Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   GVU Trojaner (https://www.trojaner-board.de/115862-gvu-trojaner.html)

Gustav86 28.05.2012 09:13
GVU Trojaner
 
Liebe Mitglieder,

auch ich habe mir gestern den GVU-Trojaner eingefangen. Nach der Forenrecherche und Rücksprache mit Bekannten, die ähnlich Betroffen waren, habe ich nun mit Hilfe von OTLPE - Retargo unterstehende Editorausgaben erhalten. Können Sie mir dabei bitte weiterhelfen?

Vielen Dank und schöne Grüße
Gustav86

OTL Extras logfile created on: 5/28/2012 10:27:39 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 1 (Version = 6.0.6001) - Type = System
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.42 Gb Total Space | 43.32 Gb Free Space | 19.48% Space Free | Partition Type: NTFS
Drive D: | 10.47 Gb Total Space | 1.79 Gb Free Space | 17.09% Space Free | Partition Type: NTFS
Drive E: | 1.89 Gb Total Space | 1.09 Gb Free Space | 57.70% Space Free | Partition Type: FAT
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{1267949C-73FC-4692-AA22-176F5E909647}" = Nokia PC Suite
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{17050C48-16CB-4500-A102-CEAD750CE11E}" = HP User Guides 0138
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{279DB581-239C-4E13-97F8-0F48E40BE75C}" = Windows Live Messenger
"{2FDFD600-7338-4738-90D5-FC4ACA08DC36}" = Pro Evolution Soccer 2008
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 M1
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{47F36D92-E58E-456D-B73C-3382737E4C42}" = HP Update
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5B2C4D32-A7CD-44B0-8619-4ADBE301B2D3}" = pdfforge Toolbar v5.8
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6C507DED-0FFF-45AC-AF13-FAD35A0FECD8}" = Oracle Crystal Ball
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{732A3F80-008B-4350-BD58-EC5AE98707B8}" = HP Common Access Service Library
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95A747E0-DF19-46CB-A622-20A0107201BD}" = HP Total Care Setup
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.6 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B9C9DB4C-6D77-4AE9-AD1C-C708C23239A0}" = Nokia Connectivity Cable Driver
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C4FFCD8D-3A06-E243-2747-2CE771A8B7D4}" = EA Download Manager UI
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E5E29403-3D25-40C6-892B-F9FEE2A95585}" = HP Wireless Assistant
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster
"{E8020EC7-5DD8-80C9-7237-7B2E9BDA8CC6}" = muvee Reveal
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"7-Zip" = 7-Zip 4.65
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2006
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"conduitEngine" = Conduit Engine
"DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"EA Download Manager" = EA Download Manager
"EA Installer.1475696318" = EA Installer
"EA Installer.-1801473171" = EA Installer
"ElsterFormular für Privatanwender 12.3.2.6814p" = ElsterFormular für Privatanwender
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Studio_is1" = Free Studio version 4.8
"Free YouTube to DVD Converter_is1" = Free YouTube to DVD Converter version 3.0.0.815
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.15.1228
"FUSSBALL MANAGER 11" = FUSSBALL MANAGER 11
"FUSSBALL MANAGER 12" = FUSSBALL MANAGER 12
"Gutscheinmieze - Toolbar" = Gutscheinmieze - Toolbar
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ICQToolbar" = ICQ Toolbar
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1267949C-73FC-4692-AA22-176F5E909647}" = Nokia PC Suite
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2FDFD600-7338-4738-90D5-FC4ACA08DC36}" = Pro Evolution Soccer 2008
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NeroVision!UninstallKey" = NeroVision Express 2
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TomTom HOME" = TomTom HOME 2.7.3.1894
"Uninstall_is1" = Uninstall 1.0.0.1
"vShare" = vShare Plugin
"WildTangent hp Master Uninstall" = My HP Games
"WinZip" = WinZip

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\Frank_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater

< End of report >




OTL logfile created on: 5/28/2012 10:27:39 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 1 (Version = 6.0.6001) - Type = System
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.42 Gb Total Space | 43.32 Gb Free Space | 19.48% Space Free | Partition Type: NTFS
Drive D: | 10.47 Gb Total Space | 1.79 Gb Free Space | 17.09% Space Free | Partition Type: NTFS
Drive E: | 1.89 Gb Total Space | 1.09 Gb Free Space | 57.70% Space Free | Partition Type: FAT
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - [2012/05/25 09:12:54 | 000,785,344 | ---- | M] (Spigot, Inc.) [Auto] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2012/03/26 11:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 11:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/11/21 05:49:24 | 000,247,608 | ---- | M] () [Auto] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009/11/13 07:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/01/20 04:38:46 | 000,249,938 | ---- | M] (IDT, Inc.) [Auto] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\stacsv.exe -- (STacSV)
SRV - [2009/01/20 04:37:30 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\AEstSrv.exe -- (AESTFilters)
SRV - [2008/12/23 11:18:20 | 000,365,952 | ---- | M] () [Auto] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/02/03 07:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - [2012/05/28 02:47:08 | 000,029,904 | ---- | M] () [Kernel | System] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{38A382C9-6BB4-41A3-83DD-752CD186697E}\MpKsl1bf8c92b.sys -- (MpKsl1bf8c92b)
DRV - [2012/05/28 02:24:49 | 000,029,904 | ---- | M] () [Kernel | System] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{38A382C9-6BB4-41A3-83DD-752CD186697E}\MpKsl9ec2d3c6.sys -- (MpKsl9ec2d3c6)
DRV - [2012/05/27 11:14:16 | 000,029,904 | ---- | M] () [Kernel | System] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{38A382C9-6BB4-41A3-83DD-752CD186697E}\MpKsla29fde55.sys -- (MpKsla29fde55)
DRV - [2012/05/27 11:10:34 | 000,029,904 | ---- | M] () [Kernel | System] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{38A382C9-6BB4-41A3-83DD-752CD186697E}\MpKslac6546cc.sys -- (MpKslac6546cc)
DRV - [2012/05/27 11:01:37 | 000,029,904 | ---- | M] () [Kernel | System] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{38A382C9-6BB4-41A3-83DD-752CD186697E}\MpKsl1e72b999.sys -- (MpKsl1e72b999)
DRV - [2012/05/27 10:57:55 | 000,029,904 | ---- | M] () [Kernel | System] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{38A382C9-6BB4-41A3-83DD-752CD186697E}\MpKsl15a976e5.sys -- (MpKsl15a976e5)
DRV - [2012/05/27 09:13:31 | 000,029,904 | ---- | M] () [Kernel | System] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{38A382C9-6BB4-41A3-83DD-752CD186697E}\MpKsl0b6f544d.sys -- (MpKsl0b6f544d)
DRV - [2012/03/20 14:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/01/21 08:53:16 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009/12/30 05:30:48 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009/12/30 05:30:48 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009/01/20 04:39:16 | 000,394,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008/12/23 07:47:52 | 000,138,240 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/12/19 18:01:46 | 001,093,120 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/10/09 09:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008/09/22 01:49:36 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2008/01/23 04:19:44 | 000,501,560 | ---- | M] (Protect Software GmbH) [Kernel | Auto] -- C:\Windows\System32\drivers\ACEDRV11.sys -- (acedrv11)
DRV - [2008/01/20 22:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2007/06/18 11:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Presario&pf=cnnb
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Frank_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Presario&pf=cnnb
IE - HKU\Frank_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\Frank_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Frank_ON_C\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\Frank_ON_C\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\Frank_ON_C\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\Frank_ON_C\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKU\Frank_ON_C\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\5.8\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKU\Frank_ON_C\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKU\Frank_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://de.ask.com/?l=dis&o=1586&gct=hp"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=302398&ilc=12&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398&ilc=12"

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\System32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


[2012/01/17 09:18:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frank\AppData\Roaming\Mozilla\Extensions
[2012/01/17 09:18:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frank\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2012/02/06 10:53:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\m70k60o5.default\extensions
[2011/07/20 16:21:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\m70k60o5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/09/06 05:49:45 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\m70k60o5.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/07/20 16:21:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\m70k60o5.default\extensions\staged-xpis
[2012/04/20 10:29:50 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\m70k60o5.default\extensions\toolbar@ask.com
[2012/04/20 10:29:49 | 000,002,335 | ---- | M] () -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\m70k60o5.default\searchplugins\askcom.xml
[2011/07/20 16:21:56 | 000,002,342 | ---- | M] () -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\m70k60o5.default\searchplugins\icq-search.xml
[2008/03/31 03:52:00 | 000,000,168 | ---- | M] () -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\m70k60o5.default\searchplugins\icqplugin.gif
[2008/03/31 03:52:00 | 000,000,618 | ---- | M] () -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\m70k60o5.default\searchplugins\icqplugin.src
File not found (No name found) -- C:\USERS\FRANK\DESKTOP\MOZILLA FIREFOX\EXTENSIONS\{800B5000-A755-47E1-992B-48A1C1357F07}
File not found (No name found) -- C:\USERS\FRANK\DESKTOP\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
File not found (No name found) -- C:\USERS\FRANK\DESKTOP\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\5.8\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\5.8\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\Frank\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)
O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKU\Frank_ON_C\..\Toolbar\WebBrowser: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O3 - HKU\Frank_ON_C\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKU\Frank_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\Frank_ON_C\..\Toolbar\WebBrowser: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\Frank\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)
O3 - HKU\Frank_ON_C\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe (Nokia Mobile Phones Ltd.)
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\Frank_ON_C..\Run: [9txXqR9p2lPiFxH] C:\Users\Frank\AppData\Roaming\Diablo_III.exe ()
O4 - HKU\Frank_ON_C..\Run: [EA Core] File not found
O4 - HKU\Frank_ON_C..\Run: [FilterHost] C:\Users\Frank\AppData\Roaming\mmserver\FilterHost.exe (Synatix GmbH)
O4 - HKU\Frank_ON_C..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKU\Frank_ON_C..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O7 - HKU\Frank_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\Frank_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\Frank_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8 - Extra context menu item: Free YouTube Download - C:\Users\Frank\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to DVD Converter - C:\Users\Frank\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetodvdconverter.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Frank\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} hxxp://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\Frank_ON_C Winlogon: Shell - (C:\Users\Frank\AppData\Roaming\Diablo_III.exe) - C:\Users\Frank\AppData\Roaming\Diablo_III.exe ()
O20 - HKU\Frank_ON_C Winlogon: UserInit - (C:\Users\Frank\AppData\Roaming\Diablo_III.exe) - C:\Users\Frank\AppData\Roaming\Diablo_III.exe ()
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{0e162902-ce9a-11de-a7ca-00238be99bdf}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe LIFENBOOKC.vbs
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/05/28 10:04:52 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/05/26 06:38:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2012/05/26 06:38:09 | 000,000,000 | ---D | C] -- C:\Program Files\pdfforge Toolbar
[2012/05/26 06:38:09 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2012/05/17 18:06:07 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2 C:\Users\Frank\Documents\*.tmp files -> C:\Users\Frank\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/28 02:49:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/28 02:48:51 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/28 02:48:51 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/28 02:48:40 | 3119,435,776 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/28 02:47:02 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/27 10:55:20 | 000,245,760 | ---- | M] () -- C:\Users\Frank\AppData\Roaming\Diablo_III.exe
[2012/05/27 10:43:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/27 09:14:13 | 000,000,286 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2012/05/25 04:55:58 | 000,002,637 | ---- | M] () -- C:\Users\Frank\Desktop\Microsoft Office Word 2003.lnk
[2012/05/24 09:24:25 | 000,630,842 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012/05/24 09:24:25 | 000,598,096 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/05/24 09:24:25 | 000,127,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012/05/24 09:24:25 | 000,105,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/05/23 06:28:50 | 000,006,080 | ---- | M] () -- C:\Users\Frank\AppData\Local\d3d9caps.dat
[2012/05/22 04:24:47 | 001,293,143 | ---- | M] () -- C:\Users\Frank\Desktop\ausbildung_und_beruf.pdf
[2012/05/09 11:45:09 | 000,000,938 | ---- | M] () -- C:\Users\Frank\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook starten.lnk
[2012/05/07 03:47:05 | 000,627,975 | ---- | M] () -- C:\Users\Frank\Desktop\Infoflyer-WasPromisGlauben[1].pdf
[2012/05/03 11:58:54 | 000,015,872 | ---- | M] () -- C:\Users\Frank\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2 C:\Users\Frank\Documents\*.tmp files -> C:\Users\Frank\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/27 11:09:43 | 3119,435,776 | -HS- | C] () -- C:\hiberfil.sys
[2012/05/27 10:55:33 | 000,245,760 | ---- | C] () -- C:\Users\Frank\AppData\Roaming\Diablo_III.exe
[2012/05/22 04:24:47 | 001,293,143 | ---- | C] () -- C:\Users\Frank\Desktop\ausbildung_und_beruf.pdf
[2012/05/07 03:47:05 | 000,627,975 | ---- | C] () -- C:\Users\Frank\Desktop\Infoflyer-WasPromisGlauben[1].pdf
[2011/11/03 08:43:55 | 000,032,768 | ---- | C] () -- C:\Users\Frank\AppData\Roaming\fin.zup
[2011/06/22 11:37:50 | 000,000,052 | ---- | C] () -- C:\Windows\akShowRTF.INI
[2010/07/11 06:38:53 | 000,006,080 | ---- | C] () -- C:\Users\Frank\AppData\Local\d3d9caps.dat
[2010/07/11 03:29:27 | 000,000,074 | ---- | C] () -- C:\Users\Frank\AppData\default.pls
[2010/03/08 07:20:39 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/02/10 10:17:11 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2009/12/15 12:52:53 | 000,004,096 | -H-- | C] () -- C:\Users\Frank\AppData\Local\keyfile3.drm
[2009/11/01 19:02:31 | 000,000,114 | ---- | C] () -- C:\Users\Frank\AppData\Roaming\wklnhst.dat
[2009/09/02 03:01:53 | 000,015,872 | ---- | C] () -- C:\Users\Frank\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/18 08:48:58 | 000,037,694 | ---- | C] () -- C:\Users\Frank\AppData\Roaming\Microsoft Excel.ADR
[2009/08/17 08:08:56 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/06/22 22:11:17 | 000,000,286 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2009/02/28 10:40:04 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/02/28 10:40:04 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/02/28 10:36:37 | 000,630,842 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009/02/28 10:36:37 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009/02/28 10:36:37 | 000,127,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009/02/28 10:36:37 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009/02/28 03:48:55 | 000,000,428 | ---- | C] () -- C:\Windows\System32\ezdigsgn.dat
[2008/10/28 04:35:26 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1591.dll
[2008/10/28 04:28:36 | 002,026,604 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2008/10/28 04:28:36 | 000,445,796 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2008/10/28 04:28:36 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008/09/22 01:49:24 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,313,528 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,598,096 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,105,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2003/02/20 11:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== LOP Check ==========

[2011/07/19 12:45:45 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Dropbox
[2012/02/06 10:53:17 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\DVDVideoSoft
[2011/09/06 05:49:44 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/09/27 05:48:03 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\elsterformular
[2010/02/10 10:17:57 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Gutscheinmieze
[2012/05/18 04:19:43 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\ICQ
[2010/02/10 10:15:43 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\mmserver
[2009/08/24 07:10:13 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\muvee Technologies
[2010/06/06 14:17:51 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Nokia
[2011/01/23 16:54:53 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Nokia Multimedia Player
[2009/12/08 08:11:58 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Oracle
[2010/06/06 13:54:49 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\PC Suite
[2009/10/22 12:10:23 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\temp
[2009/11/01 19:03:29 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Template
[2012/01/17 09:18:46 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\TomTom
[2010/06/06 15:17:14 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Uniblue
[2009/08/20 14:30:11 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\WildTangent
[2009/08/17 07:30:22 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2009/08/17 07:30:22 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2010/10/28 12:22:41 | 000,000,000 | ---D | M] -- C:\ProgramData\EA Core
[2011/10/20 03:09:00 | 000,000,000 | ---D | M] -- C:\ProgramData\EA Logs
[2011/10/20 11:24:54 | 000,000,000 | ---D | M] -- C:\ProgramData\Electronic Arts
[2011/09/27 05:47:46 | 000,000,000 | ---D | M] -- C:\ProgramData\elsterformular
[2009/08/17 07:30:21 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2009/08/20 14:31:29 | 000,000,000 | ---D | M] -- C:\ProgramData\HipSoft
[2011/07/20 16:57:19 | 000,000,000 | ---D | M] -- C:\ProgramData\ICQ
[2010/01/18 15:00:26 | 000,000,000 | ---D | M] -- C:\ProgramData\LightScribe
[2009/08/24 07:09:51 | 000,000,000 | ---D | M] -- C:\ProgramData\muvee Technologies
[2009/12/08 08:11:58 | 000,000,000 | ---D | M] -- C:\ProgramData\Oracle
[2010/06/06 15:01:15 | 000,000,000 | ---D | M] -- C:\ProgramData\OviInstallerCache
[2010/10/28 11:40:37 | 000,000,000 | ---D | M] -- C:\ProgramData\Solidshield
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2009/08/17 07:30:22 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2009/06/22 22:14:44 | 000,000,000 | ---D | M] -- C:\ProgramData\Temp
[2006/11/02 09:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2012/01/17 09:19:47 | 000,000,000 | ---D | M] -- C:\ProgramData\TomTom
[2009/08/17 07:30:22 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2009/08/20 14:30:48 | 000,000,000 | ---D | M] -- C:\ProgramData\WildTangent
[2011/02/10 09:51:33 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
[2009/02/28 03:38:33 | 000,000,000 | ---D | M] -- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2012/05/28 02:48:55 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >

cosinus 29.05.2012 15:54
Funktioniert noch der abgesicherte Modus mit Netzwerktreibern? Mit Internetverbindung?



Abgesicherter Modus zur Bereinigung
  • Windows mit F8-Taste beim Start in den abgesicherten Modus bringen.
  • Starte den Rechner in den abgesicherten Modus mit Netzwerktreibern:

    Windows im abgesicherten Modusstarten

Gustav86 29.05.2012 16:35
Hallo Arne,

Danke für deine Antwort. Leider funktioniert auch der abgesicherte Modus mit Netzwerktreibern nicht. Nach der Benutzeranmeldung erscheint ein weißer Bildschirm mit der Information "Please wait while the connection is beeing established. Bitte warten Sie während die Verbindung hergestellt wird". Allerdings hat das System auch nach ca. 15 Minuten keine Verbindung hergestellt, der Bildschirm bliebt unverändert.

Gruß Gustav86

cosinus 30.05.2012 09:10
Mach einen OTL-Fix über OTLPE, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
O4 - HKU\Frank_ON_C..\Run: [9txXqR9p2lPiFxH] C:\Users\Frank\AppData\Roaming\Diablo_III.exe ()
O4 - HKU\Frank_ON_C..\Run: [FilterHost] C:\Users\Frank\AppData\Roaming\mmserver\FilterHost.exe (Synatix GmbH)
O7 - HKU\Frank_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\Frank_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\Frank_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O20 - HKU\Frank_ON_C Winlogon: Shell - (C:\Users\Frank\AppData\Roaming\Diablo_III.exe) - C:\Users\Frank\AppData\Roaming\Diablo_III.exe ()
O20 - HKU\Frank_ON_C Winlogon: UserInit - (C:\Users\Frank\AppData\Roaming\Diablo_III.exe) - C:\Users\Frank\AppData\Roaming\Diablo_III.exe ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0e162902-ce9a-11de-a7ca-00238be99bdf}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe LIFENBOOKC.vbs
:Files
C:\Users\Frank\AppData\Roaming\mmserver
C:\Users\Frank\AppData\Roaming\Diablo_III.exe
:Commands
[purity]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Danach sollte Windows wieder normal starten - stell uns bitte den Quarantäneordner von OTL zur Verfügung. Dabei bitte so vorgehen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinträchtigen!
2.) Ordner movedfiles in C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html
4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten

Gustav86 30.05.2012 10:16
Hallo Arne,

danke für deine Antwort. Habe die Schritte ausgeführt. Beim Neustart erscheint nun nach dem Anmelden erscheint jetzt das Fenster "Computer" (früher Arbeitsplatz), kann dort auf meine Daten zugreifen. Jedoch ist der restliche Bildschirm schwarz, der Desktophintergrund fehlt.

OtlPE hat mir folgendes nach dem Fix ausgespuckt:

========== OTL ==========
Registry value HKEY_USERS\Frank_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\9txXqR9p2lPiFxH not found.
File C:\Users\Frank\AppData\Roaming\Diablo_III.exe not found.
Registry value HKEY_USERS\Frank_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\FilterHost not found.
File C:\Users\Frank\AppData\Roaming\mmserver\FilterHost.exe not found.
Registry value HKEY_USERS\Frank_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDesktop not found.
Registry value HKEY_USERS\Frank_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr not found.
Registry value HKEY_USERS\Frank_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools not found.
Registry value HKEY_USERS\Frank_ON_C\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\Frank\AppData\Roaming\Diablo_III.exe deleted successfully.
File C:\Users\Frank\AppData\Roaming\Diablo_III.exe not found.
Registry value HKEY_USERS\Frank_ON_C\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Users\Frank\AppData\Roaming\Diablo_III.exe deleted successfully.
File C:\Users\Frank\AppData\Roaming\Diablo_III.exe not found.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File C:\autoexec.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0e162902-ce9a-11de-a7ca-00238be99bdf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0e162902-ce9a-11de-a7ca-00238be99bdf}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe LIFENBOOKC.vbs not found.
========== FILES ==========
File\Folder C:\Users\Frank\AppData\Roaming\mmserver not found.
File\Folder C:\Users\Frank\AppData\Roaming\Diablo_III.exe not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTLPE by OldTimer - Version 3.1.48.0 log created on 05302012_120130


Gruß
Gustav86

cosinus 30.05.2012 11:34
Du hast die MovedFiles nicht hochgeladen!

Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Gustav86 30.05.2012 13:22
Hallo Arne,

habe nun die movedfiles hochgeladen und unhide.exe ausgeführt. Es kam folgende Meldung:

Your files should now be visible. If you are still missing Start Menu Items please temporarily disable your Anti virus or security programs and try again in the event that they interfered with the restoral process. Once completed its advidsed that you reboot your computer for all the settings to function properly. A logfile containing information about what actions unhide performed can be found on your Windows Desktop.


Leider kann ich trotz Neustart den Desktop immer noch nicht sehen.

Vielen Dank schonmal für alles,

gruß Gustav86

cosinus 30.05.2012 13:36
Bitte jetzt routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

Gustav86 31.05.2012 11:50
Hallo Arne,

vielen Dank für deine Hilfe! Hier ist das Log von Malwarebytes:

Code:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.31.01

Windows Vista Service Pack 1 x86
Internet Explorer 8.0.6001.19088
Frank :: FRANK-LAPTOP [Administrator]

31.05.2012 09:43:17
mbam-log-2012-05-31 (09-43-17).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 391356
Laufzeit: 2 Stunde(n), 38 Minute(n), 20 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Hijack.Shell.Gen.A) -> Bösartig: (Explorer.exe,C:\Users\Frank\AppData\Roaming\Diablo_III.exe) Gut: (Explorer.exe) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 1
C:\Users\Frank\M-1-74-6482-7942-8945 (Trojan.Agent.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 2
C:\Users\Frank\AppData\Local\Temp\1d2sdfsd90oipoipo3470.exe (Trojan.Winlock.G) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles\05302012_123438\C_Users\Frank\AppData\Roaming\Diablo_III.exe (Trojan.Winlock.G) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Nach dem vom Programm geforderten Neustart ist mittlerweile der Desktophintergrund wieder sichtbar. Nun werde ich nun den ESET Online Scanner ausführen.

Gruß
Gustav86

Nun ist auch das Scannen mit ESET Online abgeschlossen:

Der Inhalt des log.txt-Editors lautet:

Code:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
Jetzt sieht alles wieder "normal" aus :)

Vielen Dank schonmal,
Gruß Gustav86

Gustav86 04.06.2012 18:43
Hallo Arne,
hallo ihr,

ich wollte mich nochmal recht herzlich bei Euch für die schnelle und vor allem gute Hilfe bedanken. Man kann Euch nur weiterempfehlen!!!

Gruß
Gustav86

cosinus 04.06.2012 21:06
Sry hatte deinen Strang übersehen, wir waren hier noch nicht durch

ESET hast du wahrscheinlich falsch gemacht, da gab es extra einen dicken Hinweis zu

Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen

Gustav86 06.06.2012 09:47
Hallo Arne,

tut mir leid, dass hab ich glatt übersehen. Habe heute noch einmal den Eset als "Administrator" durchlaufen lassen und dabei folgenden Inhalt des log.txt-Editors erhalten:

Code:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=a80d16c94044314b8eb33ae4ec9c9d73
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-06 08:41:35
# local_time=2012-06-06 10:41:35 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=5892 16776574 100 100 24525816 176494907 0 0
# compatibility_mode=8192 67108863 100 0 500630 500630 0 0
# scanned=216070
# found=4
# cleaned=0
# scan_time=9916
C:\Program Files\Uniblue\RegistryBooster\Launcher.exe        a variant of Win32/RegistryBooster application (unable to clean)        00000000000000000000000000000000        I
C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe        Win32/RegistryBooster application (unable to clean)        00000000000000000000000000000000        I
C:\Users\Frank\AppData\Local\Temp\jar_cache7025838889483181288.tmp        a variant of Java/Exploit.Agent.NBZ trojan (unable to clean)        00000000000000000000000000000000        I
C:\_OTL\MovedFiles.zip        a variant of Win32/Injector.RXU trojan (unable to clean)        00000000000000000000000000000000        I
Vielen Dank schonmal,

schöne Grüße
Gustav86

cosinus 06.06.2012 14:05
Zitat:
C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe
Finger weg von Registry-Cleanern!!

Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich.
Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr startet.
  • Wie soll der Cleaner zu 100% wissen ob der Eintrag benötigt wird oder nicht ?
  • Es ist vollkommen egal ob ein paar verwaiste Registry Einträge am System sind oder nicht.
  • Auch die dauernd angepriesene Beschleunigung des Systems ist nur bedingt wahr. Du würdest es nicht merken.

Ein sogenanntes False Positive von einem Cleaner kann auch dein System unbootbar machen.
Zerstörst Du die Registry, zerstörst Du Windows.


Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Gustav86 06.06.2012 14:14
Hallo Arne,

der normale Windowsmodus geht wieder uneingeschränkt und ich konnte auch keine fehlenden Programme oder leere Ordner unter alle Programme feststellen.

