Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Redirect-Virus? (https://www.trojaner-board.de/117550-redirect-virus.html)

katolan 18.06.2012 17:25
Redirect-Virus?
 
Hallo, ich habe das gleiche Problem, welches hier schon mehrfach beschrieben wurde. Wenn ich mit dem IE eine Google-Suche mache, erscheinen bei Klick auf die Suchergebnisse ganz andere Webseiten. Meist erscheint im Tab eine IP-Adresse, manchmal steht auch redirect da. Bei einer Suche mit dem Google Chrom passiert nichts, der funktioniert normal.
Ich habe Avira free auf dem neuesten Stand und er hat nichts gefunden. Ich habe Malwarebytes einmal durchlaufen lassen, er hat was gefunden und bereinigt, aber das Problem ist immer noch da. Und zu guter Letzt habe ich das Programm Trojan Killer durchlaufen lassen, das findet zwar was, stürzt aber immer bei 63 % total ab und bringt damit den ganzen PC zum Abstürzen.
Zur Zeit mache ich einen kompletten Systemcheck mit Avira, er ist bei 50 % und signalisiert mir 8 versteckte Objekte und 4 Warnungen, aber mehr nicht.
Kann mir jemand helfen?

cosinus 19.06.2012 14:10
Zitat:
Ich habe Malwarebytes einmal durchlaufen lassen, er hat was gefunden und bereinigt,
Schön und wo sind die Virenscanner-Logs dazu? :wtf:

Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner.

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

katolan 19.06.2012 22:04
Sorry, das Antivir war noch am Suchen und Durchlaufen des vollständigen System, als ich den Beitrag gestern schrieb
Hier alles, was ich gefunden habe und Euch hoffentlich was sagt

Ich hatte gestern noch vergessen dazu zu schreiben, dass das Windows-Sicherheitscenter deaktiviert ist und nicht wieder aktiviert werden kann.

Logfile Malwarebytes vom 18.06.

Code:
Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.18.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Lander :: LANDER-PC [Administrator]

Schutz: Aktiviert

18.06.2012 20:57:21
mbam-log-2012-06-18 (20-57-21).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 255922
Laufzeit: 4 Minute(n), 16 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Logfile Malwarebytes vom 07.06.
Code:
Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.07.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Lander :: LANDER-PC [Administrator]

Schutz: Aktiviert

07.06.2012 23:01:14
mbam-log-2012-06-07 (23-01-14).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 258036
Laufzeit: 10 Minute(n), 55 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Lander\AppData\Local\Temp\is1373634743\IWantThis_ROW.exe (Adware.GamePlayLabs) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Logfile Antivir vom Suchlauf übers ganze System am 18.06.
Code:
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Montag, 18. Juni 2012  15:19

Es wird nach 3843756 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer  : Avira AntiVir Personal - Free Antivirus
Seriennummer  : 0000149996-ADJIE-0000001
Plattform      : Windows 7 Home Premium
Windowsversion : (Service Pack 1)  [6.1.7601]
Boot Modus    : Normal gebootet
Benutzername  : Lander
Computername  : LANDER-PC

