - "Creative Technology Ltd." - C:\Windows\UpdReg.EXE

"VolPanel" - "Creative Technology Ltd" - "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll  (File not found)

"@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe"  (File not found)

"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

"Creative ALchemy AL6 Licensing Service" (Creative ALchemy AL6 Licensing Service) - "Creative Labs" - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe

"Creative Audio Engine Licensing Service" (Creative Audio Engine Licensing Service) - "Creative Labs" - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe

"Creative Audio Service" (CTAudSvcService) - "Creative Technology Ltd" - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

"MBAMScheduler" (MBAMScheduler) - "Malwarebytes Corporation" - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

"Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe

"Sound Blaster X-Fi MB Licensing Service" (Sound Blaster X-Fi MB Licensing Service) - "Creative Labs" - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
 

===[ Logfile end ]=========================================[ Logfile end ]===
 

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Code:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software

Run date: 2012-09-14 09:08:50

-----------------------------

09:08:50.600    OS Version: Windows x64 6.1.7601 Service Pack 1

09:08:50.600    Number of processors: 2 586 0x603

09:08:50.600    ComputerName: DENNIS-PC  UserName: Dennis

09:08:52.163    Initialize success

09:10:43.883    AVAST engine defs: 12091301

09:10:52.180    Disk 0  \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

09:10:52.196    Disk 0 Vendor: WDC_WD1600AAJB-00J3A0 01.03E01 Size: 152627MB BusType: 3

09:10:52.196    Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\00000057

09:10:52.196    Disk 1 Vendor: MD05000- 01.0 Size: 476940MB BusType: 3

09:10:52.196    Disk 1 MBR read successfully

09:10:52.211    Disk 1 MBR scan

09:10:52.211    Disk 1 Windows 7 default MBR code

09:10:52.211    Disk 1 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048

09:10:52.227    Disk 1 Partition 2 00     07    HPFS/NTFS NTFS       476838 MB offset 206848

09:10:52.243    Disk 1 scanning C:\Windows\system32\drivers

09:11:00.791    Service scanning

09:11:17.619    Modules scanning

09:11:17.634    Disk 1 trace - called modules:

09:11:18.134    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys 

09:11:18.150    1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8004218700]

09:11:18.150    3 CLASSPNP.SYS[fffff8800166c43f] -> nt!IofCallDriver -> [0xfffffa80040a6e40]

09:11:18.166    5 ACPI.sys[fffff88000fa07a1] -> nt!IofCallDriver -> \Device\00000057[0xfffffa80040a5060]

09:11:19.837    AVAST engine scan C:\Windows

09:11:22.306    AVAST engine scan C:\Windows\system32

09:13:46.306    AVAST engine scan C:\Windows\system32\drivers

09:13:57.666    AVAST engine scan C:\Users\Dennis

09:14:51.837    AVAST engine scan C:\ProgramData

09:17:10.931    Scan finished successfully

09:17:41.478    Disk 1 MBR has been saved successfully to "C:\Users\Dennis\Desktop\MBR.dat"

09:17:41.478    The log file has been saved successfully to "C:\Users\Dennis\Desktop\aswMBR.txt"

Ja in der Anleitung steht das noch, aber ich lasse GMER zum Abschluss auch auch 64-Bit-Kisten laufen - also mach bitte einen Lauf mit GMER

Gmer hasn't found any system modification.

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Code:

Malwarebytes Anti-Malware (Test) 1.65.0.1400

www.malwarebytes.org
 

Datenbank Version: v2012.09.14.05
 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Dennis :: DENNIS-PC [Administrator]
 

Schutz: Aktiviert
 

15.09.2012 07:16:55

mbam-log-2012-09-15 (07-16-55).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|)

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 456333

Laufzeit: 4 Stunde(n), 28 Minute(n), 28 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Code:

SUPERAntiSpyware Scan Log

hxxp://www.superantispyware.com
 

Generated 09/15/2012 at 06:16 PM
 

Application Version : 5.5.1016
 

Core Rules Database Version : 9234

Trace Rules Database Version: 7046
 

Scan type       : Complete Scan

Total Scan Time : 06:09:50
 

Operating System Information

Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)