Schöne Grüße
Gustav86

cosinus 06.06.2012 15:05
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Gustav86 06.06.2012 17:42
Hallo Arne,

der OTL-log lautet wie folgt:

OTL Logfile:
Code:
OTL logfile created on: 06.06.2012 18:21:43 - Run 1
OTL by OldTimer - Version 3.2.46.1    Folder = C:\Users\Frank\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,90 Gb Total Physical Memory | 1,57 Gb Available Physical Memory | 54,11% Memory free
6,04 Gb Paging File | 4,84 Gb Available in Paging File | 80,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,42 Gb Total Space | 45,33 Gb Free Space | 20,38% Space Free | Partition Type: NTFS
Drive D: | 10,47 Gb Total Space | 1,78 Gb Free Space | 17,05% Space Free | Partition Type: NTFS
 
Computer Name: FRANK-LAPTOP | User Name: Frank | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.06 18:19:22 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Frank\Desktop\OTL.exe
PRC - [2012.05.25 15:21:44 | 000,992,648 | ---- | M] (Spigot, Inc.) -- C:\Programme\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2012.05.25 15:12:54 | 000,785,344 | ---- | M] (Spigot, Inc.) -- C:\Programme\Application Updater\ApplicationUpdater.exe
PRC - [2012.04.09 17:43:42 | 001,557,160 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe
PRC - [2012.03.26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\MsMpEng.exe
PRC - [2010.11.21 11:49:24 | 000,247,608 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe
PRC - [2009.11.13 13:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009.11.13 13:31:12 | 000,247,144 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2009.02.28 17:05:05 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.01.20 10:39:12 | 000,483,420 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe
PRC - [2009.01.20 10:38:46 | 000,249,938 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\stacsv.exe
PRC - [2009.01.20 10:37:30 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\AEstSrv.exe
PRC - [2008.12.23 17:18:20 | 000,365,952 | ---- | M] () -- C:\Programme\SMINST\BLService.exe
PRC - [2005.04.20 09:57:18 | 000,847,872 | ---- | M] (Time Information Services Ltd.) -- C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe
PRC - [2005.03.31 09:30:52 | 001,106,944 | ---- | M] (Nokia Mobile Phones Ltd.) -- C:\Programme\Common Files\PCSuite\DataLayer\DataLayer.exe
PRC - [2005.03.22 12:29:14 | 000,468,992 | ---- | M] (Nokia Corporation) -- C:\Programme\Common Files\Nokia\MPAPI\MPAPI3s.exe
PRC - [2005.03.22 12:27:16 | 000,097,792 | ---- | M] (Nokia.) -- C:\Programme\Common Files\PCSuite\Services\ServiceLayer.exe
PRC - [2005.03.22 09:39:34 | 000,167,936 | ---- | M] (Nokia) -- C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.06.16 16:22:42 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\e3180b4230f052996adb81da3dc64ad0\System.Management.ni.dll
MOD - [2011.06.16 16:21:07 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll
MOD - [2011.06.16 16:21:05 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\1c06ada12457242969cdc35d5af12b01\System.EnterpriseServices.ni.dll
MOD - [2011.06.16 16:21:05 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\fdbb4d76b37aada9010c49a6e09da067\System.Transactions.ni.dll
MOD - [2011.06.16 16:21:05 | 000,280,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\1c06ada12457242969cdc35d5af12b01\System.EnterpriseServices.Wrapper.dll
MOD - [2011.06.16 16:20:56 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll
MOD - [2011.06.16 15:40:27 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll
MOD - [2011.06.16 15:40:09 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll
MOD - [2011.06.16 15:40:00 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll
MOD - [2011.06.16 15:39:45 | 006,616,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\ca69ec9d6589d3526ee38212ef28e2bb\System.Data.ni.dll
MOD - [2011.06.16 15:39:34 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6bebfe5b7776c84cb38efdb2a7c9d447\PresentationFramework.Aero.ni.dll
MOD - [2011.06.16 15:39:33 | 014,327,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\415ef2ec8cbd9f3368da6ade10beae26\PresentationFramework.ni.dll
MOD - [2011.06.16 15:39:10 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\c1498ba4652483d5adddd4c5d3927170\PresentationCore.ni.dll
MOD - [2011.06.16 15:38:55 | 003,313,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\29d729043903b7b4b2ea695db220d866\WindowsBase.ni.dll
MOD - [2011.06.16 15:38:42 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll
MOD - [2011.06.16 15:37:37 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2010.09.22 21:12:20 | 000,016,832 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\ViewerPS.dll
MOD - [2008.11.18 12:03:14 | 000,032,768 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll
MOD - [2008.11.18 11:57:08 | 000,007,168 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2008.11.18 11:57:06 | 000,057,344 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2008.11.18 11:56:58 | 000,118,784 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Advisor\ECLibrary.dll
MOD - [2008.11.18 11:56:56 | 000,010,240 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2008.11.18 11:56:40 | 000,040,960 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2008.11.18 11:56:40 | 000,028,672 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2008.11.18 11:56:40 | 000,005,632 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2008.09.23 17:21:22 | 000,066,856 | ---- | M] () -- C:\Programme\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll
MOD - [2008.07.27 20:22:54 | 000,113,664 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
MOD - [2008.07.27 20:03:15 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2008.07.27 20:03:15 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2008.07.27 20:03:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2008.07.27 20:03:08 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2008.07.04 04:03:00 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2008.07.04 04:03:00 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll
MOD - [2008.01.21 04:24:29 | 000,368,640 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll
MOD - [2007.08.14 13:59:54 | 006,365,184 | ---- | M] () -- C:\Programme\Common Files\LightScribe\QtGui4.dll
MOD - [2007.07.12 13:55:52 | 000,131,072 | ---- | M] () -- C:\Programme\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007.07.12 13:55:28 | 001,581,056 | ---- | M] () -- C:\Programme\Common Files\LightScribe\QtCore4.dll
MOD - [2005.03.08 21:10:08 | 000,016,384 | ---- | M] () -- C:\Programme\Nokia\Nokia PC Suite 6\Lang\LaunchApplication_ger.NLR
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.05.25 15:12:54 | 000,785,344 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Programme\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2012.03.26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2010.11.21 11:49:24 | 000,247,608 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009.11.13 13:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009.01.20 10:38:46 | 000,249,938 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\stacsv.exe -- (STacSV)
SRV - [2009.01.20 10:37:30 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\AEstSrv.exe -- (AESTFilters)
SRV - [2008.12.23 17:18:20 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Programme\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008.07.27 20:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.06.20 03:14:31 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008.02.03 13:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:25:11 | 000,053,760 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\Mcx2Svc.dll -- (Mcx2Svc)
SRV - [2008.01.21 04:24:20 | 000,068,608 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\mprdim.dll -- (RemoteAccess)
SRV - [2008.01.21 04:24:09 | 000,288,256 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.01.19 13:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\MSN Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.03.20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010.01.21 14:53:16 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009.12.30 11:30:48 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009.12.30 11:30:48 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009.01.20 10:39:16 | 000,394,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008.12.23 13:47:52 | 000,138,240 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.12.20 00:01:46 | 001,093,120 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.10.09 15:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008.09.22 07:49:36 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2008.01.23 10:19:44 | 000,501,560 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV11.sys -- (acedrv11)
DRV - [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV - [2008.01.21 04:23:51 | 000,226,816 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\udfs.sys -- (udfs)
DRV - [2008.01.21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2007.06.18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Presario&pf=cnnb
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{3961A7BF-2E7C-4AD3-99E5-6757411222BB}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKLM\..\SearchScopes\{B34FFE7E-3C76-45D5-A211-9A7A5BE3C4C5}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKLM\..\SearchScopes\{FB44AB68-5D74-45C7-B381-40F8A01904D5}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Presario&pf=cnnb
IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\5.8\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\SearchScopes,DefaultScope = {FB44AB68-5D74-45C7-B381-40F8A01904D5}
IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\SearchScopes\{006A2DB5-E94A-4797-AAFB-260563B021B4}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=302398&p={searchTerms}
IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\SearchScopes\{0233393A-1A68-46FF-8D0E-11A7FCE3624A}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^DE&apn_uid=5610aea9-c891-4438-a2c5-5dfe15d57b71&apn_sauid=89A1255E-E002-4582-A641-B832C9994B1B
IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}: "URL" = hxxp://vshare.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp
IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\SearchScopes\{3961A7BF-2E7C-4AD3-99E5-6757411222BB}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\SearchScopes\{537638E9-7D11-4F2D-B0BF-2206C3008E23}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADFA_de
IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\SearchScopes\{B34FFE7E-3C76-45D5-A211-9A7A5BE3C4C5}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\SearchScopes\{FB44AB68-5D74-45C7-B381-40F8A01904D5}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://de.ask.com/?l=dis&o=1586&gct=hp"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=302398&ilc=12&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398&ilc=12"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
[2012.01.17 15:18:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frank\AppData\Roaming\mozilla\Extensions
[2012.01.17 15:18:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frank\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.02.06 16:53:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frank\AppData\Roaming\mozilla\Firefox\Profiles\m70k60o5.default\extensions
[2011.07.20 22:21:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frank\AppData\Roaming\mozilla\Firefox\Profiles\m70k60o5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.09.06 11:49:45 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Frank\AppData\Roaming\mozilla\Firefox\Profiles\m70k60o5.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.07.20 22:21:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frank\AppData\Roaming\mozilla\Firefox\Profiles\m70k60o5.default\extensions\staged-xpis
[2012.04.20 16:29:50 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Frank\AppData\Roaming\mozilla\Firefox\Profiles\m70k60o5.default\extensions\toolbar@ask.com
[2012.04.20 16:29:49 | 000,002,335 | ---- | M] () -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\m70k60o5.default\searchplugins\askcom.xml
[2011.07.20 22:21:56 | 000,002,342 | ---- | M] () -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\m70k60o5.default\searchplugins\icq-search.xml
[2008.03.31 09:52:00 | 000,000,168 | ---- | M] () -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\m70k60o5.default\searchplugins\icqplugin.gif
[2008.03.31 09:52:00 | 000,000,618 | ---- | M] () -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\m70k60o5.default\searchplugins\icqplugin.src
File not found (No name found) -- C:\USERS\FRANK\DESKTOP\MOZILLA FIREFOX\EXTENSIONS\{800B5000-A755-47E1-992B-48A1C1357F07}
File not found (No name found) -- C:\USERS\FRANK\DESKTOP\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
File not found (No name found) -- C:\USERS\FRANK\DESKTOP\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
 
========== Chrome  ==========
 
CHR - default_search_provider: AOL Suche ()
CHR - default_search_provider: search_url = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
CHR - default_search_provider: suggest_url =
 
O1 HOSTS File: ([2012.05.30 18:01:35 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1      localhost
O2 - BHO: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\5.8\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\5.8\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\Frank\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)
O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\Toolbar\WebBrowser: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O3 - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\Toolbar\WebBrowser: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\Frank\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)
O3 - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [9txXqR9p2lPiFxH] C:\Users\Frank\AppData\Roaming\Diablo_III.exe File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [DataLayer] C:\Programme\Common Files\PCSuite\DataLayer\DataLayer.exe (Nokia Mobile Phones Ltd.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Frank\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to DVD Converter - C:\Users\Frank\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetodvdconverter.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Frank\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..Trusted Ranges: Range1 ([http] in Lokales Intranet)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} hxxp://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{259FA58F-84B4-4533-92E0-EC6F4664C188}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{591F74AA-EF59-4548-9380-26E5E01ABDE4}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Programme\vShare\vshare_toolbar.dll ()
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Users\Frank\AppData\Roaming\Diablo_III.exe) -  File not found
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\System32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000 Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
NetSvcs: ezSharedSvc - C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MsMpSvc - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MsMpSvc - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {Gusfa7ep-lUCJ-Ed2r-Yvs8-fYwL6tnW7CxX} -
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.06 18:19:18 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Frank\Desktop\OTL.exe
[2012.06.06 13:11:49 | 000,000,000 | ---D | C] -- C:\Users\Frank\Documents\MAXQDA10
[2012.06.06 13:11:49 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Roaming\MAXQDA10
[2012.06.06 13:03:56 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MAXQDA 10
[2012.06.06 13:03:53 | 000,000,000 | ---D | C] -- C:\ProgramData\MAXQDA10
[2012.06.06 13:03:12 | 000,000,000 | ---D | C] -- C:\Program Files\MAXQDA10
[2012.05.31 12:52:29 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.05.31 10:19:24 | 000,000,000 | R--D | C] -- C:\Users\Frank\Music
[2012.05.30 18:34:38 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.05.30 15:19:42 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Roaming\Malwarebytes
[2012.05.30 15:19:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.30 15:19:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.30 15:19:27 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.05.30 15:19:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.05.30 12:56:34 | 000,399,264 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Frank\Desktop\unhide.exe
[2012.05.28 16:04:52 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012.05.26 12:38:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2012.05.26 12:38:09 | 000,000,000 | ---D | C] -- C:\Program Files\pdfforge Toolbar
[2012.05.26 12:38:09 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2012.05.18 00:06:07 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2 C:\Users\Frank\Documents\*.tmp files -> C:\Users\Frank\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.06 18:19:22 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Frank\Desktop\OTL.exe
[2012.06.06 18:10:41 | 000,630,842 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.06.06 18:10:41 | 000,598,096 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.06.06 18:10:41 | 000,127,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.06.06 18:10:41 | 000,105,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.06.06 17:43:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.06 16:34:14 | 000,000,286 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2012.06.06 16:33:44 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.06 16:32:05 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.06 16:32:05 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.06 16:31:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.06 16:31:51 | 3119,435,776 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.06 13:03:56 | 000,000,804 | ---- | M] () -- C:\Users\Frank\Desktop\MAXQDA 10.lnk
[2012.06.05 21:54:04 | 000,006,080 | ---- | M] () -- C:\Users\Frank\AppData\Local\d3d9caps.dat
[2012.06.05 16:42:51 | 000,002,665 | ---- | M] () -- C:\Users\Frank\Desktop\Microsoft Office Excel 2003.lnk
[2012.06.05 16:12:09 | 000,002,637 | ---- | M] () -- C:\Users\Frank\Desktop\Microsoft Office Word 2003.lnk
[2012.06.01 12:37:03 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForFrank.job
[2012.05.30 12:53:12 | 000,399,264 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Frank\Desktop\unhide.exe
[2 C:\Users\Frank\Documents\*.tmp files -> C:\Users\Frank\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.06 13:03:56 | 000,000,804 | ---- | C] () -- C:\Users\Frank\Desktop\MAXQDA 10.lnk
[2012.06.01 11:19:09 | 000,000,322 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForFrank.job
[2012.05.30 12:46:21 | 3119,435,776 | -HS- | C] () -- C:\hiberfil.sys
[2011.11.03 14:43:55 | 000,032,768 | ---- | C] () -- C:\Users\Frank\AppData\Roaming\fin.zup
[2011.06.22 17:37:50 | 000,000,052 | ---- | C] () -- C:\Windows\akShowRTF.INI
[2010.07.11 12:38:53 | 000,006,080 | ---- | C] () -- C:\Users\Frank\AppData\Local\d3d9caps.dat
 
========== LOP Check ==========
 
[2011.07.19 18:45:45 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Dropbox
[2012.02.06 16:53:17 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\DVDVideoSoft
[2011.09.06 11:49:44 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.09.27 11:48:03 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\elsterformular
[2010.02.10 16:17:57 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Gutscheinmieze
[2012.05.18 10:19:43 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\ICQ
[2012.06.06 13:13:54 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\MAXQDA10
[2009.08.24 13:10:13 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\muvee Technologies
[2010.06.06 20:17:51 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Nokia
[2011.01.23 22:54:53 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Nokia Multimedia Player
[2009.12.08 14:11:58 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Oracle
[2010.06.06 19:54:49 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\PC Suite
[2009.10.22 18:10:23 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\temp
[2009.11.02 01:03:29 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Template
[2012.01.17 15:18:46 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\TomTom
[2010.06.06 21:17:14 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Uniblue
[2009.08.20 20:30:11 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\WildTangent
[2012.06.06 15:45:51 | 000,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.01.22 10:54:37 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Adobe
[2010.07.11 09:31:14 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Ahead
[2010.04.12 18:00:04 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\CyberLink
[2011.07.19 18:45:45 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Dropbox
[2012.02.06 16:53:17 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\DVDVideoSoft
[2011.09.06 11:49:44 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.09.27 11:48:03 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\elsterformular
[2010.08.14 21:42:42 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Google
[2010.02.10 16:17:57 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Gutscheinmieze
[2010.12.03 12:20:31 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\hewlett-packard
[2009.08.17 13:33:25 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\HP TCS
[2012.05.18 10:19:43 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\ICQ
[2009.08.17 13:41:46 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Identities
[2009.08.17 17:29:17 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Macromedia
[2012.05.30 15:19:42 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Malwarebytes
[2012.06.06 13:13:54 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\MAXQDA10
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Media Center Programs
[2012.05.30 13:57:26 | 000,000,000 | --SD | M] -- C:\Users\Frank\AppData\Roaming\Microsoft
[2011.07.20 22:21:34 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Mozilla
[2009.08.24 13:10:13 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\muvee Technologies
[2010.06.06 20:17:51 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Nokia
[2011.01.23 22:54:53 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Nokia Multimedia Player
[2009.12.08 14:11:58 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Oracle
[2010.06.06 19:54:49 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\PC Suite
[2009.08.19 20:52:48 | 000,000,000 | R--D | M] -- C:\Users\Frank\AppData\Roaming\SecuROM
[2009.10.22 18:10:23 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\temp
[2009.11.02 01:03:29 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Template
[2012.01.17 15:18:46 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\TomTom
[2010.06.06 21:17:14 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Uniblue
[2009.08.20 20:30:11 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\WildTangent
 
< %APPDATA%\*.exe /s >
[2010.01.18 16:35:26 | 000,827,392 | ---- | M] (Synatix GmbH) -- C:\Users\Frank\AppData\Roaming\Gutscheinmieze\foxstart.exe
[2010.01.18 16:35:26 | 000,827,392 | ---- | M] (Synatix GmbH) -- C:\Users\Frank\AppData\Roaming\Gutscheinmieze\uninstall.exe
[2010.01.22 10:54:19 | 000,038,784 | ---- | M] () -- C:\Users\Frank\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011.12.02 15:41:54 | 003,800,224 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Frank\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
[2009.12.08 23:01:25 | 000,134,494 | R--- | M] () -- C:\Users\Frank\AppData\Roaming\Microsoft\Installer\{6C507DED-0FFF-45AC-AF13-FAD35A0FECD8}\ARPPRODUCTICON.exe
[2009.12.08 23:01:25 | 000,065,536 | R--- | M] (Macrovision Corporation) -- C:\Users\Frank\AppData\Roaming\Microsoft\Installer\{6C507DED-0FFF-45AC-AF13-FAD35A0FECD8}\NewShortcut1_8F266050CB7649059B61E68BB3036950.exe
[2009.12.08 23:01:25 | 000,134,494 | R--- | M] () -- C:\Users\Frank\AppData\Roaming\Microsoft\Installer\{6C507DED-0FFF-45AC-AF13-FAD35A0FECD8}\NewShortcut21_F0244523DD484845ADC3AA0A9FB72941.exe
[2009.12.08 23:01:25 | 000,176,128 | R--- | M] (Macrovision Corporation) -- C:\Users\Frank\AppData\Roaming\Microsoft\Installer\{6C507DED-0FFF-45AC-AF13-FAD35A0FECD8}\NewShortcut2_8F266050CB7649059B61E68BB3036950.exe
[2012.01.17 15:21:44 | 020,398,464 | ---- | M] (TomTom International B.V.) -- C:\Users\Frank\AppData\Roaming\TomTom\HOME\Profiles\55y9q5ly.default\Updates\v2_8_2_2264_win.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2009.02.28 16:52:15 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\System32\drivers\atapi.sys
[2009.02.28 16:52:15 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7f3e4ed9\atapi.sys
[2009.02.28 16:52:15 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22193_none_dd6376773aedb5e4\atapi.sys
[2009.02.28 16:52:15 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b7393fc6\atapi.sys
[2009.02.28 16:52:15 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20847_none_dbb74a7b3d9afbc1\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007.05.17 22:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<          Schliesse bitte nun alle Programme. (Wichtig)  >
 
< Klicke nun bitte auf den Quick Scan Button.  >

< End of report >
--- --- ---


gruß Gustav86

cosinus 07.06.2012 11:24
Zitat:
< %systemroot%\system32\*.dll /lockedfiles >

< Schliesse bitte nun alle Programme. (Wichtig) >

< Klicke nun bitte auf den Quick Scan Button. >
Du hast "Müll" und nicht das Script 1:1 in OTL reinkopiert! Bitte wiederholen, richtig machen und sorgfältiger arbeiten!

Gustav86 07.06.2012 14:02
Hallo Arne,

sorry für die falsche Eingabe. Hier der neue Otl-log:

OTL Logfile:
Code:
OTL logfile created on: 07.06.2012 14:38:13 - Run 2
OTL by OldTimer - Version 3.2.46.1    Folder = C:\Users\Frank\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,90 Gb Total Physical Memory | 1,94 Gb Available Physical Memory | 66,75% Memory free
6,04 Gb Paging File | 4,91 Gb Available in Paging File | 81,37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,42 Gb Total Space | 43,21 Gb Free Space | 19,43% Space Free | Partition Type: NTFS
Drive D: | 10,47 Gb Total Space | 1,78 Gb Free Space | 17,05% Space Free | Partition Type: NTFS
 
Computer Name: FRANK-LAPTOP | User Name: Frank | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.06 18:19:22 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Frank\Desktop\OTL.exe
PRC - [2012.05.25 15:21:44 | 000,992,648 | ---- | M] (Spigot, Inc.) -- C:\Programme\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2012.05.25 15:12:54 | 000,785,344 | ---- | M] (Spigot, Inc.) -- C:\Programme\Application Updater\ApplicationUpdater.exe
PRC - [2012.04.09 17:43:42 | 001,557,160 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe
PRC - [2012.03.26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\MsMpEng.exe
PRC - [2010.11.21 11:49:24 | 000,247,608 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe
PRC - [2009.11.13 13:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009.11.13 13:31:12 | 000,247,144 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2009.02.28 17:05:05 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.01.20 10:39:12 | 000,483,420 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe
PRC - [2009.01.20 10:38:46 | 000,249,938 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\stacsv.exe
PRC - [2009.01.20 10:37:30 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\AEstSrv.exe
PRC - [2008.12.23 17:18:20 | 000,365,952 | ---- | M] () -- C:\Programme\SMINST\BLService.exe
PRC - [2005.04.20 09:57:18 | 000,847,872 | ---- | M] (Time Information Services Ltd.) -- C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe
PRC - [2005.03.31 09:30:52 | 001,106,944 | ---- | M] (Nokia Mobile Phones Ltd.) -- C:\Programme\Common Files\PCSuite\DataLayer\DataLayer.exe
PRC - [2005.03.22 12:29:14 | 000,468,992 | ---- | M] (Nokia Corporation) -- C:\Programme\Common Files\Nokia\MPAPI\MPAPI3s.exe
PRC - [2005.03.22 12:27:16 | 000,097,792 | ---- | M] (Nokia.) -- C:\Programme\Common Files\PCSuite\Services\ServiceLayer.exe
PRC - [2005.03.22 09:39:34 | 000,167,936 | ---- | M] (Nokia) -- C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.06.16 16:22:42 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\e3180b4230f052996adb81da3dc64ad0\System.Management.ni.dll
MOD - [2011.06.16 16:21:07 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll
MOD - [2011.06.16 16:21:05 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\1c06ada12457242969cdc35d5af12b01\System.EnterpriseServices.ni.dll
MOD - [2011.06.16 16:21:05 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\fdbb4d76b37aada9010c49a6e09da067\System.Transactions.ni.dll
MOD - [2011.06.16 16:21:05 | 000,280,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\1c06ada12457242969cdc35d5af12b01\System.EnterpriseServices.Wrapper.dll
MOD - [2011.06.16 16:20:56 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll
MOD - [2011.06.16 15:40:27 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll
MOD - [2011.06.16 15:40:09 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll
MOD - [2011.06.16 15:40:00 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll
MOD - [2011.06.16 15:39:45 | 006,616,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\ca69ec9d6589d3526ee38212ef28e2bb\System.Data.ni.dll
MOD - [2011.06.16 15:39:34 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6bebfe5b7776c84cb38efdb2a7c9d447\PresentationFramework.Aero.ni.dll
MOD - [2011.06.16 15:39:33 | 014,327,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\415ef2ec8cbd9f3368da6ade10beae26\PresentationFramework.ni.dll
MOD - [2011.06.16 15:39:10 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\c1498ba4652483d5adddd4c5d3927170\PresentationCore.ni.dll
MOD - [2011.06.16 15:38:55 | 003,313,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\29d729043903b7b4b2ea695db220d866\WindowsBase.ni.dll
MOD - [2011.06.16 15:38:42 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll
MOD - [2011.06.16 15:37:37 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2008.11.18 12:03:14 | 000,032,768 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll
MOD - [2008.11.18 11:57:08 | 000,007,168 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2008.11.18 11:57:06 | 000,057,344 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2008.11.18 11:56:58 | 000,118,784 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Advisor\ECLibrary.dll
MOD - [2008.11.18 11:56:56 | 000,010,240 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2008.11.18 11:56:40 | 000,040,960 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2008.11.18 11:56:40 | 000,028,672 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2008.11.18 11:56:40 | 000,005,632 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2008.09.23 17:21:22 | 000,066,856 | ---- | M] () -- C:\Programme\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll
MOD - [2008.07.27 20:22:54 | 000,113,664 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
MOD - [2008.07.27 20:03:15 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2008.07.27 20:03:15 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2008.07.27 20:03:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2008.07.27 20:03:08 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2008.07.04 04:03:00 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2008.07.04 04:03:00 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll
MOD - [2008.01.21 04:24:29 | 000,368,640 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll
MOD - [2007.08.14 13:59:54 | 006,365,184 | ---- | M] () -- C:\Programme\Common Files\LightScribe\QtGui4.dll
MOD - [2007.07.12 13:55:52 | 000,131,072 | ---- | M] () -- C:\Programme\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007.07.12 13:55:28 | 001,581,056 | ---- | M] () -- C:\Programme\Common Files\LightScribe\QtCore4.dll
MOD - [2005.03.08 21:10:08 | 000,016,384 | ---- | M] () -- C:\Programme\Nokia\Nokia PC Suite 6\Lang\LaunchApplication_ger.NLR
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.05.25 15:12:54 | 000,785,344 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Programme\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2012.03.26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2010.11.21 11:49:24 | 000,247,608 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009.11.13 13:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009.01.20 10:38:46 | 000,249,938 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\stacsv.exe -- (STacSV)
SRV - [2009.01.20 10:37:30 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\AEstSrv.exe -- (AESTFilters)
SRV - [2008.12.23 17:18:20 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Programme\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008.07.27 20:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.06.20 03:14:31 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008.02.03 13:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:25:11 | 000,053,760 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\Mcx2Svc.dll -- (Mcx2Svc)
SRV - [2008.01.21 04:24:20 | 000,068,608 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\mprdim.dll -- (RemoteAccess)
SRV - [2008.01.21 04:24:09 | 000,288,256 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.01.19 13:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\MSN Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.06.07 11:35:08 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6FF42715-4E66-4B82-A803-4BE91B3331F0}\MpKsl83efc660.sys -- (MpKsl83efc660)
DRV - [2012.03.20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010.01.21 14:53:16 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009.12.30 11:30:48 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009.12.30 11:30:48 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009.01.20 10:39:16 | 000,394,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008.12.23 13:47:52 | 000,138,240 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.12.20 00:01:46 | 001,093,120 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.10.09 15:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008.09.22 07:49:36 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2008.01.23 10:19:44 | 000,501,560 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV11.sys -- (acedrv11)
DRV - [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV - [2008.01.21 04:23:51 | 000,226,816 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\udfs.sys -- (udfs)
DRV - [2008.01.21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2007.06.18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Presario&pf=cnnb
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{3961A7BF-2E7C-4AD3-99E5-6757411222BB}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKLM\..\SearchScopes\{B34FFE7E-3C76-45D5-A211-9A7A5BE3C4C5}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKLM\..\SearchScopes\{FB44AB68-5D74-45C7-B381-40F8A01904D5}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Presario&pf=cnnb
IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\5.8\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\SearchScopes,DefaultScope = {FB44AB68-5D74-45C7-B381-40F8A01904D5}
IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\SearchScopes\{006A2DB5-E94A-4797-AAFB-260563B021B4}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=302398&p={searchTerms}
IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\SearchScopes\{0233393A-1A68-46FF-8D0E-11A7FCE3624A}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^DE&apn_uid=5610aea9-c891-4438-a2c5-5dfe15d57b71&apn_sauid=89A1255E-E002-4582-A641-B832C9994B1B
IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}: "URL" = hxxp://vshare.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp
IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\SearchScopes\{3961A7BF-2E7C-4AD3-99E5-6757411222BB}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\SearchScopes\{537638E9-7D11-4F2D-B0BF-2206C3008E23}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADFA_de
IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\SearchScopes\{B34FFE7E-3C76-45D5-A211-9A7A5BE3C4C5}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\SearchScopes\{FB44AB68-5D74-45C7-B381-40F8A01904D5}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://de.ask.com/?l=dis&o=1586&gct=hp"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=302398&ilc=12&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398&ilc=12"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
[2012.01.17 15:18:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frank\AppData\Roaming\mozilla\Extensions
[2012.01.17 15:18:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frank\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.02.06 16:53:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frank\AppData\Roaming\mozilla\Firefox\Profiles\m70k60o5.default\extensions
[2011.07.20 22:21:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frank\AppData\Roaming\mozilla\Firefox\Profiles\m70k60o5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.09.06 11:49:45 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Frank\AppData\Roaming\mozilla\Firefox\Profiles\m70k60o5.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.07.20 22:21:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frank\AppData\Roaming\mozilla\Firefox\Profiles\m70k60o5.default\extensions\staged-xpis
[2012.04.20 16:29:50 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Frank\AppData\Roaming\mozilla\Firefox\Profiles\m70k60o5.default\extensions\toolbar@ask.com
[2012.04.20 16:29:49 | 000,002,335 | ---- | M] () -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\m70k60o5.default\searchplugins\askcom.xml
[2011.07.20 22:21:56 | 000,002,342 | ---- | M] () -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\m70k60o5.default\searchplugins\icq-search.xml
[2008.03.31 09:52:00 | 000,000,168 | ---- | M] () -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\m70k60o5.default\searchplugins\icqplugin.gif
[2008.03.31 09:52:00 | 000,000,618 | ---- | M] () -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\m70k60o5.default\searchplugins\icqplugin.src
File not found (No name found) -- C:\USERS\FRANK\DESKTOP\MOZILLA FIREFOX\EXTENSIONS\{800B5000-A755-47E1-992B-48A1C1357F07}
File not found (No name found) -- C:\USERS\FRANK\DESKTOP\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
File not found (No name found) -- C:\USERS\FRANK\DESKTOP\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
 