Versionsinformationen:
BUILD.DAT      : 12.0.0.1125    41829 Bytes  02.05.2012 16:34:00
AVSCAN.EXE    : 12.3.0.15    466896 Bytes  09.05.2012 06:20:37
AVSCAN.DLL    : 12.3.0.15      66256 Bytes  09.05.2012 06:20:37
LUKE.DLL      : 12.3.0.15      68304 Bytes  09.05.2012 06:20:37
AVSCPLR.DLL    : 12.3.0.14      97032 Bytes  09.05.2012 06:20:37
AVREG.DLL      : 12.3.0.17    232200 Bytes  11.05.2012 06:40:10
VBASE000.VDF  : 7.10.0.0    19875328 Bytes  06.11.2009 09:49:21
VBASE001.VDF  : 7.11.0.0    13342208 Bytes  14.12.2010 06:56:15
VBASE002.VDF  : 7.11.19.170 14374912 Bytes  20.12.2011 06:56:21
VBASE003.VDF  : 7.11.21.238  4472832 Bytes  01.02.2012 12:22:23
VBASE004.VDF  : 7.11.26.44  4329472 Bytes  28.03.2012 12:22:30
VBASE005.VDF  : 7.11.29.136  2166272 Bytes  10.05.2012 06:38:14
VBASE006.VDF  : 7.11.29.137    2048 Bytes  10.05.2012 06:38:14
VBASE007.VDF  : 7.11.29.138    2048 Bytes  10.05.2012 06:38:14
VBASE008.VDF  : 7.11.29.139    2048 Bytes  10.05.2012 06:38:15
VBASE009.VDF  : 7.11.29.140    2048 Bytes  10.05.2012 06:38:15
VBASE010.VDF  : 7.11.29.141    2048 Bytes  10.05.2012 06:38:15
VBASE011.VDF  : 7.11.29.142    2048 Bytes  10.05.2012 06:38:15
VBASE012.VDF  : 7.11.29.143    2048 Bytes  10.05.2012 06:38:15
VBASE013.VDF  : 7.11.29.144    2048 Bytes  10.05.2012 06:38:15
VBASE014.VDF  : 7.11.30.3    198144 Bytes  14.05.2012 07:16:33
VBASE015.VDF  : 7.11.30.69    186368 Bytes  17.05.2012 06:45:19
VBASE016.VDF  : 7.11.30.143  223744 Bytes  21.05.2012 08:44:24
VBASE017.VDF  : 7.11.30.207  287744 Bytes  23.05.2012 12:41:13
VBASE018.VDF  : 7.11.31.57    188416 Bytes  28.05.2012 19:41:22
VBASE019.VDF  : 7.11.31.111  214528 Bytes  30.05.2012 06:53:32
VBASE020.VDF  : 7.11.31.151  116736 Bytes  31.05.2012 18:38:43
VBASE021.VDF  : 7.11.31.205  134144 Bytes  03.06.2012 11:17:14
VBASE022.VDF  : 7.11.32.9    169472 Bytes  05.06.2012 06:08:48
VBASE023.VDF  : 7.11.32.85    155648 Bytes  08.06.2012 08:38:49
VBASE024.VDF  : 7.11.32.133  127488 Bytes  11.06.2012 09:51:25
VBASE025.VDF  : 7.11.32.171  182784 Bytes  12.06.2012 09:51:24
VBASE026.VDF  : 7.11.32.251  119296 Bytes  14.06.2012 07:36:56
VBASE027.VDF  : 7.11.32.252    2048 Bytes  14.06.2012 07:36:56
VBASE028.VDF  : 7.11.32.253    2048 Bytes  14.06.2012 07:36:56
VBASE029.VDF  : 7.11.32.254    2048 Bytes  14.06.2012 07:36:56
VBASE030.VDF  : 7.11.32.255    2048 Bytes  14.06.2012 07:36:56
VBASE031.VDF  : 7.11.33.54    94208 Bytes  17.06.2012 14:14:20
Engineversion  : 8.2.10.92
AEVDF.DLL      : 8.1.2.8      106867 Bytes  01.06.2012 18:38:54
AESCRIPT.DLL  : 8.1.4.26      450939 Bytes  16.06.2012 07:37:05
AESCN.DLL      : 8.1.8.2      131444 Bytes  13.04.2012 12:22:42
AESBX.DLL      : 8.2.5.12      606578 Bytes  16.06.2012 07:37:05
AERDL.DLL      : 8.1.9.15      639348 Bytes  31.01.2012 06:55:37
AEPACK.DLL    : 8.2.16.18    807287 Bytes  16.06.2012 07:37:04
AEOFFICE.DLL  : 8.1.2.36      201082 Bytes  16.06.2012 07:37:03
AEHEUR.DLL    : 8.1.4.46    4923767 Bytes  16.06.2012 07:37:03
AEHELP.DLL    : 8.1.21.0      254326 Bytes  11.05.2012 06:38:25
AEGEN.DLL      : 8.1.5.30      422261 Bytes  16.06.2012 07:36:57
AEEXP.DLL      : 8.1.0.52      82293 Bytes  16.06.2012 07:37:05
AEEMU.DLL      : 8.1.3.0      393589 Bytes  31.01.2012 06:55:34
AECORE.DLL    : 8.1.25.10    201080 Bytes  01.06.2012 18:38:45
AEBB.DLL      : 8.1.1.0        53618 Bytes  31.01.2012 06:55:33
AVWINLL.DLL    : 12.3.0.15      27344 Bytes  09.05.2012 06:20:37
AVPREF.DLL    : 12.3.0.15      51920 Bytes  09.05.2012 06:20:37
AVREP.DLL      : 12.3.0.15    179208 Bytes  09.05.2012 06:20:37
AVARKT.DLL    : 12.3.0.15    211408 Bytes  09.05.2012 06:20:37
AVEVTLOG.DLL  : 12.3.0.15    169168 Bytes  09.05.2012 06:20:37
SQLITE3.DLL    : 3.7.0.1      398288 Bytes  09.05.2012 06:20:37
AVSMTP.DLL    : 12.3.0.15      63440 Bytes  09.05.2012 06:20:37
NETNT.DLL      : 12.3.0.15      17104 Bytes  09.05.2012 06:20:37
RCIMAGE.DLL    : 12.3.0.15    4447952 Bytes  09.05.2012 06:20:37
RCTEXT.DLL    : 12.3.0.15      98512 Bytes  09.05.2012 06:20:37