UAC On - Limited User
 

Memory items scanned      : 514

Memory threats detected   : 0

Registry items scanned    : 65136

Registry threats detected : 0

File items scanned        : 177357

File threats detected     : 11
 

Adware.Tracking Cookie

        C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Cookies\S8WQ5D3W.txt [ /fastclick.net ]

        C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Cookies\MTOMBP0U.txt [ /track.adform.net ]

        C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Cookies\CM11FCG7.txt [ /mediaplex.com ]

        C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Cookies\ZFFC5EGA.txt [ /apmebf.com ]

        C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Cookies\VZ1G8WRA.txt [ /adform.net ]

        C:\USERS\DENNIS\Cookies\S8WQ5D3W.txt [ Cookie:dennis@fastclick.net/ ]

        C:\USERS\DENNIS\Cookies\CM11FCG7.txt [ Cookie:dennis@mediaplex.com/ ]

        C:\USERS\DENNIS\Cookies\ZFFC5EGA.txt [ Cookie:dennis@apmebf.com/ ]

        C:\USERS\DENNIS\Cookies\VZ1G8WRA.txt [ Cookie:dennis@adform.net/ ]

        ad.zanox.com [ C:\USERS\DENNIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TU0P1FLA.DEFAULT\COOKIES.SQLITE ]

        ad.zanox.com [ C:\USERS\DENNIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TU0P1FLA.DEFAULT\COOKIES.SQLITE ]

Du hast Malwarebytes vorher nicht aktualisiert. Bitte updaten und einen neuen Vollscan machen.

Code:

UAC On - Limited User

Wie hast du sasw gestartet? Einfach per Doppelklick?

Code:

Malwarebytes Anti-Malware (Test) 1.65.0.1400

www.malwarebytes.org
 

Datenbank Version: v2012.09.16.12
 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Dennis :: DENNIS-PC [Administrator]
 

Schutz: Aktiviert
 

16.09.2012 23:25:19

mbam-log-2012-09-16 (23-25-19).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|)

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 456050

Laufzeit: 4 Stunde(n), 24 Minute(n), 39 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

SuperAntiSpyWare habe ich vermutlich normal über Doppelklick geöffnet. Vielleicht startete es auch automatisch nach der Installation. Ich weiß es nicht mehr.

Dann SASW bitte nochmal ausführen - per Rechtsklick als Admin

Code:

SUPERAntiSpyware Scann-Protokoll

hxxp://www.superantispyware.com
 

Generiert 09/19/2012 bei 01:32 AM
 

Version der Applikation : 5.5.1016
 

Version der Kern-Datenbank : 9249

Version der Spur-Datenbank : 7061
 

Scan Art       : kompletter Scann

Totale Scann-Zeit : 02:21:20
 

Operating System Information

Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)

UAC On - Administrator
 

Gescannte Speicherelemente  : 597

Erfasste Speicher-Bedrohungen  : 0

Gescannte Register-Elemente  : 65265

Erfasste Register-Bedrohungen  : 0

Gescannte Datei-Elemente     : 176221

Erfasste Datei-Elemente   : 0

Sieht ok aus, da wurden nur Cookies gefunden und jetzt nichts mehr.

Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Beschwerden gibt es keine. Ich gehe vor dem Herunterfahren immer mit dem CCleaner einmal drüber. Der löscht auch alle Cookies sowie temporäre Dateien die sich über den Tag so ansammeln. Ansonsten bin ich jetzt mit NoScripts unterwegs und sehr zufrieden. Es ist zwar anfangs etwas mühselig und die Seiten sind mitunter nicht mehr ganz so komfortabel, aber daran gewöhnt man sich auch wieder solange die relevanten Informationen noch erfasst werden können.

Vielen Dank für Deine Hilfe bis hierher. Es ist überhaupt sehr schön, dass es diese kompetente Hilfe im Netz gibt. Meist hört man eher von negativen Schlagzeilen im Zusammenhang mit den Internet. Eben Angriffe durch die Java-Lücke und jetzt aktuell durch den IE.

Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen:

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.

Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.

Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update

PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks => Adobe Flash Player Distribution | Adobe

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.

Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.