========== Chrome  ==========
 
CHR - default_search_provider: AOL Suche ()
CHR - default_search_provider: search_url = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
CHR - default_search_provider: suggest_url =
 
O1 HOSTS File: ([2012.05.30 18:01:35 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1      localhost
O2 - BHO: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\5.8\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\5.8\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\Frank\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)
O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\Toolbar\WebBrowser: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O3 - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\Toolbar\WebBrowser: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\Frank\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)
O3 - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [9txXqR9p2lPiFxH] C:\Users\Frank\AppData\Roaming\Diablo_III.exe File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [DataLayer] C:\Programme\Common Files\PCSuite\DataLayer\DataLayer.exe (Nokia Mobile Phones Ltd.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Frank\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to DVD Converter - C:\Users\Frank\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetodvdconverter.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Frank\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..Trusted Ranges: Range1 ([http] in Lokales Intranet)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} hxxp://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{259FA58F-84B4-4533-92E0-EC6F4664C188}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{591F74AA-EF59-4548-9380-26E5E01ABDE4}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Programme\vShare\vshare_toolbar.dll ()
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Users\Frank\AppData\Roaming\Diablo_III.exe) -  File not found
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\System32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000 Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
NetSvcs: ezSharedSvc - C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MsMpSvc - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MsMpSvc - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {Gusfa7ep-lUCJ-Ed2r-Yvs8-fYwL6tnW7CxX} -
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.06 18:19:18 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Frank\Desktop\OTL.exe
[2012.06.06 13:11:49 | 000,000,000 | ---D | C] -- C:\Users\Frank\Documents\MAXQDA10
[2012.06.06 13:11:49 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Roaming\MAXQDA10
[2012.06.06 13:03:56 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MAXQDA 10
[2012.06.06 13:03:53 | 000,000,000 | ---D | C] -- C:\ProgramData\MAXQDA10
[2012.06.06 13:03:12 | 000,000,000 | ---D | C] -- C:\Program Files\MAXQDA10
[2012.05.31 12:52:29 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.05.31 10:19:24 | 000,000,000 | R--D | C] -- C:\Users\Frank\Music
[2012.05.30 18:34:38 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.05.30 15:19:42 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Roaming\Malwarebytes
[2012.05.30 15:19:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.30 15:19:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.30 15:19:27 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.05.30 15:19:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.05.30 12:56:34 | 000,399,264 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Frank\Desktop\unhide.exe
[2012.05.28 16:04:52 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012.05.26 12:38:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2012.05.26 12:38:09 | 000,000,000 | ---D | C] -- C:\Program Files\pdfforge Toolbar
[2012.05.26 12:38:09 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2012.05.18 00:06:07 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2 C:\Users\Frank\Documents\*.tmp files -> C:\Users\Frank\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.07 14:43:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.07 14:33:28 | 000,630,842 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.06.07 14:33:28 | 000,598,096 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.06.07 14:33:28 | 000,127,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.06.07 14:33:28 | 000,105,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.06.07 13:35:02 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.07 13:35:02 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.07 11:38:06 | 000,000,286 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2012.06.07 11:37:21 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.07 11:34:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.07 11:34:48 | 3119,435,776 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.06 18:19:22 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Frank\Desktop\OTL.exe
[2012.06.06 13:03:56 | 000,000,804 | ---- | M] () -- C:\Users\Frank\Desktop\MAXQDA 10.lnk
[2012.06.05 21:54:04 | 000,006,080 | ---- | M] () -- C:\Users\Frank\AppData\Local\d3d9caps.dat
[2012.06.05 16:42:51 | 000,002,665 | ---- | M] () -- C:\Users\Frank\Desktop\Microsoft Office Excel 2003.lnk
[2012.06.05 16:12:09 | 000,002,637 | ---- | M] () -- C:\Users\Frank\Desktop\Microsoft Office Word 2003.lnk
[2012.06.01 12:37:03 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForFrank.job
[2012.05.30 12:53:12 | 000,399,264 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Frank\Desktop\unhide.exe
[2 C:\Users\Frank\Documents\*.tmp files -> C:\Users\Frank\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.06 13:03:56 | 000,000,804 | ---- | C] () -- C:\Users\Frank\Desktop\MAXQDA 10.lnk
[2012.06.01 11:19:09 | 000,000,322 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForFrank.job
[2012.05.30 12:46:21 | 3119,435,776 | -HS- | C] () -- C:\hiberfil.sys
[2011.11.03 14:43:55 | 000,032,768 | ---- | C] () -- C:\Users\Frank\AppData\Roaming\fin.zup
[2011.06.22 17:37:50 | 000,000,052 | ---- | C] () -- C:\Windows\akShowRTF.INI
[2010.07.11 12:38:53 | 000,006,080 | ---- | C] () -- C:\Users\Frank\AppData\Local\d3d9caps.dat
 
========== LOP Check ==========
 
[2011.07.19 18:45:45 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Dropbox
[2012.02.06 16:53:17 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\DVDVideoSoft
[2011.09.06 11:49:44 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.09.27 11:48:03 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\elsterformular
[2010.02.10 16:17:57 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Gutscheinmieze
[2012.05.18 10:19:43 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\ICQ
[2012.06.06 13:13:54 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\MAXQDA10
[2009.08.24 13:10:13 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\muvee Technologies
[2010.06.06 20:17:51 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Nokia
[2011.01.23 22:54:53 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Nokia Multimedia Player
[2009.12.08 14:11:58 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Oracle
[2010.06.06 19:54:49 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\PC Suite
[2009.10.22 18:10:23 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\temp
[2009.11.02 01:03:29 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Template
[2012.01.17 15:18:46 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\TomTom
[2010.06.06 21:17:14 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Uniblue
[2009.08.20 20:30:11 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\WildTangent
[2012.06.06 22:29:28 | 000,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.01.22 10:54:37 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Adobe
[2010.07.11 09:31:14 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Ahead
[2010.04.12 18:00:04 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\CyberLink
[2011.07.19 18:45:45 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Dropbox
[2012.02.06 16:53:17 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\DVDVideoSoft
[2011.09.06 11:49:44 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.09.27 11:48:03 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\elsterformular
[2010.08.14 21:42:42 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Google
[2010.02.10 16:17:57 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Gutscheinmieze
[2010.12.03 12:20:31 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\hewlett-packard
[2009.08.17 13:33:25 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\HP TCS
[2012.05.18 10:19:43 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\ICQ
[2009.08.17 13:41:46 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Identities
[2009.08.17 17:29:17 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Macromedia
[2012.05.30 15:19:42 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Malwarebytes
[2012.06.06 13:13:54 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\MAXQDA10
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Media Center Programs
[2012.05.30 13:57:26 | 000,000,000 | --SD | M] -- C:\Users\Frank\AppData\Roaming\Microsoft
[2011.07.20 22:21:34 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Mozilla
[2009.08.24 13:10:13 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\muvee Technologies
[2010.06.06 20:17:51 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Nokia
[2011.01.23 22:54:53 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Nokia Multimedia Player
[2009.12.08 14:11:58 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Oracle
[2010.06.06 19:54:49 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\PC Suite
[2009.08.19 20:52:48 | 000,000,000 | R--D | M] -- C:\Users\Frank\AppData\Roaming\SecuROM
[2009.10.22 18:10:23 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\temp
[2009.11.02 01:03:29 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Template
[2012.01.17 15:18:46 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\TomTom
[2010.06.06 21:17:14 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Uniblue
[2009.08.20 20:30:11 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\WildTangent
 
< %APPDATA%\*.exe /s >
[2010.01.18 16:35:26 | 000,827,392 | ---- | M] (Synatix GmbH) -- C:\Users\Frank\AppData\Roaming\Gutscheinmieze\foxstart.exe
[2010.01.18 16:35:26 | 000,827,392 | ---- | M] (Synatix GmbH) -- C:\Users\Frank\AppData\Roaming\Gutscheinmieze\uninstall.exe
[2010.01.22 10:54:19 | 000,038,784 | ---- | M] () -- C:\Users\Frank\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011.12.02 15:41:54 | 003,800,224 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Frank\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
[2009.12.08 23:01:25 | 000,134,494 | R--- | M] () -- C:\Users\Frank\AppData\Roaming\Microsoft\Installer\{6C507DED-0FFF-45AC-AF13-FAD35A0FECD8}\ARPPRODUCTICON.exe
[2009.12.08 23:01:25 | 000,065,536 | R--- | M] (Macrovision Corporation) -- C:\Users\Frank\AppData\Roaming\Microsoft\Installer\{6C507DED-0FFF-45AC-AF13-FAD35A0FECD8}\NewShortcut1_8F266050CB7649059B61E68BB3036950.exe
[2009.12.08 23:01:25 | 000,134,494 | R--- | M] () -- C:\Users\Frank\AppData\Roaming\Microsoft\Installer\{6C507DED-0FFF-45AC-AF13-FAD35A0FECD8}\NewShortcut21_F0244523DD484845ADC3AA0A9FB72941.exe
[2009.12.08 23:01:25 | 000,176,128 | R--- | M] (Macrovision Corporation) -- C:\Users\Frank\AppData\Roaming\Microsoft\Installer\{6C507DED-0FFF-45AC-AF13-FAD35A0FECD8}\NewShortcut2_8F266050CB7649059B61E68BB3036950.exe
[2012.01.17 15:21:44 | 020,398,464 | ---- | M] (TomTom International B.V.) -- C:\Users\Frank\AppData\Roaming\TomTom\HOME\Profiles\55y9q5ly.default\Updates\v2_8_2_2264_win.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2009.02.28 16:52:15 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\System32\drivers\atapi.sys
[2009.02.28 16:52:15 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7f3e4ed9\atapi.sys
[2009.02.28 16:52:15 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22193_none_dd6376773aedb5e4\atapi.sys
[2009.02.28 16:52:15 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b7393fc6\atapi.sys
[2009.02.28 16:52:15 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20847_none_dbb74a7b3d9afbc1\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007.05.17 22:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<          >

< End of report >
--- --- ---


Gruß Gustav

cosinus 07.06.2012 15:41
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
SRV - [2012.05.25 15:12:54 | 000,785,344 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Programme\Application Updater\ApplicationUpdater.exe -- (Application Updater)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Presario&pf=cnnb
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{3961A7BF-2E7C-4AD3-99E5-6757411222BB}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKLM\..\SearchScopes\{B34FFE7E-3C76-45D5-A211-9A7A5BE3C4C5}: "URL" = http://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKLM\..\SearchScopes\{FB44AB68-5D74-45C7-B381-40F8A01904D5}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Presario&pf=cnnb
IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\5.8\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\SearchScopes,DefaultScope = {FB44AB68-5D74-45C7-B381-40F8A01904D5}
IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\SearchScopes\{006A2DB5-E94A-4797-AAFB-260563B021B4}: "URL" = http://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=302398&p={searchTerms}
IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\SearchScopes\{0233393A-1A68-46FF-8D0E-11A7FCE3624A}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^DE&apn_uid=5610aea9-c891-4438-a2c5-5dfe15d57b71&apn_sauid=89A1255E-E002-4582-A641-B832C9994B1B
IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}: "URL" = http://vshare.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp
IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\SearchScopes\{3961A7BF-2E7C-4AD3-99E5-6757411222BB}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\SearchScopes\{537638E9-7D11-4F2D-B0BF-2206C3008E23}: "URL" = http://www.google.de/search?q={searchTerms}&rlz=1I7ADFA_de
IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\SearchScopes\{B34FFE7E-3C76-45D5-A211-9A7A5BE3C4C5}: "URL" = http://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\SearchScopes\{FB44AB68-5D74-45C7-B381-40F8A01904D5}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://de.ask.com/?l=dis&o=1586&gct=hp"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=302398&ilc=12&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398&ilc=12"
FF - user.js - File not found
[2012.04.20 16:29:50 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Frank\AppData\Roaming\mozilla\Firefox\Profiles\m70k60o5.default\extensions\toolbar@ask.com
[2012.04.20 16:29:49 | 000,002,335 | ---- | M] () -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\m70k60o5.default\searchplugins\askcom.xml
[2011.07.20 22:21:56 | 000,002,342 | ---- | M] () -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\m70k60o5.default\searchplugins\icq-search.xml
[2008.03.31 09:52:00 | 000,000,168 | ---- | M] () -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\m70k60o5.default\searchplugins\icqplugin.gif
[2008.03.31 09:52:00 | 000,000,618 | ---- | M] () -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\m70k60o5.default\searchplugins\icqplugin.src
CHR - default_search_provider: AOL Suche ()
CHR - default_search_provider: search_url = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
CHR - default_search_provider: suggest_url =
O2 - BHO: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\5.8\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\5.8\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\Frank\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)
O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\Toolbar\WebBrowser: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O3 - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\Toolbar\WebBrowser: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\Frank\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)
O3 - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [9txXqR9p2lPiFxH] C:\Users\Frank\AppData\Roaming\Diablo_III.exe File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
:Files
C:\Users\Frank\AppData\Roaming\Gutscheinmieze
C:\Programme\Ask.com
C:\Programme\ICQ6Toolbar
C:\Programme\Common Files\Spigot
C:\Programme\Application Updater
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Gustav86 07.06.2012 17:26
Hallo Arne,

anbei der Text aus dem log-File:

Code:
All processes killed
========== OTL ==========
Service Application Updater stopped successfully!
Service Application Updater deleted successfully!
C:\Programme\Application Updater\ApplicationUpdater.exe moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.
C:\Programme\ICQ6Toolbar\ICQToolBar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully.
C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ deleted successfully.
C:\Programme\DVDVideoSoft\tbDVDV.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3961A7BF-2E7C-4AD3-99E5-6757411222BB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3961A7BF-2E7C-4AD3-99E5-6757411222BB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B34FFE7E-3C76-45D5-A211-9A7A5BE3C4C5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B34FFE7E-3C76-45D5-A211-9A7A5BE3C4C5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FB44AB68-5D74-45C7-B381-40F8A01904D5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB44AB68-5D74-45C7-B381-40F8A01904D5}\ not found.
HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-3814763510-1578603517-3037745957-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3814763510-1578603517-3037745957-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.
C:\Programme\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-3814763510-1578603517-3037745957-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
File C:\Programme\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_USERS\S-1-5-21-3814763510-1578603517-3037745957-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll not found.
Registry value HKEY_USERS\S-1-5-21-3814763510-1578603517-3037745957-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
C:\Programme\pdfforge Toolbar\IE\5.8\pdfforgeToolbarIE.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-3814763510-1578603517-3037745957-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ not found.
File C:\Programme\DVDVideoSoft\tbDVDV.dll not found.
HKEY_USERS\S-1-5-21-3814763510-1578603517-3037745957-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3814763510-1578603517-3037745957-1000\Software\Microsoft\Internet Explorer\SearchScopes\{006A2DB5-E94A-4797-AAFB-260563B021B4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006A2DB5-E94A-4797-AAFB-260563B021B4}\ not found.
Registry key HKEY_USERS\S-1-5-21-3814763510-1578603517-3037745957-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0233393A-1A68-46FF-8D0E-11A7FCE3624A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0233393A-1A68-46FF-8D0E-11A7FCE3624A}\ not found.
Registry key HKEY_USERS\S-1-5-21-3814763510-1578603517-3037745957-1000\Software\Microsoft\Internet Explorer\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3814763510-1578603517-3037745957-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3961A7BF-2E7C-4AD3-99E5-6757411222BB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3961A7BF-2E7C-4AD3-99E5-6757411222BB}\ not found.
Registry key HKEY_USERS\S-1-5-21-3814763510-1578603517-3037745957-1000\Software\Microsoft\Internet Explorer\SearchScopes\{537638E9-7D11-4F2D-B0BF-2206C3008E23}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{537638E9-7D11-4F2D-B0BF-2206C3008E23}\ not found.
Registry key HKEY_USERS\S-1-5-21-3814763510-1578603517-3037745957-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_USERS\S-1-5-21-3814763510-1578603517-3037745957-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_USERS\S-1-5-21-3814763510-1578603517-3037745957-1000\Software\Microsoft\Internet Explorer\SearchScopes\{B34FFE7E-3C76-45D5-A211-9A7A5BE3C4C5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B34FFE7E-3C76-45D5-A211-9A7A5BE3C4C5}\ not found.
Registry key HKEY_USERS\S-1-5-21-3814763510-1578603517-3037745957-1000\Software\Microsoft\Internet Explorer\SearchScopes\{FB44AB68-5D74-45C7-B381-40F8A01904D5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB44AB68-5D74-45C7-B381-40F8A01904D5}\ not found.
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "hxxp://de.ask.com/?l=dis&o=1586&gct=hp" removed from browser.startup.homepage
Prefs.js: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 removed from extensions.enabledItems
Prefs.js: 0 removed from network.proxy.type
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Yahoo" removed from browser.search.defaultenginename
Prefs.js: "Yahoo" removed from browser.search.selectedEngine
Prefs.js: "hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=302398&ilc=12&p=" removed from keyword.URL
Prefs.js: "chr-greentree_ff&type=302398&ilc=12" removed from browser.search.param.yahoo-fr
C:\Users\Frank\AppData\Roaming\mozilla\Firefox\Profiles\m70k60o5.default\extensions\toolbar@ask.com\searchplugins folder moved successfully.
C:\Users\Frank\AppData\Roaming\mozilla\Firefox\Profiles\m70k60o5.default\extensions\toolbar@ask.com\defaults\preferences folder moved successfully.
C:\Users\Frank\AppData\Roaming\mozilla\Firefox\Profiles\m70k60o5.default\extensions\toolbar@ask.com\defaults folder moved successfully.
C:\Users\Frank\AppData\Roaming\mozilla\Firefox\Profiles\m70k60o5.default\extensions\toolbar@ask.com\chrome\skin folder moved successfully.
C:\Users\Frank\AppData\Roaming\mozilla\Firefox\Profiles\m70k60o5.default\extensions\toolbar@ask.com\chrome\content folder moved successfully.
C:\Users\Frank\AppData\Roaming\mozilla\Firefox\Profiles\m70k60o5.default\extensions\toolbar@ask.com\chrome folder moved successfully.
C:\Users\Frank\AppData\Roaming\mozilla\Firefox\Profiles\m70k60o5.default\extensions\toolbar@ask.com folder moved successfully.
C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\m70k60o5.default\searchplugins\askcom.xml moved successfully.
C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\m70k60o5.default\searchplugins\icq-search.xml moved successfully.
C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\m70k60o5.default\searchplugins\icqplugin.gif moved successfully.
C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\m70k60o5.default\searchplugins\icqplugin.src moved successfully.
Unable to fix default_search_provider items.
Unable to fix default_search_provider items.
Unable to fix default_search_provider items.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ not found.
C:\Programme\vShare\vshare_toolbar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
C:\Programme\ConduitEngine\prxConduitEngine.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Programme\pdfforge Toolbar\IE\5.8\pdfforgeToolbarIE.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ not found.
File C:\Programme\DVDVideoSoft\tbDVDV.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{043C5167-00BB-4324-AF7E-62013FAEDACF} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ not found.
File C:\Programme\vShare\vshare_toolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Programme\ConduitEngine\prxConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
File C:\Programme\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Programme\pdfforge Toolbar\IE\5.8\pdfforgeToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}\ deleted successfully.
C:\Users\Frank\AppData\Roaming\Gutscheinmieze\toolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ not found.
File C:\Programme\DVDVideoSoft\tbDVDV.dll not found.
Registry value HKEY_USERS\S-1-5-21-3814763510-1578603517-3037745957-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{043C5167-00BB-4324-AF7E-62013FAEDACF} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ not found.
File C:\Programme\vShare\vshare_toolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-3814763510-1578603517-3037745957-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}\ not found.
File C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll not found.
Registry value HKEY_USERS\S-1-5-21-3814763510-1578603517-3037745957-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-3814763510-1578603517-3037745957-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}\ not found.
File C:\Users\Frank\AppData\Roaming\Gutscheinmieze\toolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-3814763510-1578603517-3037745957-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}\ not found.
File C:\Programme\DVDVideoSoft\tbDVDV.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\9txXqR9p2lPiFxH deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Programme\Ask.com\Updater\Updater.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings deleted successfully.
C:\Programme\Common Files\Spigot\Search Settings\SearchSettings.exe moved successfully.
========== FILES ==========
C:\Users\Frank\AppData\Roaming\Gutscheinmieze folder moved successfully.
File\Folder C:\Programme\Ask.com not found.
File\Folder C:\Programme\ICQ6Toolbar not found.
C:\Programme\Common Files\Spigot\Search Settings\Res folder moved successfully.
C:\Programme\Common Files\Spigot\Search Settings\Lang folder moved successfully.
C:\Programme\Common Files\Spigot\Search Settings folder moved successfully.
C:\Programme\Common Files\Spigot folder moved successfully.
File\Folder C:\Programme\Application Updater not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Frank
->Temp folder emptied: 3496530660 bytes
->Temporary Internet Files folder emptied: 2049939059 bytes
->Java cache emptied: 8740581 bytes
->FireFox cache emptied: 4466602 bytes
->Flash cache emptied: 3846175 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 345316770 bytes
RecycleBin emptied: 2292912090 bytes
 
Total Files Cleaned = 7.822,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Frank
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.46.1 log created on 06072012_181317

Files\Folders moved on Reboot...
C:\Users\Frank\AppData\Local\Temp\ehmsas.txt moved successfully.