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Suche nach Rootkits und aktiver Malware
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\PROFILES\rootkit.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig
Abweichende Gefahrenkategorien........: +GAME,+JOKE,+PCK,+PFS,+SPR,

Beginn des Suchlaufs: Montag, 18. Juni 2012  15:19

Der Suchlauf nach versteckten Objekten wird begonnen.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Media Player NSS\3.0\Events\{77BBAB26-9DEC-491B-A2C3-4669F0C6F71B}
  [HINWEIS]  Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Media Player NSS\3.0\Servers\042719C8-B3A0-4CD1-BF04-A041EEC4094E\IPAddress
  [HINWEIS]  Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Media Player NSS\3.0\Servers\042719C8-B3A0-4CD1-BF04-A041EEC4094E\IPAddress
HKEY_LOCAL_MACHINE\System\ControlSet001\services\iphlpsvc\Teredo\PreviousState\88-25-2c-54-be-c9\TeredoAddress
  [HINWEIS]  Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet001\services\Tcpip\Parameters\Interfaces\{5A4F0A5F-8EA0-44EA-AF9A-AB6E3FBD2D6E}\DhcpInterfaceOptions
  [HINWEIS]  Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet002\services\iphlpsvc\Teredo\PreviousState\88-25-2c-54-be-c9\TeredoAddress
  [HINWEIS]  Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet002\services\MpsSvc\Parameters\PortKeywords\Teredo\Collection
  [HINWEIS]  Der Registrierungseintrag ist nicht sichtbar.
HKEY_USERS\S-1-5-20\Software\Microsoft\MediaPlayer\Health\{0C61A577-DD75-4988-8056-8B3FE1311415}
  [HINWEIS]  Der Registrierungseintrag ist nicht sichtbar.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'mbamservice.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '84' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '115' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '98' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamgui.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'EEventManager.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'FUFAXSTM.exe' - '90' Modul(e) wurden durchsucht
Durchsuche Prozess 'HotkeyUtility.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'BackupManagerTray.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'phonostarTimer.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'ibserver.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'UpdaterService.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'TeamViewer_Service.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'SAgent4.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'StarMoneyOnlineUpdate.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'IScheduleSvc.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'IBGuard.EXE' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'GregHSRW.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'eEBSVC.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '38' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '2359' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:' <Acer>
C:\Tivola\Deine Reitschule 2\Data.dat
  [WARNUNG]  Der Archivheader ist defekt
C:\Users\Lander\Documents\FalkData\{3C5FB882-57F4-4320-BDB8-E382227D75D0}.zip
  [WARNUNG]  Die Datei ist kennwortgeschützt
C:\Users\Lander\Downloads\avira_free_antivirus_de.exe
  [WARNUNG]  Die Datei ist kennwortgeschützt
C:\Users\Lander\Downloads\install_flashplayer11x64ax_gtbp_chrd_aih.exe
  [WARNUNG]  Die Datei ist kennwortgeschützt