Registry entries deleted on Reboot...
gruß Gustav

cosinus 07.06.2012 20:52
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Gustav86 08.06.2012 12:32
Hallo Arne,

hier ist der Report:

Code:

13:22:41.0732 4272        TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
13:22:41.0966 4272        ============================================================
13:22:41.0966 4272        Current date / time: 2012/06/08 13:22:41.0966
13:22:41.0966 4272        SystemInfo:
13:22:41.0966 4272       
13:22:41.0966 4272        OS Version: 6.0.6001 ServicePack: 1.0
13:22:41.0966 4272        Product type: Workstation
13:22:41.0966 4272        ComputerName: FRANK-LAPTOP
13:22:41.0966 4272        UserName: Frank
13:22:41.0966 4272        Windows directory: C:\Windows
13:22:41.0966 4272        System windows directory: C:\Windows
13:22:41.0966 4272        Processor architecture: Intel x86
13:22:41.0966 4272        Number of processors: 2
13:22:41.0966 4272        Page size: 0x1000
13:22:41.0966 4272        Boot type: Normal boot
13:22:41.0966 4272        ============================================================
13:22:43.0463 4272        Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:22:43.0541 4272        ============================================================
13:22:43.0541 4272        \Device\Harddisk0\DR0:
13:22:43.0541 4272        MBR partitions:
13:22:43.0541 4272        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1BCD4800
13:22:43.0541 4272        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1BCD5000, BlocksNum 0x14EF000
13:22:43.0541 4272        ============================================================
13:22:43.0650 4272        C: <-> \Device\Harddisk0\DR0\Partition0
13:22:43.0713 4272        D: <-> \Device\Harddisk0\DR0\Partition1
13:22:43.0713 4272        ============================================================
13:22:43.0713 4272        Initialize success
13:22:43.0713 4272        ============================================================
13:23:38.0438 6076        ============================================================
13:23:38.0438 6076        Scan started
13:23:38.0438 6076        Mode: Manual; SigCheck; TDLFS;
13:23:38.0438 6076        ============================================================
13:23:40.0684 6076        acedrv11        (66dc3740111238c91b875d8a0021834d) C:\Windows\system32\drivers\acedrv11.sys
13:23:40.0840 6076        acedrv11 - ok
13:23:41.0152 6076        ACPI            (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
13:23:41.0168 6076        ACPI - ok
13:23:41.0277 6076        adp94xx        (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
13:23:41.0324 6076        adp94xx - ok
13:23:41.0370 6076        adpahci        (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
13:23:41.0402 6076        adpahci - ok
13:23:41.0417 6076        adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
13:23:41.0433 6076        adpu160m - ok
13:23:41.0448 6076        adpu320        (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
13:23:41.0464 6076        adpu320 - ok
13:23:41.0495 6076        AeLookupSvc    (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
13:23:41.0714 6076        AeLookupSvc - ok
13:23:42.0026 6076        AESTFilters    (087b04ca45e2f059a55709b0b8f95ea9) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\aestsrv.exe
13:23:42.0119 6076        AESTFilters - ok
13:23:42.0291 6076        AFD            (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
13:23:42.0416 6076        AFD - ok
13:23:42.0478 6076        agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
13:23:42.0494 6076        agp440 - ok
13:23:42.0525 6076        aic78xx        (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
13:23:42.0556 6076        aic78xx - ok
13:23:42.0743 6076        ALG            (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
13:23:42.0821 6076        ALG - ok
13:23:42.0915 6076        aliide          (3d76fda1a10acc3dc84728f55c29b6d4) C:\Windows\system32\drivers\aliide.sys
13:23:42.0930 6076        aliide - ok
13:23:42.0993 6076        amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
13:23:43.0008 6076        amdagp - ok
13:23:43.0040 6076        amdide          (5b92e7839f5a1fbc1b39de67758ad6f8) C:\Windows\system32\drivers\amdide.sys
13:23:43.0055 6076        amdide - ok
13:23:43.0086 6076        AmdK7          (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
13:23:43.0149 6076        AmdK7 - ok
13:23:43.0289 6076        AmdK8          (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
13:23:43.0352 6076        AmdK8 - ok
13:23:43.0430 6076        Appinfo        (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
13:23:43.0523 6076        Appinfo - ok
13:23:43.0570 6076        arc            (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
13:23:43.0586 6076        arc - ok
13:23:43.0601 6076        arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
13:23:43.0617 6076        arcsas - ok
13:23:43.0648 6076        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
13:23:43.0710 6076        AsyncMac - ok
13:23:43.0851 6076        atapi          (9c0e70031905adbf94edb9ea14af943b) C:\Windows\system32\drivers\atapi.sys
13:23:43.0866 6076        atapi - ok
13:23:44.0381 6076        athr            (02d34ac487df3da4e3f01874e61eb619) C:\Windows\system32\DRIVERS\athr.sys
13:23:44.0506 6076        athr - ok
13:23:44.0615 6076        AudioEndpointBuilder (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
13:23:44.0709 6076        AudioEndpointBuilder - ok
13:23:44.0709 6076        Audiosrv        (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
13:23:44.0756 6076        Audiosrv - ok
13:23:44.0849 6076        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
13:23:44.0912 6076        Beep - ok
13:23:45.0083 6076        BFE            (d3e6d78285529962349a7f1617035938) C:\Windows\System32\bfe.dll
13:23:45.0161 6076        BFE - ok
13:23:45.0458 6076        BITS            (02ed7b4dbc2a3232a389106da7515c3d) C:\Windows\System32\qmgr.dll
13:23:45.0551 6076        BITS - ok
13:23:45.0629 6076        blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
13:23:45.0676 6076        blbdrive - ok
13:23:45.0770 6076        bowser          (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
13:23:45.0832 6076        bowser - ok
13:23:45.0879 6076        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
13:23:45.0910 6076        BrFiltLo - ok
13:23:45.0957 6076        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
13:23:46.0019 6076        BrFiltUp - ok
13:23:46.0050 6076        Browser        (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
13:23:46.0128 6076        Browser - ok
13:23:46.0191 6076        Brserid        (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
13:23:46.0425 6076        Brserid - ok
13:23:46.0487 6076        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
13:23:46.0565 6076        BrSerWdm - ok
13:23:46.0596 6076        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
13:23:46.0674 6076        BrUsbMdm - ok
13:23:46.0752 6076        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
13:23:46.0846 6076        BrUsbSer - ok
13:23:46.0893 6076        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
13:23:46.0971 6076        BTHMODEM - ok
13:23:47.0002 6076        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
13:23:47.0064 6076        cdfs - ok
13:23:47.0096 6076        cdrom          (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
13:23:47.0158 6076        cdrom - ok
13:23:47.0205 6076        CertPropSvc    (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
13:23:47.0252 6076        CertPropSvc - ok
13:23:47.0283 6076        circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
13:23:47.0298 6076        circlass - ok
13:23:47.0345 6076        CLFS            (0703b9dee7eec6d6370edebd43d0f5c2) C:\Windows\system32\CLFS.sys
13:23:47.0361 6076        CLFS - ok
13:23:47.0423 6076        clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:23:47.0439 6076        clr_optimization_v2.0.50727_32 - ok
13:23:47.0579 6076        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:23:47.0610 6076        clr_optimization_v4.0.30319_32 - ok
13:23:47.0626 6076        CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
13:23:47.0673 6076        CmBatt - ok
13:23:47.0704 6076        cmdide          (d36372a6ea6805efbe8884d10772313f) C:\Windows\system32\drivers\cmdide.sys
13:23:47.0720 6076        cmdide - ok
13:23:48.0406 6076        Com4QLBEx      (2f27104f5d6ed63fdac38cacb9d19dfd) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
13:23:48.0437 6076        Com4QLBEx - ok
13:23:48.0531 6076        Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
13:23:48.0562 6076        Compbatt - ok
13:23:48.0578 6076        COMSysApp - ok
13:23:48.0578 6076        crcdisk        (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
13:23:48.0593 6076        crcdisk - ok
13:23:48.0624 6076        Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
13:23:48.0702 6076        Crusoe - ok
13:23:48.0765 6076        CryptSvc        (6de363f9f99334514c46aec02d3e3678) C:\Windows\system32\cryptsvc.dll
13:23:48.0843 6076        CryptSvc - ok
13:23:49.0451 6076        DcomLaunch      (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll
13:23:49.0592 6076        DcomLaunch - ok
13:23:49.0685 6076        DfsC            (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
13:23:49.0748 6076        DfsC - ok
13:23:52.0228 6076        DFSR            (fa3463f25f9cc9c3bcf1e7912feff099) C:\Windows\system32\DFSR.exe
13:23:52.0431 6076        DFSR - ok
13:23:53.0882 6076        Dhcp            (43a988a9c10333476cb5fb667cbd629d) C:\Windows\System32\dhcpcsvc.dll
13:23:53.0960 6076        Dhcp - ok
13:23:54.0162 6076        disk            (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
13:23:54.0194 6076        disk - ok
13:23:54.0474 6076        Dnscache        (4805d9a6d281c7a7defd9094dec6af7d) C:\Windows\System32\dnsrslvr.dll
13:23:54.0568 6076        Dnscache - ok
13:23:55.0223 6076        dot3svc        (5af620a08c614e24206b79e8153cf1a8) C:\Windows\System32\dot3svc.dll
13:23:55.0332 6076        dot3svc - ok
13:23:55.0442 6076        Dot4            (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
13:23:55.0535 6076        Dot4 - ok
13:23:55.0598 6076        Dot4Print      (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
13:23:55.0660 6076        Dot4Print - ok
13:23:55.0800 6076        dot4usb        (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
13:23:55.0878 6076        dot4usb - ok
13:23:55.0925 6076        DPS            (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
13:23:55.0988 6076        DPS - ok
13:23:56.0034 6076        drmkaud        (a261867e0862be565bc1f86d387c0805) C:\Windows\system32\drivers\drmkaud.sys
13:23:56.0097 6076        drmkaud - ok
13:23:56.0565 6076        DXGKrnl        (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
13:23:56.0674 6076        DXGKrnl - ok
13:23:56.0736 6076        E1G60          (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
13:23:56.0814 6076        E1G60 - ok
13:23:57.0033 6076        EapHost        (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
13:23:57.0111 6076        EapHost - ok
13:23:57.0189 6076        Ecache          (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
13:23:57.0236 6076        Ecache - ok
13:23:57.0594 6076        ehRecvr        (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
13:23:57.0641 6076        ehRecvr - ok
13:23:57.0672 6076        ehSched        (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
13:23:57.0782 6076        ehSched - ok
13:23:57.0797 6076        ehstart        (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
13:23:57.0844 6076        ehstart - ok
13:23:57.0906 6076        elxstor        (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
13:23:57.0953 6076        elxstor - ok
13:23:58.0593 6076        EMDMgmt        (70b1a86df0c8ead17d2bc332edae2c7c) C:\Windows\system32\emdmgmt.dll
13:23:58.0842 6076        EMDMgmt - ok
13:23:58.0874 6076        ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
13:23:58.0936 6076        ErrDev - ok
13:23:59.0591 6076        EventSystem    (3cb3343d720168b575133a0a20dc2465) C:\Windows\system32\es.dll
13:23:59.0669 6076        EventSystem - ok
13:23:59.0747 6076        exfat          (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
13:23:59.0810 6076        exfat - ok
13:24:00.0262 6076        ezSharedSvc    (42f721c52eef2d6df9372a53813a83ef) C:\Windows\System32\ezsvc7.dll
13:24:00.0340 6076        ezSharedSvc ( UnsignedFile.Multi.Generic ) - warning
13:24:00.0340 6076        ezSharedSvc - detected UnsignedFile.Multi.Generic (1)
13:24:00.0621 6076        fastfat        (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
13:24:00.0699 6076        fastfat - ok
13:24:00.0730 6076        fdc            (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
13:24:00.0777 6076        fdc - ok
13:24:00.0824 6076        fdPHost        (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
13:24:00.0870 6076        fdPHost - ok
13:24:00.0902 6076        FDResPub        (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
13:24:00.0995 6076        FDResPub - ok
13:24:01.0198 6076        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
13:24:01.0214 6076        FileInfo - ok
13:24:01.0245 6076        Filetrace      (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
13:24:01.0292 6076        Filetrace - ok
13:24:01.0385 6076        flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
13:24:01.0448 6076        flpydisk - ok
13:24:01.0619 6076        FltMgr          (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
13:24:01.0635 6076        FltMgr - ok
13:24:01.0931 6076        FontCache3.0.0.0 (c9be08664611ddaf98e2331e9288b00b) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:24:01.0962 6076        FontCache3.0.0.0 - ok
13:24:01.0994 6076        Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
13:24:02.0056 6076        Fs_Rec - ok
13:24:02.0212 6076        gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
13:24:02.0259 6076        gagp30kx - ok
13:24:02.0633 6076        GameConsoleService (617dc2877015270914ca3c03873560d5) C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
13:24:02.0696 6076        GameConsoleService - ok
13:24:03.0632 6076        gpsvc          (d9f1113d9401185245573350712f92fc) C:\Windows\System32\gpsvc.dll
13:24:03.0725 6076        gpsvc - ok
13:24:04.0287 6076        gupdate        (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
13:24:04.0334 6076        gupdate - ok
13:24:04.0349 6076        gupdatem        (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
13:24:04.0349 6076        gupdatem - ok
13:24:04.0630 6076        gusvc          (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
13:24:04.0661 6076        gusvc - ok
13:24:04.0926 6076        HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
13:24:05.0051 6076        HdAudAddService - ok
13:24:05.0160 6076        HDAudBus        (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:24:05.0285 6076        HDAudBus - ok
13:24:05.0426 6076        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
13:24:05.0550 6076        HidBth - ok
13:24:05.0644 6076        HidIr          (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
13:24:05.0722 6076        HidIr - ok
13:24:05.0847 6076        hidserv        (8fa640195279ace21bea91396a0054fc) C:\Windows\system32\hidserv.dll
13:24:05.0956 6076        hidserv - ok
13:24:06.0050 6076        HidUsb          (e2b5bd48afcc0f0974fb44641b223250) C:\Windows\system32\DRIVERS\hidusb.sys
13:24:06.0143 6076        HidUsb - ok
13:24:06.0174 6076        hkmsvc          (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
13:24:06.0237 6076        hkmsvc - ok
13:24:06.0674 6076        HP Health Check Service (a19b0bb5a7eb6df2dd4a0711d36955ee) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
13:24:06.0705 6076        HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning
13:24:06.0705 6076        HP Health Check Service - detected UnsignedFile.Multi.Generic (1)
13:24:06.0752 6076        HpCISSs        (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
13:24:06.0767 6076        HpCISSs - ok
13:24:06.0861 6076        HpqKbFiltr      (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
13:24:06.0923 6076        HpqKbFiltr - ok
13:24:07.0110 6076        hpqwmiex        (188ff0adf66768d53ad94f43972e1e9a) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
13:24:07.0188 6076        hpqwmiex ( UnsignedFile.Multi.Generic ) - warning
13:24:07.0188 6076        hpqwmiex - detected UnsignedFile.Multi.Generic (1)
13:24:07.0672 6076        HTTP            (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
13:24:07.0781 6076        HTTP - ok
13:24:07.0922 6076        i2omp          (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
13:24:07.0968 6076        i2omp - ok
13:24:08.0046 6076        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
13:24:08.0093 6076        i8042prt - ok
13:24:08.0702 6076        iaStorV        (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
13:24:08.0733 6076        iaStorV - ok
13:24:09.0513 6076        ICQ Service    (7a95a3ad931b97fec5067e40636ce37f) C:\Program Files\ICQ6Toolbar\ICQ Service.exe
13:24:09.0560 6076        ICQ Service - ok
13:24:10.0964 6076        idsvc          (7b630acaed64fef0c3e1cf255cb56686) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:24:11.0042 6076        idsvc - ok
13:24:14.0817 6076        igfx            (0391268713612372e4e0eceaadad41d5) C:\Windows\system32\DRIVERS\igdkmd32.sys
13:24:15.0004 6076        igfx - ok
13:24:16.0065 6076        iirsp          (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
13:24:16.0080 6076        iirsp - ok
13:24:16.0892 6076        IKEEXT          (68e8c415e102e5d79fd7e4a765b8cba4) C:\Windows\System32\ikeext.dll
13:24:16.0970 6076        IKEEXT - ok
13:24:17.0032 6076        IntcHdmiAddService (092a78e9c6f71bf0e22379503b90e800) C:\Windows\system32\drivers\IntcHdmi.sys
13:24:17.0063 6076        IntcHdmiAddService - ok
13:24:17.0157 6076        intelide        (dd512a049bd7b4bce8a83554c5eff2c1) C:\Windows\system32\drivers\intelide.sys
13:24:17.0219 6076        intelide - ok
13:24:17.0282 6076        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
13:24:17.0344 6076        intelppm - ok
13:24:17.0843 6076        IPBusEnum      (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
13:24:17.0921 6076        IPBusEnum - ok
13:24:18.0046 6076        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:24:18.0124 6076        IpFilterDriver - ok
13:24:18.0842 6076        iphlpsvc        (6a35d233693edc29a12742049bc5e37f) C:\Windows\System32\iphlpsvc.dll
13:24:18.0920 6076        iphlpsvc - ok
13:24:18.0920 6076        IpInIp - ok
13:24:19.0107 6076        IPMIDRV        (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
13:24:19.0185 6076        IPMIDRV - ok
13:24:19.0512 6076        IPNAT          (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
13:24:19.0575 6076        IPNAT - ok
13:24:19.0684 6076        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
13:24:19.0731 6076        IRENUM - ok
13:24:19.0856 6076        isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
13:24:19.0871 6076        isapnp - ok
13:24:19.0918 6076        iScsiPrt        (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
13:24:19.0934 6076        iScsiPrt - ok
13:24:19.0949 6076        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
13:24:19.0965 6076        iteatapi - ok
13:24:19.0965 6076        iteraid        (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
13:24:19.0980 6076        iteraid - ok
13:24:19.0996 6076        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
13:24:19.0996 6076        kbdclass - ok
13:24:20.0012 6076        kbdhid          (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
13:24:20.0058 6076        kbdhid - ok
13:24:20.0105 6076        KeyIso          (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
13:24:20.0199 6076        KeyIso - ok
13:24:20.0246 6076        KMWDFILTER      (566c5fd480fdbce3ba5cf9fbcffaea9a) C:\Windows\system32\DRIVERS\KMWDFILTER.sys
13:24:20.0308 6076        KMWDFILTER - ok
13:24:20.0885 6076        KSecDD          (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
13:24:20.0948 6076        KSecDD - ok
13:24:21.0244 6076        KtmRm          (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
13:24:21.0338 6076        KtmRm - ok
13:24:21.0696 6076        LanmanServer    (1925e63c91cf1610ae41bfd539062079) C:\Windows\system32\srvsvc.dll
13:24:21.0759 6076        LanmanServer - ok
13:24:21.0806 6076        LanmanWorkstation (2ae2e1628c5d3f1c0a46a67c9fa1df15) C:\Windows\System32\wkssvc.dll
13:24:21.0884 6076        LanmanWorkstation - ok
13:24:22.0274 6076        LightScribeService (abf90fc5a127f481219b873c1b8dfc1c) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
13:24:22.0320 6076        LightScribeService ( UnsignedFile.Multi.Generic ) - warning
13:24:22.0320 6076        LightScribeService - detected UnsignedFile.Multi.Generic (1)
13:24:22.0352 6076        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
13:24:22.0414 6076        lltdio - ok
13:24:22.0882 6076        lltdsvc        (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
13:24:22.0944 6076        lltdsvc - ok
13:24:22.0960 6076        lmhosts        (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
13:24:23.0022 6076        lmhosts - ok
13:24:23.0038 6076        LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
13:24:23.0054 6076        LSI_FC - ok
13:24:23.0085 6076        LSI_SAS        (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
13:24:23.0085 6076        LSI_SAS - ok
13:24:23.0116 6076        LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
13:24:23.0132 6076        LSI_SCSI - ok
13:24:23.0147 6076        luafv          (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
13:24:23.0178 6076        luafv - ok
13:24:23.0459 6076        Mcx2Svc        (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
13:24:23.0522 6076        Mcx2Svc - ok
13:24:23.0631 6076        megasas        (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
13:24:23.0678 6076        megasas - ok
13:24:23.0927 6076        MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
13:24:23.0974 6076        MegaSR - ok
13:24:24.0161 6076        MMCSS          (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
13:24:24.0239 6076        MMCSS - ok
13:24:24.0333 6076        Modem          (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
13:24:24.0411 6076        Modem - ok
13:24:24.0614 6076        monitor        (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
13:24:24.0676 6076        monitor - ok
13:24:24.0707 6076        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
13:24:24.0723 6076        mouclass - ok
13:24:24.0738 6076        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
13:24:24.0801 6076        mouhid - ok
13:24:24.0926 6076        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
13:24:24.0941 6076        MountMgr - ok
13:24:25.0160 6076        MpFilter        (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys
13:24:25.0222 6076        MpFilter - ok
13:24:25.0253 6076        mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
13:24:25.0300 6076        mpio - ok
13:24:25.0518 6076        MpKsl726ea188  (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{778743D6-A7AD-4773-BEF6-429099EB4DD0}\MpKsl726ea188.sys
13:24:25.0534 6076        MpKsl726ea188 - ok
13:24:25.0799 6076        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
13:24:25.0877 6076        mpsdrv - ok
13:24:25.0955 6076        MpsSvc          (d1639ba315b0d79dec49a4b0e1fb929b) C:\Windows\system32\mpssvc.dll
13:24:26.0096 6076        MpsSvc - ok
13:24:26.0174 6076        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
13:24:26.0189 6076        Mraid35x - ok
13:24:26.0205 6076        MRxDAV          (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
13:24:26.0283 6076        MRxDAV - ok
13:24:26.0610 6076        mrxsmb          (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:24:26.0735 6076        mrxsmb - ok
13:24:26.0954 6076        mrxsmb10        (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:24:27.0032 6076        mrxsmb10 - ok
13:24:27.0078 6076        mrxsmb20        (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:24:27.0125 6076        mrxsmb20 - ok
13:24:27.0188 6076        msahci          (aa305cff241da187bd5077de4a2a043d) C:\Windows\system32\drivers\msahci.sys
13:24:27.0203 6076        msahci - ok
13:24:27.0219 6076        msdsm          (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
13:24:27.0234 6076        msdsm - ok
13:24:27.0390 6076        MSDTC          (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
13:24:27.0484 6076        MSDTC - ok
13:24:27.0624 6076        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
13:24:27.0687 6076        Msfs - ok
13:24:27.0734 6076        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
13:24:27.0734 6076        msisadrv - ok
13:24:27.0765 6076        MSiSCSI        (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
13:24:27.0874 6076        MSiSCSI - ok
13:24:27.0874 6076        msiserver - ok
13:24:27.0936 6076        MSKSSRV        (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
13:24:27.0999 6076        MSKSSRV - ok
13:24:28.0124 6076        MsMpSvc        (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
13:24:28.0139 6076        MsMpSvc - ok
13:24:28.0170 6076        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
13:24:28.0217 6076        MSPCLOCK - ok
13:24:28.0311 6076        MSPQM          (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
13:24:28.0389 6076        MSPQM - ok
13:24:28.0904 6076        MsRPC          (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
13:24:28.0966 6076        MsRPC - ok
13:24:28.0982 6076        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
13:24:28.0997 6076        mssmbios - ok
13:24:29.0013 6076        MSTEE          (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
13:24:29.0060 6076        MSTEE - ok
13:24:29.0216 6076        Mup            (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
13:24:29.0247 6076        Mup - ok
13:24:29.0996 6076        napagent        (c43b25863fbd65b6d2a142af3ae320ca) C:\Windows\system32\qagentRT.dll
13:24:30.0074 6076        napagent - ok
13:24:30.0136 6076        NativeWifiP    (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
13:24:30.0183 6076        NativeWifiP - ok
13:24:30.0245 6076        NDIS            (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
13:24:30.0292 6076        NDIS - ok
13:24:30.0401 6076        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
13:24:30.0464 6076        NdisTapi - ok
13:24:30.0495 6076        Ndisuio        (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
13:24:30.0526 6076        Ndisuio - ok
13:24:30.0573 6076        NdisWan        (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
13:24:30.0620 6076        NdisWan - ok
13:24:30.0807 6076        NDProxy        (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
13:24:30.0854 6076        NDProxy - ok
13:24:30.0978 6076        NetBIOS        (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
13:24:31.0056 6076        NetBIOS - ok
13:24:31.0696 6076        netbt          (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
13:24:31.0774 6076        netbt - ok
13:24:31.0883 6076        Netlogon        (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
13:24:31.0899 6076        Netlogon - ok
13:24:32.0024 6076        Netman          (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
13:24:32.0086 6076        Netman - ok
13:24:32.0850 6076        netprofm        (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
13:24:32.0944 6076        netprofm - ok
13:24:33.0069 6076        NetTcpPortSharing (0ad5876ef4e9eb77c8f93eb5b2fff386) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:24:33.0100 6076        NetTcpPortSharing - ok
13:24:35.0066 6076        NETw3v32        (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
13:24:35.0237 6076        NETw3v32 - ok
13:24:35.0752 6076        nfrd960        (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
13:24:35.0768 6076        nfrd960 - ok
13:24:35.0799 6076        NisDrv          (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
13:24:35.0814 6076        NisDrv - ok
13:24:35.0970 6076        NisSrv          (290c0d4c4889398797f8df3be00b9698) c:\Program Files\Microsoft Security Client\NisSrv.exe
13:24:35.0986 6076        NisSrv - ok
13:24:36.0033 6076        NlaSvc          (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
13:24:36.0095 6076        NlaSvc - ok
13:24:36.0158 6076        nmwcd          (28e36e677849174c910faaead3e60e9e) C:\Windows\system32\drivers\ccdcmb.sys
13:24:36.0236 6076        nmwcd - ok
13:24:36.0267 6076        nmwcdc          (3823deb17f9f6775de0187a98fa0536d) C:\Windows\system32\drivers\ccdcmbo.sys
13:24:36.0298 6076        nmwcdc - ok
13:24:36.0314 6076        Npfs            (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
13:24:36.0376 6076        Npfs - ok
13:24:36.0548 6076        nsi            (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
13:24:36.0641 6076        nsi - ok
13:24:36.0719 6076        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
13:24:36.0797 6076        nsiproxy - ok
13:24:38.0186 6076        Ntfs            (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
13:24:38.0264 6076        Ntfs - ok
13:24:38.0357 6076        ntrigdigi      (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
13:24:38.0451 6076        ntrigdigi - ok
13:24:38.0513 6076        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
13:24:38.0576 6076        Null - ok
13:24:38.0856 6076        nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
13:24:38.0872 6076        nvraid - ok
13:24:39.0044 6076        nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
13:24:39.0059 6076        nvstor - ok
13:24:39.0106 6076        nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
13:24:39.0122 6076        nv_agp - ok
13:24:39.0122 6076        NwlnkFlt - ok
13:24:39.0137 6076        NwlnkFwd - ok
13:24:39.0200 6076        ohci1394        (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
13:24:39.0246 6076        ohci1394 - ok
13:24:40.0089 6076        ose            (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:24:40.0136 6076        ose - ok
13:24:40.0931 6076        p2pimsvc        (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
13:24:41.0056 6076        p2pimsvc - ok
13:24:41.0072 6076        p2psvc          (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
13:24:41.0103 6076        p2psvc - ok
13:24:41.0165 6076        Parport        (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
13:24:41.0259 6076        Parport - ok
13:24:41.0493 6076        partmgr        (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
13:24:41.0540 6076        partmgr - ok
13:24:41.0571 6076        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
13:24:41.0664 6076        Parvdm - ok
13:24:41.0867 6076        PcaSvc          (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
13:24:41.0930 6076        PcaSvc - ok
13:24:42.0148 6076        pci            (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
13:24:42.0179 6076        pci - ok
13:24:42.0242 6076        pciide          (1d8b3d8df8eb7fcf2f0ac02f9f947802) C:\Windows\system32\drivers\pciide.sys
13:24:42.0273 6076        pciide - ok
13:24:42.0304 6076        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
13:24:42.0335 6076        pcmcia - ok
13:24:42.0429 6076        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
13:24:42.0538 6076        PEAUTH - ok
13:24:45.0237 6076        pla            (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
13:24:45.0408 6076        pla - ok
13:24:47.0452 6076        PlugPlay        (78f975cb6d18265be6f492edb2d7bc7b) C:\Windows\system32\umpnpmgr.dll
13:24:47.0530 6076        PlugPlay - ok
13:24:48.0294 6076        PNRPAutoReg    (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
13:24:48.0326 6076        PNRPAutoReg - ok
13:24:48.0341 6076        PNRPsvc        (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
13:24:48.0372 6076        PNRPsvc - ok
13:24:48.0513 6076        PolicyAgent    (47b8f37aa18b74d8c2e1bc1a7a2c8f8a) C:\Windows\System32\ipsecsvc.dll
13:24:48.0606 6076        PolicyAgent - ok
13:24:48.0762 6076        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
13:24:48.0872 6076        PptpMiniport - ok
13:24:48.0981 6076        Processor      (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
13:24:49.0059 6076        Processor - ok
13:24:49.0106 6076        ProfSvc        (b627e4fc8585e8843c5905d4d3587a90) C:\Windows\system32\profsvc.dll
13:24:49.0168 6076        ProfSvc - ok
13:24:49.0246 6076        ProtectedStorage (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
13:24:49.0277 6076        ProtectedStorage - ok
13:24:49.0355 6076        PSched          (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
13:24:49.0433 6076        PSched - ok
13:24:50.0291 6076        ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
13:24:50.0369 6076        ql2300 - ok
13:24:50.0494 6076        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
13:24:50.0525 6076        ql40xx - ok
13:24:51.0102 6076        QWAVE          (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
13:24:51.0165 6076        QWAVE - ok
13:24:51.0243 6076        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
13:24:51.0274 6076        QWAVEdrv - ok
13:24:51.0305 6076        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
13:24:51.0383 6076        RasAcd - ok
13:24:51.0586 6076        RasAuto        (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
13:24:51.0680 6076        RasAuto - ok
13:24:51.0836 6076        Rasl2tp        (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:24:51.0929 6076        Rasl2tp - ok
13:24:52.0304 6076        RasMan          (afb474438762f0418060653f7294d92c) C:\Windows\System32\rasmans.dll
13:24:52.0366 6076        RasMan - ok
13:24:52.0397 6076        RasPppoe        (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
13:24:52.0428 6076        RasPppoe - ok
13:24:52.0553 6076        RasSstp        (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
13:24:52.0584 6076        RasSstp - ok
13:24:52.0600 6076        rdbss          (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
13:24:52.0647 6076        rdbss - ok
13:24:52.0647 6076        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:24:52.0694 6076        RDPCDD - ok
13:24:53.0208 6076        rdpdr          (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
13:24:53.0271 6076        rdpdr - ok
13:24:53.0318 6076        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
13:24:53.0380 6076        RDPENCDD - ok
13:24:53.0739 6076        RDPWD          (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
13:24:53.0832 6076        RDPWD - ok
13:24:54.0347 6076        Recovery Service for Windows (2063d6b51fd874e67502b31a9fdba685) C:\Program Files\SMINST\BLService.exe
13:24:54.0394 6076        Recovery Service for Windows - ok
13:24:54.0441 6076        RemoteAccess    (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
13:24:54.0488 6076        RemoteAccess - ok
13:24:54.0768 6076        RemoteRegistry  (cc4e32400f3c7253400cf8f3f3a0b676) C:\Windows\system32\regsvc.dll
13:24:54.0862 6076        RemoteRegistry - ok
13:24:55.0346 6076        RichVideo      (498eb62a160674e793fa40fd65390625) C:\Program Files\CyberLink\Shared files\RichVideo.exe
13:24:55.0392 6076        RichVideo - ok
13:24:55.0408 6076        RpcLocator      (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
13:24:55.0455 6076        RpcLocator - ok
13:24:55.0642 6076        RpcSs          (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll
13:24:55.0689 6076        RpcSs - ok
13:24:56.0016 6076        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
13:24:56.0048 6076        rspndr - ok
13:24:56.0110 6076        RTL8169        (5163f804256deb8cf1ef64b780a18caa) C:\Windows\system32\DRIVERS\Rtlh86.sys
13:24:56.0172 6076        RTL8169 - ok
13:24:56.0219 6076        RTSTOR          (2b7da5a2d2c4aae01098d910007edac5) C:\Windows\system32\drivers\RTSTOR.SYS
13:24:56.0282 6076        RTSTOR - ok
13:24:56.0328 6076        SamSs          (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
13:24:56.0328 6076        SamSs - ok
13:24:56.0360 6076        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
13:24:56.0375 6076        sbp2port - ok
13:24:56.0422 6076        SCardSvr        (11387e32642269c7e62e8b52c060b3c6) C:\Windows\System32\SCardSvr.dll
13:24:56.0484 6076        SCardSvr - ok
13:24:57.0389 6076        Schedule        (7b587b8a6d4a99f79d2902d0385f29bd) C:\Windows\system32\schedsvc.dll
13:24:57.0467 6076        Schedule - ok
13:24:57.0514 6076        SCPolicySvc    (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
13:24:57.0545 6076        SCPolicySvc - ok
13:24:57.0842 6076        sdbus          (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
13:24:57.0904 6076        sdbus - ok
13:24:58.0185 6076        SDRSVC          (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
13:24:58.0278 6076        SDRSVC - ok
13:24:58.0294 6076        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
13:24:58.0388 6076        secdrv - ok
13:24:58.0419 6076        seclogon        (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
13:24:58.0466 6076        seclogon - ok
13:24:58.0481 6076        SENS            (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
13:24:58.0544 6076        SENS - ok
13:24:58.0606 6076        Serenum        (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
13:24:58.0700 6076        Serenum - ok
13:24:58.0980 6076        Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
13:24:59.0121 6076        Serial - ok
13:24:59.0199 6076        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
13:24:59.0246 6076        sermouse - ok
13:24:59.0417 6076        SessionEnv      (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
13:24:59.0464 6076        SessionEnv - ok
13:24:59.0573 6076        sffdisk        (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
13:24:59.0604 6076        sffdisk - ok
13:24:59.0682 6076        sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
13:24:59.0745 6076        sffp_mmc - ok
13:24:59.0807 6076        sffp_sd        (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
13:24:59.0870 6076        sffp_sd - ok
13:24:59.0901 6076        sfloppy        (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
13:24:59.0994 6076        sfloppy - ok
13:25:00.0431 6076        SharedAccess    (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
13:25:00.0509 6076        SharedAccess - ok
13:25:01.0008 6076        ShellHWDetection (1e3fdb80e40a3ce645f229dfbdfb7694) C:\Windows\System32\shsvcs.dll
13:25:01.0086 6076        ShellHWDetection - ok
13:25:01.0118 6076        sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
13:25:01.0133 6076        sisagp - ok
13:25:01.0258 6076        SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
13:25:01.0305 6076        SiSRaid2 - ok
13:25:01.0336 6076        SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
13:25:01.0367 6076        SiSRaid4 - ok
13:25:03.0520 6076        slsvc          (0ba91e1358ad25236863039bb2609a2e) C:\Windows\system32\SLsvc.exe
13:25:03.0723 6076        slsvc - ok
13:25:04.0706 6076        SLUINotify      (7c6dc44ca0bfa6291629ab764200d1d4) C:\Windows\system32\SLUINotify.dll
13:25:04.0768 6076        SLUINotify - ok
13:25:05.0252 6076        Smb            (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
13:25:05.0345 6076        Smb - ok
13:25:05.0454 6076        SNMPTRAP        (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
13:25:05.0486 6076        SNMPTRAP - ok
13:25:05.0517 6076        spldr          (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
13:25:05.0532 6076        spldr - ok
13:25:05.0938 6076        Spooler        (3665f79026a3f91fbca63f2c65a09b19) C:\Windows\System32\spoolsv.exe
13:25:06.0000 6076        Spooler - ok
13:25:06.0500 6076        srv            (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
13:25:06.0562 6076        srv - ok
13:25:06.0952 6076        srv2            (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
13:25:07.0046 6076        srv2 - ok
13:25:07.0389 6076        srvnet          (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
13:25:07.0467 6076        srvnet - ok
13:25:07.0529 6076        SSDPSRV        (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
13:25:07.0592 6076        SSDPSRV - ok
13:25:07.0654 6076        SstpSvc        (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
13:25:07.0716 6076        SstpSvc - ok
13:25:08.0512 6076        STacSV          (b56ee2666f0b6019b6206fb3664baf03) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\STacSV.exe
13:25:08.0574 6076        STacSV - ok
13:25:08.0652 6076        STHDA          (5d09e4934bc269c93ebe7c96e34aa8ee) C:\Windows\system32\DRIVERS\stwrt.sys
13:25:08.0715 6076        STHDA - ok
13:25:09.0557 6076        stisvc          (7dd08a597bc56051f320da0baf69e389) C:\Windows\System32\wiaservc.dll
13:25:09.0604 6076        stisvc - ok
13:25:09.0635 6076        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
13:25:09.0666 6076        swenum - ok
13:25:10.0556 6076        swprv          (b36c7cdb86f7f7a8e884479219766950) C:\Windows\System32\swprv.dll
13:25:10.0602 6076        swprv - ok
13:25:10.0618 6076        Symc8xx        (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
13:25:10.0634 6076        Symc8xx - ok
13:25:10.0712 6076        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
13:25:10.0743 6076        Sym_hi - ok
13:25:10.0774 6076        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
13:25:10.0790 6076        Sym_u3 - ok
13:25:11.0414 6076        SynTP          (aee6e411a915f50101895ba8dc5c15d4) C:\Windows\system32\DRIVERS\SynTP.sys
13:25:11.0460 6076        SynTP - ok
13:25:11.0679 6076        SysMain        (8710a92d0024b03b5fb9540df1f71f1d) C:\Windows\system32\sysmain.dll
13:25:11.0788 6076        SysMain - ok
13:25:11.0850 6076        TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
13:25:11.0897 6076        TabletInputService - ok
13:25:11.0928 6076        TapiSrv        (680916bb09ee0f3a6aca7c274b0d633f) C:\Windows\System32\tapisrv.dll
13:25:12.0022 6076        TapiSrv - ok
13:25:12.0225 6076        TBS            (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
13:25:12.0303 6076        TBS - ok
13:25:13.0598 6076        Tcpip          (6216a954ed7045b62880a92d6c9b9fc7) C:\Windows\system32\drivers\tcpip.sys
13:25:13.0676 6076        Tcpip - ok
13:25:13.0691 6076        Tcpip6          (6216a954ed7045b62880a92d6c9b9fc7) C:\Windows\system32\DRIVERS\tcpip.sys
13:25:13.0754 6076        Tcpip6 - ok
13:25:13.0800 6076        tcpipreg        (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
13:25:13.0878 6076        tcpipreg - ok
13:25:13.0910 6076        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
13:25:13.0972 6076        TDPIPE - ok
13:25:14.0081 6076        TDTCP          (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
13:25:14.0159 6076        TDTCP - ok
13:25:14.0409 6076        tdx            (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
13:25:14.0502 6076        tdx - ok
13:25:14.0596 6076        TermDD          (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
13:25:14.0612 6076        TermDD - ok
13:25:15.0626 6076        TermService    (d605031e225aaccbceb5b76a4f1603a6) C:\Windows\System32\termsrv.dll
13:25:15.0704 6076        TermService - ok
13:25:15.0875 6076        Themes          (1e3fdb80e40a3ce645f229dfbdfb7694) C:\Windows\system32\shsvcs.dll
13:25:15.0906 6076        Themes - ok
13:25:16.0109 6076        THREADORDER    (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
13:25:16.0140 6076        THREADORDER - ok
13:25:16.0546 6076        TomTomHOMEService (fbd16717fd68b206c4ce3bb3c9ee5cb3) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
13:25:16.0593 6076        TomTomHOMEService - ok
13:25:16.0640 6076        TrkWks          (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
13:25:16.0702 6076        TrkWks - ok
13:25:16.0952 6076        TrustedInstaller (16613a1bad034d4ecf957af18b7c2ff5) C:\Windows\servicing\TrustedInstaller.exe
13:25:17.0045 6076        TrustedInstaller - ok
13:25:17.0108 6076        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:25:17.0170 6076        tssecsrv - ok
13:25:17.0201 6076        tunmp          (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
13:25:17.0248 6076        tunmp - ok
13:25:17.0373 6076        tunnel          (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
13:25:17.0404 6076        tunnel - ok
13:25:17.0451 6076        uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
13:25:17.0482 6076        uagp35 - ok
13:25:17.0638 6076        udfs            (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
13:25:17.0700 6076        udfs - ok
13:25:17.0872 6076        UI0Detect      (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
13:25:17.0934 6076        UI0Detect - ok
13:25:18.0075 6076        uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
13:25:18.0106 6076        uliagpkx - ok
13:25:18.0137 6076        uliahci        (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
13:25:18.0168 6076        uliahci - ok
13:25:18.0184 6076        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
13:25:18.0200 6076        UlSata - ok
13:25:18.0215 6076        ulsata2        (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
13:25:18.0231 6076        ulsata2 - ok
13:25:18.0246 6076        umbus          (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
13:25:18.0278 6076        umbus - ok
13:25:18.0668 6076        upnphost        (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
13:25:18.0730 6076        upnphost - ok
13:25:18.0761 6076        upperdev        (b1b8bee26227dad9835019201552cb05) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
13:25:18.0824 6076        upperdev - ok
13:25:18.0933 6076        usbccgp        (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
13:25:18.0948 6076        usbccgp - ok
13:25:19.0026 6076        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
13:25:19.0089 6076        usbcir - ok
13:25:19.0136 6076        usbehci        (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
13:25:19.0167 6076        usbehci - ok
13:25:19.0182 6076        usbhub          (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
13:25:19.0229 6076        usbhub - ok
13:25:19.0245 6076        usbohci        (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
13:25:19.0323 6076        usbohci - ok
13:25:19.0448 6076        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
13:25:19.0510 6076        usbprint - ok
13:25:19.0557 6076        usbser          (a96191470581a7091420d25ecd444502) C:\Windows\system32\DRIVERS\usbser.sys
13:25:19.0588 6076        usbser - ok
13:25:19.0604 6076        USBSTOR        (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:25:19.0635 6076        USBSTOR - ok
13:25:19.0682 6076        usbuhci        (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
13:25:19.0728 6076        usbuhci - ok
13:25:19.0791 6076        usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
13:25:19.0853 6076        usbvideo - ok
13:25:20.0368 6076        usnjsvc        (c5b70a6aa947667ce0e5fc84a05ec8b6) C:\Program Files\MSN Messenger\usnsvc.exe
13:25:20.0399 6076        usnjsvc - ok
13:25:20.0430 6076        UxSms          (032a0acc3909ae7215d524e29d536797) C:\Windows\System32\uxsms.dll
13:25:20.0524 6076        UxSms - ok
13:25:20.0727 6076        vds            (b13bc395b9d6116628f5af47e0802ac4) C:\Windows\System32\vds.exe
13:25:20.0805 6076        vds - ok
13:25:20.0914 6076        vga            (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
13:25:20.0945 6076        vga - ok
13:25:21.0054 6076        VgaSave        (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
13:25:21.0086 6076        VgaSave - ok
13:25:21.0242 6076        viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
13:25:21.0273 6076        viaagp - ok
13:25:21.0304 6076        ViaC7          (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
13:25:21.0351 6076        ViaC7 - ok
13:25:21.0429 6076        viaide          (ea1aa6e3abb3c194feba12a46de8cf2c) C:\Windows\system32\drivers\viaide.sys
13:25:21.0444 6076        viaide - ok
13:25:21.0476 6076        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
13:25:21.0491 6076        volmgr - ok
13:25:21.0710 6076        volmgrx        (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
13:25:21.0756 6076        volmgrx - ok
13:25:21.0788 6076        volsnap        (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
13:25:21.0803 6076        volsnap - ok
13:25:21.0819 6076        vsmraid        (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
13:25:21.0834 6076        vsmraid - ok
13:25:22.0786 6076        VSS            (d5fb73d19c46ade183f968e13f186b23) C:\Windows\system32\vssvc.exe
13:25:22.0880 6076        VSS - ok
13:25:22.0989 6076        W32Time        (1cf9206966a8458cda9a8b20df8ab7d3) C:\Windows\system32\w32time.dll
13:25:23.0067 6076        W32Time - ok
13:25:23.0441 6076        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
13:25:23.0519 6076        WacomPen - ok
13:25:23.0722 6076        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
13:25:23.0784 6076        Wanarp - ok
13:25:23.0784 6076        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
13:25:23.0816 6076        Wanarpv6 - ok
13:25:24.0767 6076        wcncsvc        (f3a5c2e1a6533192b070d06ecf6be796) C:\Windows\System32\wcncsvc.dll
13:25:24.0830 6076        wcncsvc - ok
13:25:24.0923 6076        WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
13:25:25.0001 6076        WcsPlugInService - ok
13:25:25.0126 6076        Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
13:25:25.0173 6076        Wd - ok
13:25:25.0719 6076        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
13:25:25.0766 6076        Wdf01000 - ok
13:25:25.0968 6076        WdiServiceHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
13:25:26.0062 6076        WdiServiceHost - ok
13:25:26.0062 6076        WdiSystemHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
13:25:26.0109 6076        WdiSystemHost - ok
13:25:26.0764 6076        WebClient      (cf9a5f41789b642db967021de06a2713) C:\Windows\System32\webclnt.dll
13:25:26.0842 6076        WebClient - ok
13:25:26.0873 6076        Wecsvc          (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
13:25:27.0014 6076        Wecsvc - ok
13:25:27.0170 6076        wercplsupport  (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
13:25:27.0216 6076        wercplsupport - ok
13:25:27.0482 6076        WerSvc          (fd1965aaa112c6818a30ab02742d0461) C:\Windows\System32\WerSvc.dll
13:25:27.0528 6076        WerSvc - ok
13:25:27.0825 6076        WinDefend      (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
13:25:27.0856 6076        WinDefend - ok
13:25:27.0856 6076        WinHttpAutoProxySvc - ok
13:25:28.0059 6076        Winmgmt        (00b79a7c984678f24cf052e5beb3a2f5) C:\Windows\system32\wbem\WMIsvc.dll
13:25:28.0137 6076        Winmgmt - ok
13:25:29.0822 6076        WinRM          (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
13:25:29.0978 6076        WinRM - ok
13:25:30.0867 6076        Wlansvc        (275f4346e569df56cfb95243bd6f6ff0) C:\Windows\System32\wlansvc.dll
13:25:30.0960 6076        Wlansvc - ok
13:25:31.0038 6076        WmiAcpi        (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
13:25:31.0070 6076        WmiAcpi - ok
13:25:31.0631 6076        wmiApSrv        (aba4cf9f856d9a3a25f4ddd7690a6e9d) C:\Windows\system32\wbem\WmiApSrv.exe
13:25:31.0725 6076        wmiApSrv - ok
13:25:32.0879 6076        WMPNetworkSvc  (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
13:25:32.0988 6076        WMPNetworkSvc - ok
13:25:33.0098 6076        WPCSvc          (5d94cd167751294962ba238d82dd1bb8) C:\Windows\System32\wpcsvc.dll
13:25:33.0176 6076        WPCSvc - ok
13:25:33.0410 6076        WPDBusEnum      (396d406292b0cd26e3504ffe82784702) C:\Windows\system32\wpdbusenum.dll
13:25:33.0503 6076        WPDBusEnum - ok
13:25:33.0566 6076        WpdUsb          (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
13:25:33.0612 6076        WpdUsb - ok
13:25:34.0923 6076        WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:25:34.0985 6076        WPFFontCache_v0400 - ok
13:25:35.0016 6076        ws2ifsl        (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
13:25:35.0048 6076        ws2ifsl - ok
13:25:35.0328 6076        wscsvc          (683dd16b590372f2c9661d277f35e49c) C:\Windows\System32\wscsvc.dll
13:25:35.0344 6076        wscsvc - ok
13:25:35.0360 6076        WSearch - ok
13:25:37.0668 6076        wuauserv        (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
13:25:37.0824 6076        wuauserv - ok
13:25:38.0183 6076        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:25:38.0246 6076        WUDFRd - ok
13:25:38.0355 6076        wudfsvc        (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
13:25:38.0417 6076        wudfsvc - ok
13:25:38.0480 6076        yukonwlh        (7d1f3b131d503ef43ee594b5a2b9b427) C:\Windows\system32\DRIVERS\yk60x86.sys
13:25:38.0558 6076        yukonwlh - ok
13:25:38.0589 6076        MBR (0x1B8)    (5c86adec17b739c437e145e3b3fc2e6d) \Device\Harddisk0\DR0
13:25:38.0792 6076        \Device\Harddisk0\DR0 ( TDSS File System ) - warning
13:25:38.0792 6076        \Device\Harddisk0\DR0 - detected TDSS File System (1)
13:25:38.0792 6076        Boot (0x1200)  (7fcb1ab01eae16051b5983495b041fd5) \Device\Harddisk0\DR0\Partition0
13:25:38.0823 6076        \Device\Harddisk0\DR0\Partition0 - ok
13:25:38.0823 6076        Boot (0x1200)  (c33d94aff8896ebc856a1f9ddf84cafd) \Device\Harddisk0\DR0\Partition1
13:25:38.0838 6076        \Device\Harddisk0\DR0\Partition1 - ok
13:25:38.0838 6076        ============================================================
13:25:38.0838 6076        Scan finished
13:25:38.0838 6076        ============================================================
13:25:38.0854 2868        Detected object count: 5
13:25:38.0854 2868        Actual detected object count: 5
13:29:27.0622 2868        ezSharedSvc ( UnsignedFile.Multi.Generic ) - skipped by user
13:29:27.0622 2868        ezSharedSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:29:27.0622 2868        HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user
13:29:27.0622 2868        HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:29:27.0637 2868        hpqwmiex ( UnsignedFile.Multi.Generic ) - skipped by user
13:29:27.0637 2868        hpqwmiex ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:29:27.0637 2868        LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
13:29:27.0637 2868        LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:29:27.0637 2868        \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
13:29:27.0637 2868        \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
Gruß Gustav