Ende des Suchlaufs: Montag, 18. Juni 2012  18:29
Benötigte Zeit:  3:10:03 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

  29565 Verzeichnisse wurden überprüft
 506707 Dateien wurden geprüft
      0 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      0 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
 506707 Dateien ohne Befall
  6424 Archive wurden durchsucht
      4 Warnungen
      7 Hinweise
 788799 Objekte wurden beim Rootkitscan durchsucht
      8 Versteckte Objekte wurden gefunden
letzter Suchlauf des Antivir, bei dem was gefunden wurde vom 04.06.
Code:
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Montag, 4. Juni 2012  21:38

Es wird nach 3786745 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer  : Avira AntiVir Personal - Free Antivirus
Seriennummer  : 0000149996-ADJIE-0000001
Plattform      : Windows 7 Home Premium
Windowsversion : (Service Pack 1)  [6.1.7601]
Boot Modus    : Normal gebootet
Benutzername  : SYSTEM
Computername  : LANDER-PC

Versionsinformationen:
BUILD.DAT      : 12.0.0.1125    41829 Bytes  02.05.2012 16:34:00
AVSCAN.EXE    : 12.3.0.15    466896 Bytes  09.05.2012 06:20:37
AVSCAN.DLL    : 12.3.0.15      66256 Bytes  09.05.2012 06:20:37
LUKE.DLL      : 12.3.0.15      68304 Bytes  09.05.2012 06:20:37
AVSCPLR.DLL    : 12.3.0.14      97032 Bytes  09.05.2012 06:20:37
AVREG.DLL      : 12.3.0.17    232200 Bytes  11.05.2012 06:40:10
VBASE000.VDF  : 7.10.0.0    19875328 Bytes  06.11.2009 09:49:21
VBASE001.VDF  : 7.11.0.0    13342208 Bytes  14.12.2010 06:56:15
VBASE002.VDF  : 7.11.19.170 14374912 Bytes  20.12.2011 06:56:21
VBASE003.VDF  : 7.11.21.238  4472832 Bytes  01.02.2012 12:22:23
VBASE004.VDF  : 7.11.26.44  4329472 Bytes  28.03.2012 12:22:30
VBASE005.VDF  : 7.11.29.136  2166272 Bytes  10.05.2012 06:38:14
VBASE006.VDF  : 7.11.29.137    2048 Bytes  10.05.2012 06:38:14
VBASE007.VDF  : 7.11.29.138    2048 Bytes  10.05.2012 06:38:14
VBASE008.VDF  : 7.11.29.139    2048 Bytes  10.05.2012 06:38:15
VBASE009.VDF  : 7.11.29.140    2048 Bytes  10.05.2012 06:38:15
VBASE010.VDF  : 7.11.29.141    2048 Bytes  10.05.2012 06:38:15
VBASE011.VDF  : 7.11.29.142    2048 Bytes  10.05.2012 06:38:15
VBASE012.VDF  : 7.11.29.143    2048 Bytes  10.05.2012 06:38:15
VBASE013.VDF  : 7.11.29.144    2048 Bytes  10.05.2012 06:38:15
VBASE014.VDF  : 7.11.30.3    198144 Bytes  14.05.2012 07:16:33
VBASE015.VDF  : 7.11.30.69    186368 Bytes  17.05.2012 06:45:19
VBASE016.VDF  : 7.11.30.143  223744 Bytes  21.05.2012 08:44:24