cosinus 08.06.2012 13:15
Zitat:
\Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
Das TDSS File System bitte mit dem TDSS-Killer löschen lassen, starte Windows danach neu und mach ein neues Log mit diesem Tool. Poste es wieder mit CODE-Tags umschlossen.

Gustav86 08.06.2012 20:20
Hallo Arne,

habe es gelöscht. Hier ist das neue log:

Code:
21:15:44.0669 2640        TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
21:15:44.0903 2640        ============================================================
21:15:44.0903 2640        Current date / time: 2012/06/08 21:15:44.0903
21:15:44.0903 2640        SystemInfo:
21:15:44.0903 2640       
21:15:44.0903 2640        OS Version: 6.0.6001 ServicePack: 1.0
21:15:44.0903 2640        Product type: Workstation
21:15:44.0903 2640        ComputerName: FRANK-LAPTOP
21:15:44.0903 2640        UserName: Frank
21:15:44.0903 2640        Windows directory: C:\Windows
21:15:44.0903 2640        System windows directory: C:\Windows
21:15:44.0903 2640        Processor architecture: Intel x86
21:15:44.0903 2640        Number of processors: 2
21:15:44.0903 2640        Page size: 0x1000
21:15:44.0903 2640        Boot type: Normal boot
21:15:44.0903 2640        ============================================================
21:15:47.0274 2640        Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:15:47.0352 2640        ============================================================
21:15:47.0352 2640        \Device\Harddisk0\DR0:
21:15:47.0367 2640        MBR partitions:
21:15:47.0367 2640        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1BCD4800
21:15:47.0367 2640        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1BCD5000, BlocksNum 0x14EF000
21:15:47.0367 2640        ============================================================
21:15:47.0414 2640        C: <-> \Device\Harddisk0\DR0\Partition0
21:15:47.0539 2640        D: <-> \Device\Harddisk0\DR0\Partition1
21:15:47.0539 2640        ============================================================
21:15:47.0539 2640        Initialize success
21:15:47.0539 2640        ============================================================
21:15:53.0919 2692        ============================================================
21:15:53.0919 2692        Scan started
21:15:53.0919 2692        Mode: Manual; SigCheck; TDLFS;
21:15:53.0919 2692        ============================================================
21:15:56.0712 2692        acedrv11        (66dc3740111238c91b875d8a0021834d) C:\Windows\system32\drivers\acedrv11.sys
21:15:56.0883 2692        acedrv11 - ok
21:15:57.0211 2692        ACPI            (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
21:15:57.0227 2692        ACPI - ok
21:15:57.0289 2692        adp94xx        (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
21:15:57.0320 2692        adp94xx - ok
21:15:57.0351 2692        adpahci        (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
21:15:57.0367 2692        adpahci - ok
21:15:57.0383 2692        adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
21:15:57.0398 2692        adpu160m - ok
21:15:57.0414 2692        adpu320        (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
21:15:57.0429 2692        adpu320 - ok
21:15:57.0492 2692        AeLookupSvc    (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
21:15:57.0851 2692        AeLookupSvc - ok
21:15:57.0991 2692        AESTFilters    (087b04ca45e2f059a55709b0b8f95ea9) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\aestsrv.exe
21:15:58.0007 2692        AESTFilters - ok
21:15:58.0287 2692        AFD            (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
21:15:58.0334 2692        AFD - ok
21:15:58.0365 2692        agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
21:15:58.0365 2692        agp440 - ok
21:15:58.0397 2692        aic78xx        (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
21:15:58.0412 2692        aic78xx - ok
21:15:58.0428 2692        ALG            (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
21:15:58.0490 2692        ALG - ok
21:15:58.0568 2692        aliide          (3d76fda1a10acc3dc84728f55c29b6d4) C:\Windows\system32\drivers\aliide.sys
21:15:58.0568 2692        aliide - ok
21:15:58.0599 2692        amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
21:15:58.0599 2692        amdagp - ok
21:15:58.0631 2692        amdide          (5b92e7839f5a1fbc1b39de67758ad6f8) C:\Windows\system32\drivers\amdide.sys
21:15:58.0631 2692        amdide - ok
21:15:58.0662 2692        AmdK7          (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
21:15:58.0693 2692        AmdK7 - ok
21:15:58.0927 2692        AmdK8          (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
21:15:58.0974 2692        AmdK8 - ok
21:15:59.0021 2692        Appinfo        (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
21:15:59.0052 2692        Appinfo - ok
21:15:59.0083 2692        arc            (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
21:15:59.0099 2692        arc - ok
21:15:59.0130 2692        arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
21:15:59.0145 2692        arcsas - ok
21:15:59.0161 2692        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
21:15:59.0208 2692        AsyncMac - ok
21:15:59.0208 2692        atapi          (9c0e70031905adbf94edb9ea14af943b) C:\Windows\system32\drivers\atapi.sys
21:15:59.0223 2692        atapi - ok
21:15:59.0801 2692        athr            (02d34ac487df3da4e3f01874e61eb619) C:\Windows\system32\DRIVERS\athr.sys
21:15:59.0894 2692        athr - ok
21:15:59.0957 2692        AudioEndpointBuilder (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
21:16:00.0003 2692        AudioEndpointBuilder - ok
21:16:00.0003 2692        Audiosrv        (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
21:16:00.0050 2692        Audiosrv - ok
21:16:00.0175 2692        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
21:16:00.0237 2692        Beep - ok
21:16:00.0503 2692        BFE            (d3e6d78285529962349a7f1617035938) C:\Windows\System32\bfe.dll
21:16:00.0581 2692        BFE - ok
21:16:00.0830 2692        BITS            (02ed7b4dbc2a3232a389106da7515c3d) C:\Windows\System32\qmgr.dll
21:16:00.0877 2692        BITS - ok
21:16:01.0017 2692        blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
21:16:01.0095 2692        blbdrive - ok
21:16:01.0158 2692        bowser          (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
21:16:01.0220 2692        bowser - ok
21:16:01.0267 2692        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
21:16:01.0298 2692        BrFiltLo - ok
21:16:01.0314 2692        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
21:16:01.0329 2692        BrFiltUp - ok
21:16:01.0704 2692        Browser        (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
21:16:01.0751 2692        Browser - ok
21:16:01.0797 2692        Brserid        (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
21:16:01.0844 2692        Brserid - ok
21:16:02.0094 2692        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
21:16:02.0172 2692        BrSerWdm - ok
21:16:02.0187 2692        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
21:16:02.0312 2692        BrUsbMdm - ok
21:16:02.0359 2692        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
21:16:02.0453 2692        BrUsbSer - ok
21:16:02.0499 2692        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
21:16:02.0546 2692        BTHMODEM - ok
21:16:02.0562 2692        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
21:16:02.0593 2692        cdfs - ok
21:16:02.0609 2692        cdrom          (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
21:16:02.0640 2692        cdrom - ok
21:16:02.0671 2692        CertPropSvc    (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
21:16:02.0702 2692        CertPropSvc - ok
21:16:02.0718 2692        circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
21:16:02.0749 2692        circlass - ok
21:16:02.0858 2692        CLFS            (0703b9dee7eec6d6370edebd43d0f5c2) C:\Windows\system32\CLFS.sys
21:16:02.0889 2692        CLFS - ok
21:16:03.0342 2692        clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:16:03.0373 2692        clr_optimization_v2.0.50727_32 - ok
21:16:04.0013 2692        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:16:04.0059 2692        clr_optimization_v4.0.30319_32 - ok
21:16:04.0106 2692        CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
21:16:04.0137 2692        CmBatt - ok
21:16:04.0184 2692        cmdide          (d36372a6ea6805efbe8884d10772313f) C:\Windows\system32\drivers\cmdide.sys
21:16:04.0200 2692        cmdide - ok
21:16:04.0512 2692        Com4QLBEx      (2f27104f5d6ed63fdac38cacb9d19dfd) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
21:16:04.0527 2692        Com4QLBEx - ok
21:16:04.0637 2692        Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
21:16:04.0668 2692        Compbatt - ok
21:16:04.0668 2692        COMSysApp - ok
21:16:04.0730 2692        crcdisk        (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
21:16:04.0746 2692        crcdisk - ok
21:16:04.0980 2692        Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
21:16:05.0167 2692        Crusoe - ok
21:16:05.0229 2692        CryptSvc        (6de363f9f99334514c46aec02d3e3678) C:\Windows\system32\cryptsvc.dll
21:16:05.0276 2692        CryptSvc - ok
21:16:05.0432 2692        DcomLaunch      (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll
21:16:05.0463 2692        DcomLaunch - ok
21:16:05.0557 2692        DfsC            (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
21:16:05.0619 2692        DfsC - ok
21:16:06.0275 2692        DFSR            (fa3463f25f9cc9c3bcf1e7912feff099) C:\Windows\system32\DFSR.exe
21:16:06.0431 2692        DFSR - ok
21:16:06.0883 2692        Dhcp            (43a988a9c10333476cb5fb667cbd629d) C:\Windows\System32\dhcpcsvc.dll
21:16:06.0961 2692        Dhcp - ok
21:16:07.0164 2692        disk            (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
21:16:07.0195 2692        disk - ok
21:16:07.0523 2692        Dnscache        (4805d9a6d281c7a7defd9094dec6af7d) C:\Windows\System32\dnsrslvr.dll
21:16:07.0601 2692        Dnscache - ok
21:16:07.0632 2692        dot3svc        (5af620a08c614e24206b79e8153cf1a8) C:\Windows\System32\dot3svc.dll
21:16:07.0679 2692        dot3svc - ok
21:16:07.0757 2692        Dot4            (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
21:16:07.0803 2692        Dot4 - ok
21:16:07.0819 2692        Dot4Print      (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
21:16:07.0850 2692        Dot4Print - ok
21:16:07.0991 2692        dot4usb        (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
21:16:08.0037 2692        dot4usb - ok
21:16:08.0069 2692        DPS            (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
21:16:08.0131 2692        DPS - ok
21:16:08.0162 2692        drmkaud        (a261867e0862be565bc1f86d387c0805) C:\Windows\system32\drivers\drmkaud.sys
21:16:08.0178 2692        drmkaud - ok
21:16:08.0396 2692        DXGKrnl        (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
21:16:08.0490 2692        DXGKrnl - ok
21:16:08.0537 2692        E1G60          (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
21:16:08.0583 2692        E1G60 - ok
21:16:08.0771 2692        EapHost        (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
21:16:08.0864 2692        EapHost - ok
21:16:08.0927 2692        Ecache          (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
21:16:08.0958 2692        Ecache - ok
21:16:09.0426 2692        ehRecvr        (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
21:16:09.0457 2692        ehRecvr - ok
21:16:09.0504 2692        ehSched        (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
21:16:09.0535 2692        ehSched - ok
21:16:09.0551 2692        ehstart        (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
21:16:09.0566 2692        ehstart - ok
21:16:09.0613 2692        elxstor        (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
21:16:09.0644 2692        elxstor - ok
21:16:10.0908 2692        EMDMgmt        (70b1a86df0c8ead17d2bc332edae2c7c) C:\Windows\system32\emdmgmt.dll
21:16:10.0955 2692        EMDMgmt - ok
21:16:11.0033 2692        ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
21:16:11.0064 2692        ErrDev - ok
21:16:11.0345 2692        EventSystem    (3cb3343d720168b575133a0a20dc2465) C:\Windows\system32\es.dll
21:16:11.0391 2692        EventSystem - ok
21:16:11.0438 2692        exfat          (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
21:16:11.0485 2692        exfat - ok
21:16:11.0501 2692        ezSharedSvc    (42f721c52eef2d6df9372a53813a83ef) C:\Windows\System32\ezsvc7.dll
21:16:11.0532 2692        ezSharedSvc ( UnsignedFile.Multi.Generic ) - warning
21:16:11.0532 2692        ezSharedSvc - detected UnsignedFile.Multi.Generic (1)
21:16:11.0563 2692        fastfat        (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
21:16:11.0610 2692        fastfat - ok
21:16:11.0641 2692        fdc            (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
21:16:11.0688 2692        fdc - ok
21:16:11.0719 2692        fdPHost        (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
21:16:11.0766 2692        fdPHost - ok
21:16:11.0797 2692        FDResPub        (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
21:16:11.0875 2692        FDResPub - ok
21:16:11.0891 2692        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
21:16:11.0906 2692        FileInfo - ok
21:16:11.0922 2692        Filetrace      (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
21:16:11.0953 2692        Filetrace - ok
21:16:12.0047 2692        flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
21:16:12.0093 2692        flpydisk - ok
21:16:12.0312 2692        FltMgr          (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
21:16:12.0359 2692        FltMgr - ok
21:16:12.0374 2692        FontCache3.0.0.0 (c9be08664611ddaf98e2331e9288b00b) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:16:12.0390 2692        FontCache3.0.0.0 - ok
21:16:12.0483 2692        Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
21:16:12.0515 2692        Fs_Rec - ok
21:16:12.0546 2692        gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
21:16:12.0561 2692        gagp30kx - ok
21:16:12.0858 2692        GameConsoleService (617dc2877015270914ca3c03873560d5) C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
21:16:12.0905 2692        GameConsoleService - ok
21:16:13.0435 2692        gpsvc          (d9f1113d9401185245573350712f92fc) C:\Windows\System32\gpsvc.dll
21:16:13.0513 2692        gpsvc - ok
21:16:13.0607 2692        gupdate        (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
21:16:13.0638 2692        gupdate - ok
21:16:13.0653 2692        gupdatem        (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
21:16:13.0669 2692        gupdatem - ok
21:16:13.0763 2692        gusvc          (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:16:13.0778 2692        gusvc - ok
21:16:13.0841 2692        HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
21:16:13.0919 2692        HdAudAddService - ok
21:16:13.0934 2692        HDAudBus        (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:16:13.0965 2692        HDAudBus - ok
21:16:14.0059 2692        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
21:16:14.0121 2692        HidBth - ok
21:16:14.0168 2692        HidIr          (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
21:16:14.0215 2692        HidIr - ok
21:16:14.0262 2692        hidserv        (8fa640195279ace21bea91396a0054fc) C:\Windows\system32\hidserv.dll
21:16:14.0324 2692        hidserv - ok
21:16:14.0371 2692        HidUsb          (e2b5bd48afcc0f0974fb44641b223250) C:\Windows\system32\DRIVERS\hidusb.sys
21:16:14.0402 2692        HidUsb - ok
21:16:14.0433 2692        hkmsvc          (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
21:16:14.0480 2692        hkmsvc - ok
21:16:14.0636 2692        HP Health Check Service (a19b0bb5a7eb6df2dd4a0711d36955ee) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
21:16:14.0636 2692        HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning
21:16:14.0652 2692        HP Health Check Service - detected UnsignedFile.Multi.Generic (1)
21:16:14.0667 2692        HpCISSs        (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
21:16:14.0683 2692        HpCISSs - ok
21:16:14.0714 2692        HpqKbFiltr      (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
21:16:14.0730 2692        HpqKbFiltr - ok
21:16:15.0011 2692        hpqwmiex        (188ff0adf66768d53ad94f43972e1e9a) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
21:16:15.0042 2692        hpqwmiex ( UnsignedFile.Multi.Generic ) - warning
21:16:15.0042 2692        hpqwmiex - detected UnsignedFile.Multi.Generic (1)
21:16:15.0104 2692        HTTP            (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
21:16:15.0182 2692        HTTP - ok
21:16:15.0260 2692        i2omp          (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
21:16:15.0276 2692        i2omp - ok
21:16:15.0307 2692        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
21:16:15.0338 2692        i8042prt - ok
21:16:15.0728 2692        iaStorV        (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
21:16:15.0791 2692        iaStorV - ok
21:16:15.0993 2692        ICQ Service    (7a95a3ad931b97fec5067e40636ce37f) C:\Program Files\ICQ6Toolbar\ICQ Service.exe
21:16:16.0025 2692        ICQ Service - ok
21:16:17.0273 2692        idsvc          (7b630acaed64fef0c3e1cf255cb56686) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:16:17.0351 2692        idsvc - ok
21:16:19.0659 2692        igfx            (0391268713612372e4e0eceaadad41d5) C:\Windows\system32\DRIVERS\igdkmd32.sys
21:16:19.0815 2692        igfx - ok
21:16:20.0143 2692        iirsp          (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
21:16:20.0159 2692        iirsp - ok
21:16:20.0361 2692        IKEEXT          (68e8c415e102e5d79fd7e4a765b8cba4) C:\Windows\System32\ikeext.dll
21:16:20.0424 2692        IKEEXT - ok
21:16:20.0471 2692        IntcHdmiAddService (092a78e9c6f71bf0e22379503b90e800) C:\Windows\system32\drivers\IntcHdmi.sys
21:16:20.0486 2692        IntcHdmiAddService - ok
21:16:20.0502 2692        intelide        (dd512a049bd7b4bce8a83554c5eff2c1) C:\Windows\system32\drivers\intelide.sys
21:16:20.0517 2692        intelide - ok
21:16:20.0549 2692        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
21:16:20.0595 2692        intelppm - ok
21:16:20.0658 2692        IPBusEnum      (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
21:16:20.0705 2692        IPBusEnum - ok
21:16:20.0783 2692        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:16:20.0814 2692        IpFilterDriver - ok
21:16:20.0923 2692        iphlpsvc        (6a35d233693edc29a12742049bc5e37f) C:\Windows\System32\iphlpsvc.dll
21:16:20.0939 2692        iphlpsvc - ok
21:16:20.0939 2692        IpInIp - ok
21:16:20.0970 2692        IPMIDRV        (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
21:16:21.0017 2692        IPMIDRV - ok
21:16:21.0032 2692        IPNAT          (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
21:16:21.0079 2692        IPNAT - ok
21:16:21.0126 2692        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
21:16:21.0173 2692        IRENUM - ok
21:16:21.0219 2692        isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
21:16:21.0235 2692        isapnp - ok
21:16:21.0266 2692        iScsiPrt        (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
21:16:21.0282 2692        iScsiPrt - ok
21:16:21.0297 2692        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
21:16:21.0313 2692        iteatapi - ok
21:16:21.0329 2692        iteraid        (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
21:16:21.0344 2692        iteraid - ok
21:16:21.0360 2692        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:16:21.0375 2692        kbdclass - ok
21:16:21.0391 2692        kbdhid          (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
21:16:21.0422 2692        kbdhid - ok
21:16:21.0453 2692        KeyIso          (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
21:16:21.0485 2692        KeyIso - ok
21:16:21.0516 2692        KMWDFILTER      (566c5fd480fdbce3ba5cf9fbcffaea9a) C:\Windows\system32\DRIVERS\KMWDFILTER.sys
21:16:21.0547 2692        KMWDFILTER - ok
21:16:21.0703 2692        KSecDD          (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
21:16:21.0734 2692        KSecDD - ok
21:16:21.0797 2692        KtmRm          (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
21:16:21.0875 2692        KtmRm - ok
21:16:22.0015 2692        LanmanServer    (1925e63c91cf1610ae41bfd539062079) C:\Windows\system32\srvsvc.dll
21:16:22.0031 2692        LanmanServer - ok
21:16:22.0062 2692        LanmanWorkstation (2ae2e1628c5d3f1c0a46a67c9fa1df15) C:\Windows\System32\wkssvc.dll
21:16:22.0109 2692        LanmanWorkstation - ok
21:16:22.0202 2692        LightScribeService (abf90fc5a127f481219b873c1b8dfc1c) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
21:16:22.0202 2692        LightScribeService ( UnsignedFile.Multi.Generic ) - warning
21:16:22.0202 2692        LightScribeService - detected UnsignedFile.Multi.Generic (1)
21:16:22.0233 2692        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
21:16:22.0280 2692        lltdio - ok
21:16:22.0467 2692        lltdsvc        (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
21:16:22.0530 2692        lltdsvc - ok
21:16:22.0545 2692        lmhosts        (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
21:16:22.0608 2692        lmhosts - ok
21:16:22.0639 2692        LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
21:16:22.0655 2692        LSI_FC - ok
21:16:22.0670 2692        LSI_SAS        (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
21:16:22.0686 2692        LSI_SAS - ok
21:16:22.0717 2692        LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
21:16:22.0733 2692        LSI_SCSI - ok
21:16:22.0748 2692        luafv          (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
21:16:22.0779 2692        luafv - ok
21:16:22.0842 2692        Mcx2Svc        (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
21:16:22.0857 2692        Mcx2Svc - ok
21:16:22.0873 2692        megasas        (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
21:16:22.0889 2692        megasas - ok
21:16:23.0045 2692        MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
21:16:23.0107 2692        MegaSR - ok
21:16:23.0138 2692        MMCSS          (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
21:16:23.0185 2692        MMCSS - ok
21:16:23.0216 2692        Modem          (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
21:16:23.0263 2692        Modem - ok
21:16:23.0341 2692        monitor        (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
21:16:23.0388 2692        monitor - ok
21:16:23.0419 2692        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
21:16:23.0435 2692        mouclass - ok
21:16:23.0450 2692        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
21:16:23.0513 2692        mouhid - ok
21:16:23.0544 2692        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
21:16:23.0559 2692        MountMgr - ok
21:16:23.0669 2692        MpFilter        (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys
21:16:23.0700 2692        MpFilter - ok
21:16:23.0747 2692        mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
21:16:23.0762 2692        mpio - ok
21:16:23.0778 2692        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
21:16:23.0825 2692        mpsdrv - ok
21:16:24.0027 2692        MpsSvc          (d1639ba315b0d79dec49a4b0e1fb929b) C:\Windows\system32\mpssvc.dll
21:16:24.0105 2692        MpsSvc - ok
21:16:24.0152 2692        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
21:16:24.0168 2692        Mraid35x - ok
21:16:24.0199 2692        MRxDAV          (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
21:16:24.0215 2692        MRxDAV - ok
21:16:24.0339 2692        mrxsmb          (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:16:24.0371 2692        mrxsmb - ok
21:16:24.0449 2692        mrxsmb10        (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:16:24.0480 2692        mrxsmb10 - ok
21:16:24.0589 2692        mrxsmb20        (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:16:24.0605 2692        mrxsmb20 - ok
21:16:24.0651 2692        msahci          (aa305cff241da187bd5077de4a2a043d) C:\Windows\system32\drivers\msahci.sys
21:16:24.0667 2692        msahci - ok
21:16:24.0729 2692        msdsm          (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
21:16:24.0745 2692        msdsm - ok
21:16:24.0776 2692        MSDTC          (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
21:16:24.0823 2692        MSDTC - ok
21:16:24.0885 2692        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
21:16:24.0932 2692        Msfs - ok
21:16:24.0979 2692        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
21:16:24.0995 2692        msisadrv - ok
21:16:25.0151 2692        MSiSCSI        (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
21:16:25.0197 2692        MSiSCSI - ok
21:16:25.0213 2692        msiserver - ok
21:16:25.0244 2692        MSKSSRV        (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
21:16:25.0275 2692        MSKSSRV - ok
21:16:25.0353 2692        MsMpSvc        (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
21:16:25.0369 2692        MsMpSvc - ok
21:16:25.0416 2692        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
21:16:25.0463 2692        MSPCLOCK - ok
21:16:25.0509 2692        MSPQM          (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
21:16:25.0541 2692        MSPQM - ok
21:16:25.0697 2692        MsRPC          (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
21:16:25.0759 2692        MsRPC - ok
21:16:25.0790 2692        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
21:16:25.0806 2692        mssmbios - ok
21:16:25.0837 2692        MSTEE          (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
21:16:25.0884 2692        MSTEE - ok
21:16:25.0946 2692        Mup            (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
21:16:25.0962 2692        Mup - ok
21:16:26.0165 2692        napagent        (c43b25863fbd65b6d2a142af3ae320ca) C:\Windows\system32\qagentRT.dll
21:16:26.0227 2692        napagent - ok
21:16:26.0274 2692        NativeWifiP    (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
21:16:26.0305 2692        NativeWifiP - ok
21:16:26.0367 2692        NDIS            (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
21:16:26.0430 2692        NDIS - ok
21:16:26.0461 2692        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
21:16:26.0492 2692        NdisTapi - ok
21:16:26.0555 2692        Ndisuio        (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
21:16:26.0617 2692        Ndisuio - ok
21:16:26.0664 2692        NdisWan        (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
21:16:26.0695 2692        NdisWan - ok
21:16:26.0757 2692        NDProxy        (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
21:16:26.0789 2692        NDProxy - ok
21:16:26.0867 2692        NetBIOS        (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
21:16:26.0898 2692        NetBIOS - ok
21:16:27.0085 2692        netbt          (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
21:16:27.0132 2692        netbt - ok
21:16:27.0210 2692        Netlogon        (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
21:16:27.0225 2692        Netlogon - ok
21:16:27.0506 2692        Netman          (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
21:16:27.0553 2692        Netman - ok
21:16:27.0818 2692        netprofm        (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
21:16:27.0865 2692        netprofm - ok
21:16:27.0927 2692        NetTcpPortSharing (0ad5876ef4e9eb77c8f93eb5b2fff386) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:16:27.0943 2692        NetTcpPortSharing - ok
21:16:29.0394 2692        NETw3v32        (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
21:16:29.0565 2692        NETw3v32 - ok
21:16:31.0172 2692        nfrd960        (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
21:16:31.0235 2692        nfrd960 - ok
21:16:31.0375 2692        NisDrv          (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
21:16:31.0391 2692        NisDrv - ok
21:16:31.0921 2692        NisSrv          (290c0d4c4889398797f8df3be00b9698) c:\Program Files\Microsoft Security Client\NisSrv.exe
21:16:32.0015 2692        NisSrv - ok
21:16:32.0202 2692        NlaSvc          (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
21:16:32.0264 2692        NlaSvc - ok
21:16:32.0295 2692        nmwcd          (28e36e677849174c910faaead3e60e9e) C:\Windows\system32\drivers\ccdcmb.sys
21:16:32.0342 2692        nmwcd - ok
21:16:32.0373 2692        nmwcdc          (3823deb17f9f6775de0187a98fa0536d) C:\Windows\system32\drivers\ccdcmbo.sys
21:16:32.0405 2692        nmwcdc - ok
21:16:32.0420 2692        Npfs            (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
21:16:32.0451 2692        Npfs - ok
21:16:32.0483 2692        nsi            (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
21:16:32.0514 2692        nsi - ok
21:16:32.0529 2692        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
21:16:32.0561 2692        nsiproxy - ok
21:16:33.0497 2692        Ntfs            (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
21:16:33.0606 2692        Ntfs - ok
21:16:33.0684 2692        ntrigdigi      (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
21:16:33.0746 2692        ntrigdigi - ok
21:16:33.0762 2692        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
21:16:33.0809 2692        Null - ok
21:16:33.0824 2692        nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
21:16:33.0840 2692        nvraid - ok
21:16:33.0871 2692        nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
21:16:33.0871 2692        nvstor - ok
21:16:33.0902 2692        nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
21:16:33.0918 2692        nv_agp - ok
21:16:33.0918 2692        NwlnkFlt - ok
21:16:33.0918 2692        NwlnkFwd - ok
21:16:33.0949 2692        ohci1394        (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
21:16:33.0996 2692        ohci1394 - ok
21:16:34.0355 2692        ose            (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:16:34.0401 2692        ose - ok
21:16:34.0495 2692        p2pimsvc        (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
21:16:34.0573 2692        p2pimsvc - ok
21:16:34.0589 2692        p2psvc          (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
21:16:34.0651 2692        p2psvc - ok
21:16:34.0760 2692        Parport        (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
21:16:34.0869 2692        Parport - ok
21:16:34.0916 2692        partmgr        (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
21:16:34.0932 2692        partmgr - ok
21:16:34.0963 2692        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
21:16:35.0025 2692        Parvdm - ok
21:16:35.0057 2692        PcaSvc          (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
21:16:35.0072 2692        PcaSvc - ok
21:16:35.0103 2692        pci            (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
21:16:35.0119 2692        pci - ok
21:16:35.0135 2692        pciide          (1d8b3d8df8eb7fcf2f0ac02f9f947802) C:\Windows\system32\drivers\pciide.sys
21:16:35.0150 2692        pciide - ok
21:16:35.0369 2692        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
21:16:35.0400 2692        pcmcia - ok
21:16:35.0493 2692        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
21:16:35.0618 2692        PEAUTH - ok
21:16:35.0961 2692        pla            (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
21:16:36.0071 2692        pla - ok
21:16:36.0461 2692        PlugPlay        (78f975cb6d18265be6f492edb2d7bc7b) C:\Windows\system32\umpnpmgr.dll
21:16:36.0507 2692        PlugPlay - ok
21:16:37.0085 2692        PNRPAutoReg    (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
21:16:37.0116 2692        PNRPAutoReg - ok
21:16:37.0131 2692        PNRPsvc        (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
21:16:37.0194 2692        PNRPsvc - ok
21:16:37.0771 2692        PolicyAgent    (47b8f37aa18b74d8c2e1bc1a7a2c8f8a) C:\Windows\System32\ipsecsvc.dll
21:16:37.0849 2692        PolicyAgent - ok
21:16:38.0239 2692        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
21:16:38.0286 2692        PptpMiniport - ok
21:16:38.0317 2692        Processor      (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
21:16:38.0333 2692        Processor - ok
21:16:38.0598 2692        ProfSvc        (b627e4fc8585e8843c5905d4d3587a90) C:\Windows\system32\profsvc.dll
21:16:38.0629 2692        ProfSvc - ok
21:16:38.0691 2692        ProtectedStorage (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
21:16:38.0707 2692        ProtectedStorage - ok
21:16:38.0832 2692        PSched          (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
21:16:38.0847 2692        PSched - ok
21:16:39.0144 2692        ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
21:16:39.0206 2692        ql2300 - ok
21:16:39.0393 2692        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
21:16:39.0440 2692        ql40xx - ok
21:16:39.0487 2692        QWAVE          (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
21:16:39.0534 2692        QWAVE - ok
21:16:39.0549 2692        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
21:16:39.0565 2692        QWAVEdrv - ok
21:16:39.0581 2692        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
21:16:39.0612 2692        RasAcd - ok
21:16:39.0627 2692        RasAuto        (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
21:16:39.0674 2692        RasAuto - ok
21:16:39.0721 2692        Rasl2tp        (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:16:39.0752 2692        Rasl2tp - ok
21:16:39.0955 2692        RasMan          (afb474438762f0418060653f7294d92c) C:\Windows\System32\rasmans.dll
21:16:40.0002 2692        RasMan - ok
21:16:40.0033 2692        RasPppoe        (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
21:16:40.0049 2692        RasPppoe - ok
21:16:40.0127 2692        RasSstp        (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
21:16:40.0158 2692        RasSstp - ok
21:16:40.0298 2692        rdbss          (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
21:16:40.0345 2692        rdbss - ok
21:16:40.0361 2692        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:16:40.0392 2692        RDPCDD - ok
21:16:40.0563 2692        rdpdr          (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
21:16:40.0626 2692        rdpdr - ok
21:16:40.0657 2692        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
21:16:40.0673 2692        RDPENCDD - ok
21:16:40.0719 2692        RDPWD          (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
21:16:40.0751 2692        RDPWD - ok
21:16:41.0125 2692        Recovery Service for Windows (2063d6b51fd874e67502b31a9fdba685) C:\Program Files\SMINST\BLService.exe
21:16:41.0203 2692        Recovery Service for Windows - ok
21:16:41.0250 2692        RemoteAccess    (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
21:16:41.0297 2692        RemoteAccess - ok
21:16:41.0375 2692        RemoteRegistry  (cc4e32400f3c7253400cf8f3f3a0b676) C:\Windows\system32\regsvc.dll
21:16:41.0437 2692        RemoteRegistry - ok
21:16:41.0624 2692        RichVideo      (498eb62a160674e793fa40fd65390625) C:\Program Files\CyberLink\Shared files\RichVideo.exe
21:16:41.0655 2692        RichVideo - ok
21:16:41.0687 2692        RpcLocator      (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
21:16:41.0702 2692        RpcLocator - ok
21:16:42.0030 2692        RpcSs          (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll
21:16:42.0077 2692        RpcSs - ok
21:16:42.0139 2692        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
21:16:42.0170 2692        rspndr - ok
21:16:42.0233 2692        RTL8169        (5163f804256deb8cf1ef64b780a18caa) C:\Windows\system32\DRIVERS\Rtlh86.sys
21:16:42.0279 2692        RTL8169 - ok
21:16:42.0326 2692        RTSTOR          (2b7da5a2d2c4aae01098d910007edac5) C:\Windows\system32\drivers\RTSTOR.SYS
21:16:42.0357 2692        RTSTOR - ok
21:16:42.0373 2692        SamSs          (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
21:16:42.0389 2692        SamSs - ok
21:16:42.0451 2692        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
21:16:42.0467 2692        sbp2port - ok
21:16:42.0498 2692        SCardSvr        (11387e32642269c7e62e8b52c060b3c6) C:\Windows\System32\SCardSvr.dll
21:16:42.0529 2692        SCardSvr - ok
21:16:42.0997 2692        Schedule        (7b587b8a6d4a99f79d2902d0385f29bd) C:\Windows\system32\schedsvc.dll
21:16:43.0075 2692        Schedule - ok
21:16:43.0091 2692        SCPolicySvc    (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
21:16:43.0122 2692        SCPolicySvc - ok
21:16:43.0231 2692        sdbus          (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
21:16:43.0262 2692        sdbus - ok
21:16:43.0434 2692        SDRSVC          (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
21:16:43.0512 2692        SDRSVC - ok
21:16:43.0527 2692        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:16:43.0590 2692        secdrv - ok
21:16:43.0683 2692        seclogon        (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
21:16:43.0715 2692        seclogon - ok
21:16:43.0855 2692        SENS            (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
21:16:43.0902 2692        SENS - ok
21:16:43.0917 2692        Serenum        (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
21:16:44.0011 2692        Serenum - ok
21:16:44.0229 2692        Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
21:16:44.0339 2692        Serial - ok
21:16:44.0417 2692        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
21:16:44.0463 2692        sermouse - ok
21:16:44.0869 2692        SessionEnv      (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
21:16:44.0931 2692        SessionEnv - ok
21:16:45.0041 2692        sffdisk        (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
21:16:45.0072 2692        sffdisk - ok
21:16:45.0119 2692        sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
21:16:45.0165 2692        sffp_mmc - ok
21:16:45.0212 2692        sffp_sd        (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
21:16:45.0259 2692        sffp_sd - ok
21:16:45.0321 2692        sfloppy        (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
21:16:45.0384 2692        sfloppy - ok
21:16:46.0148 2692        SharedAccess    (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
21:16:46.0211 2692        SharedAccess - ok
21:16:46.0382 2692        ShellHWDetection (1e3fdb80e40a3ce645f229dfbdfb7694) C:\Windows\System32\shsvcs.dll
21:16:46.0445 2692        ShellHWDetection - ok
21:16:46.0460 2692        sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
21:16:46.0476 2692        sisagp - ok
21:16:46.0569 2692        SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
21:16:46.0616 2692        SiSRaid2 - ok
21:16:46.0632 2692        SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
21:16:46.0647 2692        SiSRaid4 - ok
21:16:48.0972 2692        slsvc          (0ba91e1358ad25236863039bb2609a2e) C:\Windows\system32\SLsvc.exe
21:16:49.0143 2692        slsvc - ok
21:16:49.0377 2692        SLUINotify      (7c6dc44ca0bfa6291629ab764200d1d4) C:\Windows\system32\SLUINotify.dll
21:16:49.0440 2692        SLUINotify - ok
21:16:49.0549 2692        Smb            (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
21:16:49.0580 2692        Smb - ok
21:16:49.0643 2692        SNMPTRAP        (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
21:16:49.0689 2692        SNMPTRAP - ok
21:16:49.0705 2692        spldr          (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
21:16:49.0721 2692        spldr - ok
21:16:49.0908 2692        Spooler        (3665f79026a3f91fbca63f2c65a09b19) C:\Windows\System32\spoolsv.exe
21:16:49.0970 2692        Spooler - ok
21:16:50.0267 2692        srv            (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
21:16:50.0313 2692        srv - ok
21:16:50.0516 2692        srv2            (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
21:16:50.0547 2692        srv2 - ok
21:16:50.0719 2692        srvnet          (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
21:16:50.0750 2692        srvnet - ok
21:16:50.0781 2692        SSDPSRV        (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
21:16:50.0828 2692        SSDPSRV - ok
21:16:50.0875 2692        SstpSvc        (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
21:16:50.0906 2692        SstpSvc - ok
21:16:51.0374 2692        STacSV          (b56ee2666f0b6019b6206fb3664baf03) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\STacSV.exe
21:16:51.0405 2692        STacSV - ok
21:16:51.0483 2692        STHDA          (5d09e4934bc269c93ebe7c96e34aa8ee) C:\Windows\system32\DRIVERS\stwrt.sys
21:16:51.0515 2692        STHDA - ok
21:16:51.0951 2692        stisvc          (7dd08a597bc56051f320da0baf69e389) C:\Windows\System32\wiaservc.dll
21:16:52.0029 2692        stisvc - ok
21:16:52.0076 2692        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
21:16:52.0092 2692        swenum - ok
21:16:52.0529 2692        swprv          (b36c7cdb86f7f7a8e884479219766950) C:\Windows\System32\swprv.dll
21:16:52.0716 2692        swprv - ok
21:16:52.0825 2692        Symc8xx        (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
21:16:52.0825 2692        Symc8xx - ok
21:16:52.0934 2692        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
21:16:52.0950 2692        Sym_hi - ok
21:16:53.0028 2692        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
21:16:53.0043 2692        Sym_u3 - ok
21:16:53.0309 2692        SynTP          (aee6e411a915f50101895ba8dc5c15d4) C:\Windows\system32\DRIVERS\SynTP.sys
21:16:53.0324 2692        SynTP - ok
21:16:53.0574 2692        SysMain        (8710a92d0024b03b5fb9540df1f71f1d) C:\Windows\system32\sysmain.dll
21:16:53.0636 2692        SysMain - ok
21:16:53.0667 2692        TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
21:16:53.0699 2692        TabletInputService - ok
21:16:53.0995 2692        TapiSrv        (680916bb09ee0f3a6aca7c274b0d633f) C:\Windows\System32\tapisrv.dll
21:16:54.0073 2692        TapiSrv - ok
21:16:54.0213 2692        TBS            (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
21:16:54.0276 2692        TBS - ok
21:16:58.0082 2692        Tcpip          (6216a954ed7045b62880a92d6c9b9fc7) C:\Windows\system32\drivers\tcpip.sys
21:16:58.0613 2692        Tcpip - ok
21:16:58.0628 2692        Tcpip6          (6216a954ed7045b62880a92d6c9b9fc7) C:\Windows\system32\DRIVERS\tcpip.sys
21:16:58.0722 2692        Tcpip6 - ok
21:16:58.0753 2692        tcpipreg        (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
21:16:58.0784 2692        tcpipreg - ok
21:16:58.0847 2692        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
21:16:58.0893 2692        TDPIPE - ok
21:16:58.0909 2692        TDTCP          (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
21:16:58.0956 2692        TDTCP - ok
21:16:59.0205 2692        tdx            (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
21:16:59.0252 2692        tdx - ok
21:16:59.0361 2692        TermDD          (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
21:16:59.0361 2692        TermDD - ok
21:16:59.0814 2692        TermService    (d605031e225aaccbceb5b76a4f1603a6) C:\Windows\System32\termsrv.dll
21:16:59.0907 2692        TermService - ok
21:16:59.0970 2692        Themes          (1e3fdb80e40a3ce645f229dfbdfb7694) C:\Windows\system32\shsvcs.dll
21:16:59.0985 2692        Themes - ok
21:17:00.0063 2692        THREADORDER    (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
21:17:00.0095 2692        THREADORDER - ok
21:17:00.0204 2692        TomTomHOMEService (fbd16717fd68b206c4ce3bb3c9ee5cb3) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
21:17:00.0219 2692        TomTomHOMEService - ok
21:17:00.0251 2692        TrkWks          (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
21:17:00.0297 2692        TrkWks - ok
21:17:00.0344 2692        TrustedInstaller (16613a1bad034d4ecf957af18b7c2ff5) C:\Windows\servicing\TrustedInstaller.exe
21:17:00.0375 2692        TrustedInstaller - ok
21:17:00.0407 2692        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:17:00.0438 2692        tssecsrv - ok
21:17:00.0453 2692        tunmp          (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
21:17:00.0485 2692        tunmp - ok
21:17:00.0531 2692        tunnel          (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
21:17:00.0547 2692        tunnel - ok
21:17:00.0578 2692        uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
21:17:00.0594 2692        uagp35 - ok
21:17:00.0625 2692        udfs            (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
21:17:00.0672 2692        udfs - ok
21:17:00.0719 2692        UI0Detect      (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
21:17:00.0765 2692        UI0Detect - ok
21:17:00.0781 2692        uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
21:17:00.0797 2692        uliagpkx - ok
21:17:00.0843 2692        uliahci        (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
21:17:00.0859 2692        uliahci - ok
21:17:00.0875 2692        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
21:17:00.0890 2692        UlSata - ok
21:17:00.0906 2692        ulsata2        (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
21:17:00.0921 2692        ulsata2 - ok
21:17:00.0921 2692        umbus          (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
21:17:00.0953 2692        umbus - ok
21:17:00.0999 2692        upnphost        (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
21:17:01.0031 2692        upnphost - ok
21:17:01.0062 2692        upperdev        (b1b8bee26227dad9835019201552cb05) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
21:17:01.0093 2692        upperdev - ok
21:17:01.0124 2692        usbccgp        (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
21:17:01.0155 2692        usbccgp - ok
21:17:01.0187 2692        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
21:17:01.0233 2692        usbcir - ok
21:17:01.0265 2692        usbehci        (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
21:17:01.0280 2692        usbehci - ok
21:17:01.0311 2692        usbhub          (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
21:17:01.0343 2692        usbhub - ok
21:17:01.0358 2692        usbohci        (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
21:17:01.0405 2692        usbohci - ok
21:17:01.0483 2692        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
21:17:01.0514 2692        usbprint - ok
21:17:01.0592 2692        usbser          (a96191470581a7091420d25ecd444502) C:\Windows\system32\DRIVERS\usbser.sys
21:17:01.0608 2692        usbser - ok
21:17:01.0639 2692        USBSTOR        (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:17:01.0670 2692        USBSTOR - ok
21:17:01.0733 2692        usbuhci        (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
21:17:01.0764 2692        usbuhci - ok
21:17:01.0795 2692        usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
21:17:01.0842 2692        usbvideo - ok
21:17:02.0045 2692        usnjsvc        (c5b70a6aa947667ce0e5fc84a05ec8b6) C:\Program Files\MSN Messenger\usnsvc.exe
21:17:02.0076 2692        usnjsvc - ok
21:17:02.0091 2692        UxSms          (032a0acc3909ae7215d524e29d536797) C:\Windows\System32\uxsms.dll
21:17:02.0138 2692        UxSms - ok
21:17:02.0185 2692        vds            (b13bc395b9d6116628f5af47e0802ac4) C:\Windows\System32\vds.exe
21:17:02.0247 2692        vds - ok
21:17:02.0372 2692        vga            (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
21:17:02.0419 2692        vga - ok
21:17:02.0435 2692        VgaSave        (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
21:17:02.0466 2692        VgaSave - ok
21:17:02.0559 2692        viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
21:17:02.0591 2692        viaagp - ok
21:17:02.0637 2692        ViaC7          (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
21:17:02.0669 2692        ViaC7 - ok
21:17:02.0731 2692        viaide          (ea1aa6e3abb3c194feba12a46de8cf2c) C:\Windows\system32\drivers\viaide.sys
21:17:02.0747 2692        viaide - ok
21:17:02.0762 2692        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
21:17:02.0778 2692        volmgr - ok
21:17:02.0918 2692        volmgrx        (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
21:17:02.0949 2692        volmgrx - ok
21:17:02.0996 2692        volsnap        (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
21:17:03.0027 2692        volsnap - ok
21:17:03.0043 2692        vsmraid        (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
21:17:03.0059 2692        vsmraid - ok
21:17:07.0317 2692        VSS            (d5fb73d19c46ade183f968e13f186b23) C:\Windows\system32\vssvc.exe
21:17:07.0458 2692        VSS - ok
21:17:07.0692 2692        W32Time        (1cf9206966a8458cda9a8b20df8ab7d3) C:\Windows\system32\w32time.dll
21:17:07.0739 2692        W32Time - ok
21:17:08.0378 2692        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
21:17:08.0487 2692        WacomPen - ok
21:17:08.0628 2692        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:17:08.0659 2692        Wanarp - ok
21:17:08.0675 2692        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:17:08.0706 2692        Wanarpv6 - ok
21:17:08.0831 2692        wcncsvc        (f3a5c2e1a6533192b070d06ecf6be796) C:\Windows\System32\wcncsvc.dll
21:17:08.0877 2692        wcncsvc - ok
21:17:09.0018 2692        WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
21:17:09.0080 2692        WcsPlugInService - ok
21:17:09.0111 2692        Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
21:17:09.0127 2692        Wd - ok
21:17:11.0779 2692        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
21:17:11.0857 2692        Wdf01000 - ok
21:17:11.0888 2692        WdiServiceHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
21:17:11.0935 2692        WdiServiceHost - ok
21:17:11.0935 2692        WdiSystemHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
21:17:11.0966 2692        WdiSystemHost - ok
21:17:12.0777 2692        WebClient      (cf9a5f41789b642db967021de06a2713) C:\Windows\System32\webclnt.dll
21:17:12.0809 2692        WebClient - ok
21:17:12.0918 2692        Wecsvc          (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
21:17:12.0980 2692        Wecsvc - ok
21:17:13.0011 2692        wercplsupport  (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
21:17:13.0043 2692        wercplsupport - ok
21:17:14.0103 2692        WerSvc          (fd1965aaa112c6818a30ab02742d0461) C:\Windows\System32\WerSvc.dll
21:17:14.0166 2692        WerSvc - ok
21:17:15.0773 2692        WinDefend      (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
21:17:15.0804 2692        WinDefend - ok
21:17:15.0819 2692        WinHttpAutoProxySvc - ok
21:17:16.0771 2692        Winmgmt        (00b79a7c984678f24cf052e5beb3a2f5) C:\Windows\system32\wbem\WMIsvc.dll
21:17:16.0833 2692        Winmgmt - ok
21:17:18.0815 2692        WinRM          (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
21:17:18.0924 2692        WinRM - ok
21:17:19.0844 2692        Wlansvc        (275f4346e569df56cfb95243bd6f6ff0) C:\Windows\System32\wlansvc.dll
21:17:19.0891 2692        Wlansvc - ok
21:17:19.0953 2692        WmiAcpi        (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:17:19.0985 2692        WmiAcpi - ok
21:17:20.0609 2692        wmiApSrv        (aba4cf9f856d9a3a25f4ddd7690a6e9d) C:\Windows\system32\wbem\WmiApSrv.exe
21:17:20.0687 2692        wmiApSrv - ok
21:17:20.0983 2692        WMPNetworkSvc  (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
21:17:21.0233 2692        WMPNetworkSvc - ok
21:17:21.0685 2692        WPCSvc          (5d94cd167751294962ba238d82dd1bb8) C:\Windows\System32\wpcsvc.dll
21:17:21.0747 2692        WPCSvc - ok
21:17:21.0779 2692        WPDBusEnum      (396d406292b0cd26e3504ffe82784702) C:\Windows\system32\wpdbusenum.dll
21:17:21.0825 2692        WPDBusEnum - ok
21:17:21.0903 2692        WpdUsb          (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
21:17:21.0935 2692        WpdUsb - ok
21:17:22.0949 2692        WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:17:22.0995 2692        WPFFontCache_v0400 - ok
21:17:23.0058 2692        ws2ifsl        (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
21:17:23.0151 2692        ws2ifsl - ok
21:17:23.0292 2692        wscsvc          (683dd16b590372f2c9661d277f35e49c) C:\Windows\System32\wscsvc.dll
21:17:23.0339 2692        wscsvc - ok
21:17:23.0339 2692        WSearch - ok
21:17:24.0961 2692        wuauserv        (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
21:17:25.0070 2692        wuauserv - ok
21:17:26.0022 2692        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:17:26.0069 2692        WUDFRd - ok
21:17:26.0334 2692        wudfsvc        (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
21:17:26.0459 2692        wudfsvc - ok
21:17:26.0927 2692        yukonwlh        (7d1f3b131d503ef43ee594b5a2b9b427) C:\Windows\system32\DRIVERS\yk60x86.sys
21:17:27.0005 2692        yukonwlh - ok
21:17:27.0051 2692        MBR (0x1B8)    (588ae8f0c685c02ba11f30d9cd7e61a0) \Device\Harddisk0\DR0
21:17:29.0001 2692        \Device\Harddisk0\DR0 - ok
21:17:29.0017 2692        Boot (0x1200)  (7fcb1ab01eae16051b5983495b041fd5) \Device\Harddisk0\DR0\Partition0
21:17:29.0017 2692        \Device\Harddisk0\DR0\Partition0 - ok
21:17:29.0033 2692        Boot (0x1200)  (c33d94aff8896ebc856a1f9ddf84cafd) \Device\Harddisk0\DR0\Partition1
21:17:29.0048 2692        \Device\Harddisk0\DR0\Partition1 - ok
21:17:29.0048 2692        ============================================================
21:17:29.0048 2692        Scan finished
21:17:29.0048 2692        ============================================================
21:17:29.0064 1416        Detected object count: 4
21:17:29.0064 1416        Actual detected object count: 4
21:17:36.0489 1416        ezSharedSvc ( UnsignedFile.Multi.Generic ) - skipped by user
21:17:36.0489 1416        ezSharedSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:17:36.0489 1416        HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:17:36.0489 1416        HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:17:36.0489 1416        hpqwmiex ( UnsignedFile.Multi.Generic ) - skipped by user
21:17:36.0489 1416        hpqwmiex ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:17:36.0489 1416        LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
21:17:36.0489 1416        LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
Gruß Gustav

cosinus 08.06.2012 20:37
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Gustav86 09.06.2012 15:57
Hallo Arne,

die txt-datei hat folgenden Inhalt:

[code]
Combofix Logfile:
Code:
ComboFix 12-06-09.01 - Frank 09.06.2012  16:28:06.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6001.1.1252.49.1031.18.2974.1946 [GMT 2:00]
ausgeführt von:: c:\users\Frank\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\unin0407.exe
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_usnjsvc
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-05-09 bis 2012-06-09  ))))))))))))))))))))))))))))))
.
.
2012-06-08 19:26 . 2012-05-08 16:40        6737808        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0D184237-6487-4001-BE3C-F6E726904A64}\mpengine.dll
2012-06-08 19:12 . 2012-06-08 19:12        --------        d-----w-        C:\TDSSKiller_Quarantine
2012-06-07 17:05 . 2012-05-08 16:40        6737808        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-06 11:11 . 2012-06-06 11:13        --------        d-----w-        c:\users\Frank\AppData\Roaming\MAXQDA10
2012-06-06 11:03 . 2012-06-06 11:03        --------        d-----w-        c:\programdata\MAXQDA10
2012-06-06 11:03 . 2012-06-06 11:03        --------        d-----w-        c:\program files\MAXQDA10
2012-05-31 10:52 . 2012-05-31 10:52        --------        d-----w-        c:\program files\ESET
2012-05-30 16:34 . 2012-05-31 10:38        --------        d-----w-        C:\_OTL
2012-05-30 13:19 . 2012-05-30 13:19        --------        d-----w-        c:\users\Frank\AppData\Roaming\Malwarebytes
2012-05-30 13:19 . 2012-05-30 13:19        --------        d-----w-        c:\programdata\Malwarebytes
2012-05-30 13:19 . 2012-05-30 13:19        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-05-30 13:19 . 2012-04-04 13:56        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-05-26 10:38 . 2012-06-07 16:13        --------        d-----w-        c:\program files\Application Updater
2012-05-26 10:38 . 2012-05-26 10:38        --------        d-----w-        c:\program files\pdfforge Toolbar
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-20 18:44 . 2011-04-27 13:25        74112        ----a-w-        c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-20 18:44 . 2011-04-18 11:18        171064        ----a-w-        c:\windows\system32\drivers\MpFilter.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-11-18 966656]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-04-20 847872]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-14 39408]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-10-28 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-28 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-10-28 154136]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-04 1410344]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-01-20 483420]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-23 468264]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-12-24 210216]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-10-10 206128]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-10-30 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-12-08 432432]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-03-22 167936]
"DataLayer"="c:\program files\Common Files\PCSuite\DataLayer\DataLayer.exe" [2005-03-31 1106944]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2008-01-23 501560]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\aestsrv.exe [2009-01-20 81920]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 08:14        451872        ----a-w-        c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-14 07:40]
.
2012-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-14 07:40]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Free YouTube Download - c:\users\Frank\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to DVD Converter - c:\users\Frank\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetodvdconverter.htm
IE: Free YouTube to Mp3 Converter - c:\users\Frank\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
AddRemove-EA Download Manager - c:\program files\Electronic Arts\EADM\EADMUninstall.exe
AddRemove-Gutscheinmieze - Toolbar - c:\users\Frank\AppData\Roaming\Gutscheinmieze\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-06-09 16:42
Windows 6.0.6001 Service Pack 1 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3814763510-1578603517-3037745957-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:d8,1a,76,ee,e2,31,21,6c,35,4e,ff,fd,53,e9,28,b7,d1,2e,4b,82,e5,fd,ee,
  1d,ea,e9,5e,c4,2b,e7,8c,18,d7,07,e4,b0,6a,d3,a9,5f,cd,39,6a,c8,25,32,64,4f,\
"??"=hex:b0,a5,f7,a4,21,cc,57,3b,74,d1,94,eb,73,e6,5e,ae
.
[HKEY_USERS\S-1-5-21-3814763510-1578603517-3037745957-1000\Software\SecuROM\License information*]
"datasecu"=hex:fa,85,c6,57,22,5e,be,1f,11,a5,b7,88,46,1c,7a,59,a8,1e,de,78,a3,
  a0,26,30,45,03,cc,af,95,4b,85,40,ef,a4,97,fd,7d,9a,68,47,21,f1,61,ae,b5,db,\
"rkeysecu"=hex:49,79,dc,09,f4,93,83,77,c5,0d,8c,39,21,4c,17,05
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\STacSV.exe
c:\program files\ICQ6Toolbar\ICQ Service.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\SMINST\BLService.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\TomTom HOME 2\TomTomHOMEService.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
c:\program files\Common Files\PCSuite\Services\ServiceLayer.exe
c:\program files\Common Files\Nokia\MPAPI\MPAPI3s.exe
c:\program files\Hewlett-Packard\Shared\hpqToaster.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\ehome\mcupdate.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-09  16:50:40 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-06-09 14:50
.
Vor Suchlauf: 12 Verzeichnis(se), 94.349.778.944 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 93.853.327.360 Bytes frei
.
- - End Of File - - 44174251ED5A67BC9642D7421200639B
--- --- ---


Gruß Gustav

cosinus 10.06.2012 00:17
Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Gustav86 11.06.2012 20:39
Hallo Arne,

dies ist das log von GMER:

GMER Logfile:
Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-06-11 19:32:47
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 FUJITSU_MJA2250BH_G2 rev.8919
Running: mkp7dqod.exe; Driver: C:\Users\Frank\AppData\Local\Temp\uglyypoc.sys


---- Kernel code sections - GMER 1.0.15 ----

.reloc          C:\Windows\system32\drivers\acedrv11.sys                                                                                                                                                                                                                                                      section is executable [0xABF32480, 0x306DD, 0xE0000060]

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                                                                                                                                                                                        Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                                                                                                                                                                                                        Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- Files - GMER 1.0.15 ----