VBASE017.VDF  : 7.11.30.207  287744 Bytes  23.05.2012 12:41:13
VBASE018.VDF  : 7.11.31.57    188416 Bytes  28.05.2012 19:41:22
VBASE019.VDF  : 7.11.31.111  214528 Bytes  30.05.2012 06:53:32
VBASE020.VDF  : 7.11.31.151  116736 Bytes  31.05.2012 18:38:43
VBASE021.VDF  : 7.11.31.205  134144 Bytes  03.06.2012 11:17:14
VBASE022.VDF  : 7.11.31.206    2048 Bytes  03.06.2012 11:17:15
VBASE023.VDF  : 7.11.31.207    2048 Bytes  03.06.2012 11:17:15
VBASE024.VDF  : 7.11.31.208    2048 Bytes  03.06.2012 11:17:15
VBASE025.VDF  : 7.11.31.209    2048 Bytes  03.06.2012 11:17:15
VBASE026.VDF  : 7.11.31.210    2048 Bytes  03.06.2012 11:17:15
VBASE027.VDF  : 7.11.31.211    2048 Bytes  03.06.2012 11:17:15
VBASE028.VDF  : 7.11.31.212    2048 Bytes  03.06.2012 11:17:16
VBASE029.VDF  : 7.11.31.213    2048 Bytes  03.06.2012 11:17:16
VBASE030.VDF  : 7.11.31.214    2048 Bytes  03.06.2012 11:17:16
VBASE031.VDF  : 7.11.31.222    4096 Bytes  04.06.2012 11:17:16
Engineversion  : 8.2.10.80
AEVDF.DLL      : 8.1.2.8      106867 Bytes  01.06.2012 18:38:54
AESCRIPT.DLL  : 8.1.4.24      450939 Bytes  01.06.2012 18:38:53
AESCN.DLL      : 8.1.8.2      131444 Bytes  13.04.2012 12:22:42
AESBX.DLL      : 8.2.5.10      606580 Bytes  31.05.2012 06:53:45
AERDL.DLL      : 8.1.9.15      639348 Bytes  31.01.2012 06:55:37
AEPACK.DLL    : 8.2.16.16    807288 Bytes  31.05.2012 06:53:43
AEOFFICE.DLL  : 8.1.2.28      201082 Bytes  27.04.2012 12:47:58
AEHEUR.DLL    : 8.1.4.36    4874615 Bytes  01.06.2012 18:38:53
AEHELP.DLL    : 8.1.21.0      254326 Bytes  11.05.2012 06:38:25
AEGEN.DLL      : 8.1.5.28      422260 Bytes  27.04.2012 12:47:29
AEEXP.DLL      : 8.1.0.44      82293 Bytes  31.05.2012 06:53:45
AEEMU.DLL      : 8.1.3.0      393589 Bytes  31.01.2012 06:55:34
AECORE.DLL    : 8.1.25.10    201080 Bytes  01.06.2012 18:38:45
AEBB.DLL      : 8.1.1.0        53618 Bytes  31.01.2012 06:55:33
AVWINLL.DLL    : 12.3.0.15      27344 Bytes  09.05.2012 06:20:37
AVPREF.DLL    : 12.3.0.15      51920 Bytes  09.05.2012 06:20:37
AVREP.DLL      : 12.3.0.15    179208 Bytes  09.05.2012 06:20:37
AVARKT.DLL    : 12.3.0.15    211408 Bytes  09.05.2012 06:20:37
AVEVTLOG.DLL  : 12.3.0.15    169168 Bytes  09.05.2012 06:20:37
SQLITE3.DLL    : 3.7.0.1      398288 Bytes  09.05.2012 06:20:37
AVSMTP.DLL    : 12.3.0.15      63440 Bytes  09.05.2012 06:20:37
NETNT.DLL      : 12.3.0.15      17104 Bytes  09.05.2012 06:20:37
RCIMAGE.DLL    : 12.3.0.15    4447952 Bytes  09.05.2012 06:20:37
RCTEXT.DLL    : 12.3.0.15      98512 Bytes  09.05.2012 06:20:37