File            C:\Users\Frank\Documents\Uni Bamberg\Master\Stereotype Lehrererwartungen als Ursache für den geringeren Bildungserfolg von Kindern mit Migrationshintergrund\Quellen\Bildung2011\Deutschland will's wissen - die grosse Bürgerbefragung zum Thema Bildung-Dateien\partner_revolvermaenner.png  4569 bytes
File            C:\Users\Frank\Documents\Uni Bamberg\Master\Stereotype Lehrererwartungen als Ursache für den geringeren Bildungserfolg von Kindern mit Migrationshintergrund\Quellen\Bildung2011\Deutschland will's wissen - die grosse Bürgerbefragung zum Thema Bildung-Dateien\banner_de_download.jpg      80132 bytes
File            C:\Users\Frank\Documents\Uni Bamberg\Master\Stereotype Lehrererwartungen als Ursache für den geringeren Bildungserfolg von Kindern mit Migrationshintergrund\Quellen\Bildung2011\Deutschland will's wissen - die grosse Bürgerbefragung zum Thema Bildung-Dateien\default.css                  5984 bytes
File            C:\Users\Frank\Documents\Uni Bamberg\Master\Stereotype Lehrererwartungen als Ursache für den geringeren Bildungserfolg von Kindern mit Migrationshintergrund\Quellen\Bildung2011\Deutschland will's wissen - die grosse Bürgerbefragung zum Thema Bildung-Dateien\logo-bertelsmann.png        6396 bytes
File            C:\Users\Frank\Documents\Uni Bamberg\Master\Stereotype Lehrererwartungen als Ursache für den geringeren Bildungserfolg von Kindern mit Migrationshintergrund\Quellen\Bildung2011\Deutschland will's wissen - die grosse Bürgerbefragung zum Thema Bildung-Dateien\logo-bild.png                1341 bytes
File            C:\Users\Frank\Documents\Uni Bamberg\Master\Stereotype Lehrererwartungen als Ursache für den geringeren Bildungserfolg von Kindern mit Migrationshintergrund\Quellen\Bildung2011\Deutschland will's wissen - die grosse Bürgerbefragung zum Thema Bildung-Dateien\logo-bildung.png            23031 bytes
File            C:\Users\Frank\Documents\Uni Bamberg\Master\Stereotype Lehrererwartungen als Ursache für den geringeren Bildungserfolg von Kindern mit Migrationshintergrund\Quellen\Bildung2011\Deutschland will's wissen - die grosse Bürgerbefragung zum Thema Bildung-Dateien\logo-huerriyet.png          2800 bytes
File            C:\Users\Frank\Documents\Uni Bamberg\Master\Stereotype Lehrererwartungen als Ursache für den geringeren Bildungserfolg von Kindern mit Migrationshintergrund\Quellen\Bildung2011\Deutschland will's wissen - die grosse Bürgerbefragung zum Thema Bildung-Dateien\logo-roland-berger.png      4476 bytes
File            C:\Users\Frank\Documents\Uni Bamberg\Master\Stereotype Lehrererwartungen als Ursache für den geringeren Bildungserfolg von Kindern mit Migrationshintergrund\Quellen\Bildung2011\Deutschland will's wissen - die grosse Bürgerbefragung zum Thema Bildung-Dateien\partner-vz.jpg              3252 bytes
File            C:\Users\Frank\Documents\Uni Bamberg\Master\Stereotype Lehrererwartungen als Ursache für den geringeren Bildungserfolg von Kindern mit Migrationshintergrund\Quellen\Bildung2011\Deutschland will's wissen - die grosse Bürgerbefragung zum Thema Bildung-Dateien\partner_gmx.png              2097 bytes
File            C:\Users\Frank\Documents\Uni Bamberg\Master\Stereotype Lehrererwartungen als Ursache für den geringeren Bildungserfolg von Kindern mit Migrationshintergrund\Quellen\Bildung2011\Deutschland will's wissen - die grosse Bürgerbefragung zum Thema Bildung-Dateien\partner_meinestadtde.png    3400 bytes
File            C:\Users\Frank\Documents\Uni Bamberg\Master\Stereotype Lehrererwartungen als Ursache für den geringeren Bildungserfolg von Kindern mit Migrationshintergrund\Quellen\Bildung2011\Deutschland will's wissen - die grosse Bürgerbefragung zum Thema Bildung-Dateien\partner_shareifyoulike.png  2694 bytes
File            C:\Users\Frank\Documents\Uni Bamberg\Master\Stereotype Lehrererwartungen als Ursache für den geringeren Bildungserfolg von Kindern mit Migrationshintergrund\Quellen\Bildung2011\Deutschland will's wissen - die grosse Bürgerbefragung zum Thema Bildung-Dateien\partner_tns.png              1780 bytes
File            C:\Users\Frank\Documents\Uni Bamberg\Master\Stereotype Lehrererwartungen als Ursache für den geringeren Bildungserfolg von Kindern mit Migrationshintergrund\Quellen\Bildung2011\Deutschland will's wissen - die grosse Bürgerbefragung zum Thema Bildung-Dateien\partner_web-de.png          4013 bytes
File            C:\Users\Frank\Documents\Uni Bamberg\Master\Stereotype Lehrererwartungen als Ursache für den geringeren Bildungserfolg von Kindern mit Migrationshintergrund\Quellen\Bildung2011\Deutschland will's wissen - die grosse Bürgerbefragung zum Thema Bildung-Dateien\piwik.gif                    43 bytes
File            C:\Users\Frank\Documents\Uni Bamberg\Master\Stereotype Lehrererwartungen als Ursache für den geringeren Bildungserfolg von Kindern mit Migrationshintergrund\Quellen\Bildung2011\Deutschland will's wissen - die grosse Bürgerbefragung zum Thema Bildung-Dateien\reset.css                    3864 bytes
File            C:\Users\Frank\Documents\Uni Bamberg\Master\Stereotype Lehrererwartungen als Ursache für den geringeren Bildungserfolg von Kindern mit Migrationshintergrund\Quellen\Bildung2011\Deutschland will's wissen - die grosse Bürgerbefragung zum Thema Bildung-Dateien\social_facebook.png          2978 bytes
File            C:\Users\Frank\Documents\Uni Bamberg\Master\Stereotype Lehrererwartungen als Ursache für den geringeren Bildungserfolg von Kindern mit Migrationshintergrund\Quellen\Bildung2011\Deutschland will's wissen - die grosse Bürgerbefragung zum Thema Bildung-Dateien\social_twitter.png          3227 bytes
File            C:\Users\Frank\Documents\Uni Bamberg\Master\Stereotype Lehrererwartungen als Ursache für den geringeren Bildungserfolg von Kindern mit Migrationshintergrund\Quellen\Bildung2011\Deutschland will's wissen - die grosse Bürgerbefragung zum Thema Bildung-Dateien\social_vz.png                1118 bytes
File            C:\Users\Frank\Documents\Uni Bamberg\Master\Stereotype Lehrererwartungen als Ursache für den geringeren Bildungserfolg von Kindern mit Migrationshintergrund\Quellen\Bildung2011\Deutschland will's wissen - die grosse Bürgerbefragung zum Thema Bildung-Dateien\social_youtube.png          3961 bytes
File            C:\Users\Frank\Documents\Uni Bamberg\Master\Stereotype Lehrererwartungen als Ursache für den geringeren Bildungserfolg von Kindern mit Migrationshintergrund\Quellen\Bildung2011\Deutschland will's wissen - die grosse Bürgerbefragung zum Thema Bildung-Dateien\supporter-familie-de.png    3480 bytes
File            C:\Users\Frank\Documents\Uni Bamberg\Master\Stereotype Lehrererwartungen als Ursache für den geringeren Bildungserfolg von Kindern mit Migrationshintergrund\Quellen\Bildung2011\Deutschland will's wissen - die grosse Bürgerbefragung zum Thema Bildung-Dateien\supporter-flirt-fever.jpg    3057 bytes
File            C:\Users\Frank\Documents\Uni Bamberg\Master\Stereotype Lehrererwartungen als Ursache für den geringeren Bildungserfolg von Kindern mit Migrationshintergrund\Quellen\Bildung2011\Deutschland will's wissen - die grosse Bürgerbefragung zum Thema Bildung-Dateien\supporter-leo.png            1017 bytes
File            C:\Users\Frank\Documents\Uni Bamberg\Master\Stereotype Lehrererwartungen als Ursache für den geringeren Bildungserfolg von Kindern mit Migrationshintergrund\Quellen\Bildung2011\Deutschland will's wissen - die grosse Bürgerbefragung zum Thema Bildung-Dateien\supporter-lsr.png            2847 bytes
File            C:\Users\Frank\Documents\Uni Bamberg\Master\Stereotype Lehrererwartungen als Ursache für den geringeren Bildungserfolg von Kindern mit Migrationshintergrund\Quellen\Bildung2011\Deutschland will's wissen - die grosse Bürgerbefragung zum Thema Bildung-Dateien\supporter-pauldirekt.png    2914 bytes
File            C:\Users\Frank\Documents\Uni Bamberg\Master\Stereotype Lehrererwartungen als Ursache für den geringeren Bildungserfolg von Kindern mit Migrationshintergrund\Quellen\Bildung2011\Deutschland will's wissen - die grosse Bürgerbefragung zum Thema Bildung-Dateien\supporter-preuss.png        3635 bytes
File            C:\Users\Frank\Documents\Uni Bamberg\Master\Stereotype Lehrererwartungen als Ursache für den geringeren Bildungserfolg von Kindern mit Migrationshintergrund\Quellen\Bildung2011\Deutschland will's wissen - die grosse Bürgerbefragung zum Thema Bildung-Dateien\supporter-spin.png          2307 bytes
File            C:\Users\Frank\Documents\Uni Bamberg\Master\Stereotype Lehrererwartungen als Ursache für den geringeren Bildungserfolg von Kindern mit Migrationshintergrund\Quellen\Bildung2011\Deutschland will's wissen - die grosse Bürgerbefragung zum Thema Bildung-Dateien\supporter-unicum.png        1999 bytes
File            C:\Users\Frank\Documents\Uni Bamberg\Master\Stereotype Lehrererwartungen als Ursache für den geringeren Bildungserfolg von Kindern mit Migrationshintergrund\Quellen\Bildung2011\Deutschland will's wissen - die grosse Bürgerbefragung zum Thema Bildung-Dateien\supporter-wggesucht.jpg      11844 bytes
File            C:\Users\Frank\Documents\Uni Bamberg\Master\Stereotype Lehrererwartungen als Ursache für den geringeren Bildungserfolg von Kindern mit Migrationshintergrund\Quellen\Bildung2011\Deutschland will's wissen - die grosse Bürgerbefragung zum Thema Bildung-Dateien\supporter-yopi.png          2541 bytes
File            C:\Users\Frank\Documents\Uni Bamberg\Master\LLF-Seminararbeit\Determinanten des mathematischen Vorwissens Jugendlicher\Internetquellen\Statistisches Bundesamt2011b\Statistisches Bundesamt Deutschland - Anhaltend hohes Bildungsniveau der Bevölkerung-Dateien\decorations_internet.css      17632 bytes
File            C:\Users\Frank\Documents\Uni Bamberg\Master\LLF-Seminararbeit\Determinanten des mathematischen Vorwissens Jugendlicher\Internetquellen\Statistisches Bundesamt2011b\Statistisches Bundesamt Deutschland - Anhaltend hohes Bildungsniveau der Bevölkerung-Dateien\destatis-logo.gif            1405 bytes
File            C:\Users\Frank\Documents\Uni Bamberg\Master\LLF-Seminararbeit\Determinanten des mathematischen Vorwissens Jugendlicher\Internetquellen\Statistisches Bundesamt2011b\Statistisches Bundesamt Deutschland - Anhaltend hohes Bildungsniveau der Bevölkerung-Dateien\destatis-wortmarke.gif        816 bytes
File            C:\Users\Frank\Documents\Uni Bamberg\Master\LLF-Seminararbeit\Determinanten des mathematischen Vorwissens Jugendlicher\Internetquellen\Statistisches Bundesamt2011b\Statistisches Bundesamt Deutschland - Anhaltend hohes Bildungsniveau der Bevölkerung-Dateien\print.css                    1757 bytes
File            C:\Users\Frank\Documents\Uni Bamberg\Master\LLF-Seminararbeit\Determinanten des mathematischen Vorwissens Jugendlicher\Internetquellen\Statistisches Bundesamt2011b\Statistisches Bundesamt Deutschland - Anhaltend hohes Bildungsniveau der Bevölkerung-Dateien\run_search_internet.gif      190 bytes
File            C:\Users\Frank\Documents\Uni Bamberg\Master\LLF-Seminararbeit\Determinanten des mathematischen Vorwissens Jugendlicher\Internetquellen\Statistisches Bundesamt2011b\Statistisches Bundesamt Deutschland - Anhaltend hohes Bildungsniveau der Bevölkerung-Dateien\screen_internet.css          6370 bytes
File            C:\Users\Frank\Documents\Uni Bamberg\Master\LLF-Seminararbeit\Determinanten des mathematischen Vorwissens Jugendlicher\Internetquellen\Statistisches Bundesamt2011b\Statistisches Bundesamt Deutschland - Anhaltend hohes Bildungsniveau der Bevölkerung-Dateien\styles_internet.css          58086 bytes

---- EOF - GMER 1.0.15 ----
--- --- ---


Das log von OSAM lautet wie folgt:

OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 19:37:13 on 11.06.2012

OS: Windows Vista Home Premium Edition Service Pack 1 (Build 6001), 32-bit
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"ModemOptions" - "Nokia" - C:\Program Files\Nokia\Nokia Modem Options\ModemOptions.cpl
"NokiaConnectionManager" - "Nokia" - C:\Program Files\Nokia\Nokia PC Suite 6\ConnectionManager.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"acedrv11" (acedrv11) - "Protect Software GmbH" - C:\Windows\system32\drivers\acedrv11.sys
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"uglyypoc" (uglyypoc) - ? - C:\Users\Frank\AppData\Local\Temp\uglyypoc.sys  (Hidden registry entry, rootkit activity | File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" - "Hewlett-Packard Company" - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
{3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} "vsharechrome" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -  (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -  (File not found | COM-object registry key not found)
{09A47860-11B0-4DA5-AFA5-26D86198A780} "EPP" - "Microsoft Corporation" - c:\PROGRA~1\MICROS~4\shellext.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -  (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} "Meine freigegebenen Ordner" - "Microsoft Corporation" - C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -  (File not found | COM-object registry key not found)
{7F67036B-66F1-411A-AD85-759FB9C5B0DB} "ShellViewRTF" - "XSS" - C:\Program Files\Sminst\ShellvRTF.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -  (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_11" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} "Java Plug-in 1.6.0_11" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_11" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_11.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
{9C23D886-43CB-43DE-B2DB-112A68D7E10A} "MySpace Uploader Control" - "MySpace" - C:\Windows\Downloaded Program Files\MySpaceUploader2.ocx / hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
{7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} "QuickTime Plugin Control" - "Apple Inc." - C:\Program Files\QuickTime\QTPlugin.ocx / hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash11e.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -  (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"ICQ7.5" - "ICQ, LLC." - C:\Program Files\ICQ7.5\ICQ.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"HPAdvisor" - "Hewlett-Packard" - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
"LightScribe Control Panel" - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
"PcSync" - "Time Information Services Ltd." - C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
"swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"TomTomHOME.exe" - "TomTom" - "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"DataLayer" - "Nokia Mobile Phones Ltd." - C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
"HP Health Check Scheduler" - "Hewlett-Packard" - c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"HP Software Update" - "Hewlett-Packard" - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
"MSC" - "Microsoft Corporation" - "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"NeroFilterCheck" - "Ahead Software Gmbh" - C:\Windows\system32\NeroCheck.exe
"PCSuiteTrayApplication" - "Nokia" - C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
"QlbCtrl.exe" - " Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
"QPService" - "CyberLink Corp." - "C:\Program Files\HP\QuickPlay\QPService.exe"
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"UCam_Menu" - "CyberLink Corp." - "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
"UpdateLBPShortCut" - "CyberLink Corp." - "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
"UpdateP2GoShortCut" - "CyberLink Corp." - "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
"UpdatePDIRShortCut" - "CyberLink Corp." - "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
"UpdatePSTShortCut" - "CyberLink Corp." - "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
"WirelessAssistant" - "Hewlett-Packard" - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll
"PCL hpz3l4v2" - "Hewlett-Packard Company" - C:\Windows\system32\hpz3l4v2.dll
"PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243" (NisSrv) - "Microsoft Corporation" - c:\Program Files\Microsoft Security Client\NisSrv.exe
"@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Com4QLBEx" (Com4QLBEx) - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared files\RichVideo.exe
"Easybits Shared Services for Windows" (ezSharedSvc) - "EasyBits Sofware AS" - C:\Windows\System32\ezsvc7.dll
"GameConsoleService" (GameConsoleService) - "WildTangent, Inc." - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"HP Health Check Service" (HP Health Check Service) - "Hewlett-Packard" - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
"hpqwmiex" (hpqwmiex) - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
"ICQ Service" (ICQ Service) - ? - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Antimalware Service" (MsMpSvc) - "Microsoft Corporation" - c:\Program Files\Microsoft Security Client\MsMpEng.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Recovery Service for Windows" (Recovery Service for Windows) - ? - C:\Program Files\SMINST\BLService.exe
"TomTomHOMEService" (TomTomHOMEService) - "TomTom" - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru [/code]

Und die aswMBR.txt-Datei:

Code:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-11 19:39:06
-----------------------------
19:39:06.736    OS Version: Windows 6.0.6001 Service Pack 1
19:39:06.736    Number of processors: 2 586 0x170A
19:39:06.736    ComputerName: FRANK-LAPTOP  UserName: Frank
19:39:08.764    Initialize success
19:40:39.795    AVAST engine defs: 12061100
19:40:57.080    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:40:57.111    Disk 0 Vendor: FUJITSU_MJA2250BH_G2 8919 Size: 238475MB BusType: 3
19:40:57.423    Disk 0 MBR read successfully
19:40:57.439    Disk 0 MBR scan
19:40:57.439    Disk 0 unknown MBR code
19:40:57.485    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS      227753 MB offset 2048
19:40:57.579    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS        10718 MB offset 466440192
19:40:57.704    Disk 0 scanning sectors +488390656
19:40:58.312    Disk 0 scanning C:\Windows\system32\drivers
19:42:58.120    Service scanning
19:43:31.957    Modules scanning
19:45:25.681    Disk 0 trace - called modules:
19:45:25.759    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS PCIIDEX.SYS msahci.sys
19:45:26.273    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85cb72e8]
19:45:26.273    3 CLASSPNP.SYS[82605745] -> nt!IofCallDriver -> [0x85aae918]
19:45:26.273    5 acpi.sys[806986a0] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85a99ba0]
19:45:27.521    AVAST engine scan C:\Windows
19:46:05.929    AVAST engine scan C:\Windows\system32
19:56:44.780    AVAST engine scan C:\Windows\system32\drivers
19:59:58.438    AVAST engine scan C:\Users\Frank
20:34:33.160    AVAST engine scan C:\ProgramData
21:22:04.138    Scan finished successfully
21:34:43.967    Disk 0 MBR has been saved successfully to "C:\Users\Frank\Desktop\MBR.dat"
21:34:43.967    The log file has been saved successfully to "C:\Users\Frank\Desktop\aswMBR.txt"
Gruß,
Gustav

cosinus 11.06.2012 21:35
Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.

Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar.
Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast

Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Anschließend Windows neu starten und ein neues Log mit aswMBR machen.

Gustav86 12.06.2012 10:17
Hallo Arne,

habe MBR gefixt. Hier ist das neue Log:

Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-12 09:54:24
-----------------------------
09:54:24.148    OS Version: Windows 6.0.6001 Service Pack 1
09:54:24.148    Number of processors: 2 586 0x170A
09:54:24.148    ComputerName: FRANK-LAPTOP  UserName: Frank
09:54:25.911    Initialize success
09:54:31.012    AVAST engine defs: 12061100
09:54:33.867    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
09:54:33.867    Disk 0 Vendor: FUJITSU_MJA2250BH_G2 8919 Size: 238475MB BusType: 3
09:54:33.898    Disk 0 MBR read successfully
09:54:33.898    Disk 0 MBR scan
09:54:33.914    Disk 0 Windows VISTA default MBR code
09:54:33.914    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS      227753 MB offset 2048
09:54:33.961    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS        10718 MB offset 466440192
09:54:33.976    Disk 0 scanning sectors +488390656
09:54:34.039    Disk 0 scanning C:\Windows\system32\drivers
09:54:52.353    Service scanning
09:55:28.310    Modules scanning
09:56:03.005    Disk 0 trace - called modules:
09:56:03.036    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS PCIIDEX.SYS msahci.sys
09:56:03.551    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85cdb930]
09:56:03.551    3 CLASSPNP.SYS[805ce745] -> nt!IofCallDriver -> [0x85ab0918]
09:56:03.551    5 acpi.sys[806936a0] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85aaaba0]
09:56:04.986    AVAST engine scan C:\Windows
09:56:21.428    AVAST engine scan C:\Windows\system32
10:02:16.391    AVAST engine scan C:\Windows\system32\drivers
10:03:04.361    AVAST engine scan C:\Users\Frank
10:14:41.306    AVAST engine scan C:\ProgramData
10:21:09.372    Scan finished successfully
11:08:40.632    Disk 0 MBR has been saved successfully to "C:\Users\Frank\Desktop\MBR.dat"
11:08:40.647    The log file has been saved successfully to "C:\Users\Frank\Desktop\aswMBR.txt"
gruß Gustav

cosinus 12.06.2012 12:22
Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Gustav86 12.06.2012 21:43
Hallo Arne,

hier das log von Malewarebytes:

Code:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.12.06

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 8.0.6001.19088
Frank :: FRANK-LAPTOP [Administrator]

12.06.2012 18:37:45
mbam-log-2012-06-12 (20-26-20).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 387356
Laufzeit: 1 Stunde(n), 47 Minute(n), 9 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\TDSSKiller_Quarantine\08.06.2012_21.08.49\tdlfs0000\tsk0006.dta (Rootkit.TDSS) -> Keine Aktion durchgeführt.

(Ende)

und hier das log von SUPERAntiSpyware:

Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 06/12/2012 at 10:38 PM

Application Version : 5.0.1150

Core Rules Database Version : 8721
Trace Rules Database Version: 6533

Scan type      : Complete Scan
Total Scan Time : 01:58:18

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 1 (Build 6.00.6001)
UAC On - Limited User (Administrator User)

Memory items scanned      : 706
Memory threats detected  : 0
Registry items scanned    : 34672
Registry threats detected : 0
File items scanned        : 185868
File threats detected    : 46

Adware.Tracking Cookie
        C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Cookies\frank@apmebf[1].txt [ /apmebf ]
        C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Cookies\frank@doubleclick[1].txt [ /doubleclick ]
        C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Cookies\frank@xiti[1].txt [ /xiti ]
        C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Cookies\frank@xiti[2].txt [ /xiti ]
        C:\USERS\FRANK\AppData\Roaming\Microsoft\Windows\Cookies\Low\frank@zanox[1].txt [ Cookie:frank@zanox.com/ ]
        C:\USERS\FRANK\AppData\Roaming\Microsoft\Windows\Cookies\Low\frank@ad4.adfarm1.adition[1].txt [ Cookie:frank@ad4.adfarm1.adition.com/ ]
        C:\USERS\FRANK\AppData\Roaming\Microsoft\Windows\Cookies\Low\frank@im.banner.t-online[2].txt [ Cookie:frank@im.banner.t-online.de/ ]
        C:\USERS\FRANK\AppData\Roaming\Microsoft\Windows\Cookies\Low\frank@tradedoubler[2].txt [ Cookie:frank@tradedoubler.com/ ]
        C:\USERS\FRANK\AppData\Roaming\Microsoft\Windows\Cookies\Low\frank@ad3.adfarm1.adition[1].txt [ Cookie:frank@ad3.adfarm1.adition.com/ ]
        C:\USERS\FRANK\AppData\Roaming\Microsoft\Windows\Cookies\Low\frank@tracking.quisma[2].txt [ Cookie:frank@tracking.quisma.com/ ]
        C:\USERS\FRANK\AppData\Roaming\Microsoft\Windows\Cookies\Low\frank@bs.serving-sys[1].txt [ Cookie:frank@bs.serving-sys.com/ ]
        C:\USERS\FRANK\AppData\Roaming\Microsoft\Windows\Cookies\Low\frank@atdmt[2].txt [ Cookie:frank@atdmt.com/ ]
        C:\USERS\FRANK\AppData\Roaming\Microsoft\Windows\Cookies\Low\frank@serving-sys[2].txt [ Cookie:frank@serving-sys.com/ ]
        C:\USERS\FRANK\AppData\Roaming\Microsoft\Windows\Cookies\Low\frank@smartadserver[2].txt [ Cookie:frank@smartadserver.com/ ]
        C:\USERS\FRANK\AppData\Roaming\Microsoft\Windows\Cookies\Low\frank@mediaplex[1].txt [ Cookie:frank@mediaplex.com/ ]
        C:\USERS\FRANK\AppData\Roaming\Microsoft\Windows\Cookies\Low\frank@traffictrack[2].txt [ Cookie:frank@traffictrack.de/ ]
        C:\USERS\FRANK\AppData\Roaming\Microsoft\Windows\Cookies\Low\frank@track.adform[2].txt [ Cookie:frank@track.adform.net/ ]
        C:\USERS\FRANK\AppData\Roaming\Microsoft\Windows\Cookies\Low\frank@ad.yieldmanager[2].txt [ Cookie:frank@ad.yieldmanager.com/ ]
        C:\USERS\FRANK\AppData\Roaming\Microsoft\Windows\Cookies\Low\frank@invitemedia[2].txt [ Cookie:frank@invitemedia.com/ ]
        C:\USERS\FRANK\AppData\Roaming\Microsoft\Windows\Cookies\Low\frank@revsci[1].txt [ Cookie:frank@revsci.net/ ]
        C:\USERS\FRANK\AppData\Roaming\Microsoft\Windows\Cookies\Low\frank@ad.zanox[1].txt [ Cookie:frank@ad.zanox.com/ ]
        C:\USERS\FRANK\AppData\Roaming\Microsoft\Windows\Cookies\Low\frank@adform[1].txt [ Cookie:frank@adform.net/ ]
        C:\USERS\FRANK\AppData\Roaming\Microsoft\Windows\Cookies\Low\frank@tomtailor.dyntracker[1].txt [ Cookie:frank@tomtailor.dyntracker.com/ ]
        C:\USERS\FRANK\AppData\Roaming\Microsoft\Windows\Cookies\Low\frank@tribalfusion[2].txt [ Cookie:frank@tribalfusion.com/ ]
        C:\USERS\FRANK\AppData\Roaming\Microsoft\Windows\Cookies\Low\frank@tracking.mlsat02[1].txt [ Cookie:frank@tracking.mlsat02.de/tmobile/ ]
        C:\USERS\FRANK\AppData\Roaming\Microsoft\Windows\Cookies\Low\frank@yieldmanager[1].txt [ Cookie:frank@yieldmanager.net/ ]
        C:\USERS\FRANK\AppData\Roaming\Microsoft\Windows\Cookies\Low\frank@specificclick[1].txt [ Cookie:frank@specificclick.net/ ]
        C:\USERS\FRANK\AppData\Roaming\Microsoft\Windows\Cookies\Low\frank@ww251.smartadserver[1].txt [ Cookie:frank@ww251.smartadserver.com/ ]
        C:\USERS\FRANK\AppData\Roaming\Microsoft\Windows\Cookies\Low\frank@doubleclick[2].txt [ Cookie:frank@doubleclick.net/ ]
        C:\USERS\FRANK\AppData\Roaming\Microsoft\Windows\Cookies\Low\frank@ad2.adfarm1.adition[1].txt [ Cookie:frank@ad2.adfarm1.adition.com/ ]
        C:\USERS\FRANK\AppData\Roaming\Microsoft\Windows\Cookies\Low\frank@ad1.adfarm1.adition[1].txt [ Cookie:frank@ad1.adfarm1.adition.com/ ]
        C:\USERS\FRANK\AppData\Roaming\Microsoft\Windows\Cookies\Low\frank@questionmarket[2].txt [ Cookie:frank@questionmarket.com/ ]
        C:\USERS\FRANK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANK@APMEBF[1].TXT [ /APMEBF ]
        C:\USERS\FRANK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANK@ADS.SPORTWERK[1].TXT [ /ADS.SPORTWERK ]
        C:\USERS\FRANK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANK@AD.360YIELD[2].TXT [ /AD.360YIELD ]
        C:\USERS\FRANK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANK@ADS.CREATIVE-SERVING[1].TXT [ /ADS.CREATIVE-SERVING ]
        C:\USERS\FRANK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANK@SMARTADSERVER[1].TXT [ /SMARTADSERVER ]
        C:\USERS\FRANK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANK@ADULTMONEYMAKERS[2].TXT [ /ADULTMONEYMAKERS ]
        C:\USERS\FRANK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANK@ADVIVA[1].TXT [ /ADVIVA ]
        C:\USERS\FRANK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANK@WEBMASTERPLAN[1].TXT [ /WEBMASTERPLAN ]
        C:\USERS\FRANK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANK@AD.AD-SRV[1].TXT [ /AD.AD-SRV ]
        C:\USERS\FRANK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANK@ADBRITE[2].TXT [ /ADBRITE ]
        C:\USERS\FRANK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANK@ADFARM1.ADITION[2].TXT [ /ADFARM1.ADITION ]
        C:\USERS\FRANK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANK@ADS.LINGUEE[2].TXT [ /ADS.LINGUEE ]
        C:\USERS\FRANK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANK@WW251.SMARTADSERVER[2].TXT [ /WW251.SMARTADSERVER ]

Trojan.Agent/Gen-Tedroo
        C:\TDSSKILLER_QUARANTINE\08.06.2012_21.08.49\TDLFS0000\TSK0005.DTA
Vielen Dank schonmal,

gruß Gustav

cosinus 12.06.2012 22:39
Sieht ok aus, da wurden nur Cookies gefunden. Und eine Schädling in der Q vom TDSS-Killer, der kann da nichts machen uns ist ungefährlich.

Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )


Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Gustav86 13.06.2012 16:49
Hallo Arne,

vielen vielen Dank für deine / eure großartige Hilfe. Das System ist okay. Das einzige was mir noch auffällt, auf dem Desktop sind zwei "durchsichtige" Dateisymbole mit der Bezeichnung "Desktop ini". Beim Versuch sie zu verschieben, kommt der Hinweis dass dann "Windows oder andere Programme evtl. nicht mehr ausgeführt werden" können. Weißt du, um welche Dateien es sich dabei handelt. Allerdings stören sie mich auch nicht unbedingt, wenn sie dort weiter sichtbar sind.

Schöne Grüße
Gustav

cosinus 13.06.2012 20:28
Genau andersrum vorgehen, also versteckte und v.a. die geschützten Systemdateien ausblenden lassen => http://www.trojaner-board.de/59624-a...-sichtbar.html

Dann siehst du auch die desktop.ini nicht mehr :D

Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen:

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.


Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.


Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:

Adobe - Andere Version des Adobe Flash Player installieren

Notfalls kann man auch von Chip.de runterladen => http://filepony.de/?q=Flash+Player

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.


Alle Zeitangaben in WEZ +1. Es ist jetzt 10:59 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131