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_4fcd08b0\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig
Abweichende Gefahrenkategorien........: +GAME,+JOKE,+PCK,+PFS,+SPR,

Beginn des Suchlaufs: Montag, 4. Juni 2012  21:38

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'java.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jp2launcher.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'StarMoney.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashUtil32_11_2_202_235_ActiveX.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wlcomm.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wlmail.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ibserver.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'EEventManager.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'FUFAXSTM.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'HotkeyUtility.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'BackupManagerTray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'phonostarTimer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'UpdaterService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'TeamViewer_Service.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SAgent4.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'StarMoneyOnlineUpdate.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'IScheduleSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'IBGuard.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'GregHSRW.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'eEBSVC.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\Users\Lander\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T0BQY9VV\in[1].htm'
C:\Users\Lander\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T0BQY9VV\in[1].htm
  [FUND]      Enthält Erkennungsmuster des HTML-Scriptvirus HTML/ExpKit.Gen3

Beginne mit der Desinfektion:
C:\Users\Lander\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T0BQY9VV\in[1].htm
  [FUND]      Enthält Erkennungsmuster des HTML-Scriptvirus HTML/ExpKit.Gen3
  [HINWEIS]  Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '56e2af82.qua' verschoben!


Ende des Suchlaufs: Montag, 4. Juni 2012  21:39
Benötigte Zeit: 00:00 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

      0 Verzeichnisse wurden überprüft
    29 Dateien wurden geprüft
      1 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      1 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
    28 Dateien ohne Befall
      0 Archive wurden durchsucht
      0 Warnungen
      1 Hinweise


Die Suchergebnisse werden an den Guard übermittelt.

cosinus 20.06.2012 11:13
Bitte erstmal routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

katolan 20.06.2012 22:37
Hallo, ich konnte den MBAM nur im abgesicherten Modus durchlaufen lassen, da er mir vorher das Windows komplett zum Absturz gebracht hat. Hier das Logfile, die älteren Logfiles hatte ich gestern gepostet:

Code:
Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.20.05

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Lander :: LANDER-PC [Administrator]

Schutz: Deaktiviert

20.06.2012 21:08:36
mbam-log-2012-06-20 (21-08-36).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 452426
Laufzeit: 52 Minute(n), 31 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Und hier das Logfile vom ESET-Scanner:
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=230d190cc00104488c0cf70e7d1b44dc
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-20 09:21:59
# local_time=2012-06-20 11:21:59 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 5977998 5977998 0 0
# compatibility_mode=5893 16776574 66 85 36369920 91854451 0 0
# compatibility_mode=8192 67108863 100 0 183 183 0 0
# scanned=94144
# found=7
# cleaned=0
# scan_time=2718
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarApp.dll        a variant of Win32/Toolbar.Babylon application (unable to clean)        00000000000000000000000000000000        I
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarEng.dll        Win32/Toolbar.Babylon application (unable to clean)        00000000000000000000000000000000        I
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarsrv.exe        probably a variant of Win32/Toolbar.Babylon application (unable to clean)        00000000000000000000000000000000        I
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll        Win32/Toolbar.Babylon application (unable to clean)        00000000000000000000000000000000        I
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll        Win32/Toolbar.Babylon application (unable to clean)        00000000000000000000000000000000        I
C:\Program Files (x86)\GridinSoft Trojan Killer\trojankiller.exe        a variant of Win32/1AntiVirus application (unable to clean)        00000000000000000000000000000000        I
C:\Program Files (x86)\MusicConverter\AudioConverter.exe        a variant of Win32/InstallCore.A application (unable to clean)        00000000000000000000000000000000        I

cosinus 21.06.2012 11:35
Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

katolan 21.06.2012 21:55
Hallo,

das Windows funktioniert wieder normal, ich habe aber keinen Vollscan bzw. überhaupt keinen Scan mit MBAM mehr versucht.
Und im Startmenü fehlt mir nichts, es sind alle Ordner auch gefüllt (bis auf Autostart, aber das habe ich selbst leer gemacht).

Gruß + danke
Kathrin

Gruß

cosinus 22.06.2012 09:50
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

katolan 22.06.2012 11:25
Hallo, hier das OTL-Log:
Code:
OTL logfile created on: 22.06.2012 12:06:35 - Run 3
OTL by OldTimer - Version 3.2.51.0    Folder = C:\Users\Lander\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,90 Gb Available Physical Memory | 63,38% Memory free
6,00 Gb Paging File | 4,63 Gb Available in Paging File | 77,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 142,16 Gb Total Space | 68,77 Gb Free Space | 48,37% Space Free | Partition Type: NTFS
Drive D: | 142,16 Gb Total Space | 0,01 Gb Free Space | 0,01% Space Free | Partition Type: NTFS
 
Computer Name: LANDER-PC | User Name: Lander | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Lander\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe ()
PRC - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer)
PRC - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Windows\SysWOW64\SAgent4.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe (SEIKO EPSON CORPORATION)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe ()
MOD - C:\Program Files (x86)\dradio-Recorder\QtCore4.dll ()
MOD - C:\Program Files (x86)\dradio-Recorder\plugins\sqldrivers\qsqlite4.dll ()
MOD - C:\Program Files (x86)\dradio-Recorder\QtGui4.dll ()
MOD - C:\Program Files (x86)\dradio-Recorder\QtSql4.dll ()
MOD - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll ()
MOD - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
MOD - C:\PROGRA~2\EPSONS~1\EVENTM~1\ASSIST~1\SCANAS~1\SCANEN~1.DLL ()
MOD - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll ()
MOD - C:\PROGRA~2\EPSONS~1\EVENTM~1\ASSIST~1\SCANAS~1\SATWAIN.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (StarMoney 8.0 OnlineUpdate) -- C:\Program Files (x86)\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe ()
SRV - (nSvcIp) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe ()
SRV - (EPSON_EB_RPCV4_01) EPSON V5 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE (SEIKO EPSON CORPORATION)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (SEIKO EPSON CORPORATION)
SRV - (StatusAgent4) -- C:\Windows\SysWOW64\SAgent4.exe (SEIKO EPSON CORPORATION)
SRV - (EpsonBidirectionalService) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe (SEIKO EPSON CORPORATION)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (TrojanKillerDriver) -- C:\Windows\SysNative\drivers\gtkdrv.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia)
DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia)
DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (acedrv09) -- C:\Windows\SysNative\drivers\acedrv09.sys (Protect Software GmbH)
DRV:64bit: - (acehlp09) -- C:\Windows\SysNative\drivers\acehlp09.sys (Protect Software GmbH)
DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (61883) -- C:\Windows\SysNative\drivers\61883.sys (Microsoft Corporation)
DRV:64bit: - (Avc) -- C:\Windows\SysNative\drivers\avc.sys (Microsoft Corporation)
DRV:64bit: - (MSDV) -- C:\Windows\SysNative\drivers\msdv.sys (Microsoft Corporation)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:64bit: - (MarvinBus) -- C:\Windows\SysNative\drivers\MarvinBus64.sys (Pinnacle Systems GmbH)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_x1301&r=17360510sn07974280275bh4n1291q
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_x1301&r=17360510sn07974280275bh4n1291q
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_x1301&r=17360510sn07974280275bh4n1291q
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_x1301&r=17360510sn07974280275bh4n1291q
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3521642250-2297515864-3979952538-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-3521642250-2297515864-3979952538-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.de/hxxp://www.radioeins.de/ [binary data]
IE - HKU\S-1-5-21-3521642250-2297515864-3979952538-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sz-online.de/
IE - HKU\S-1-5-21-3521642250-2297515864-3979952538-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-3521642250-2297515864-3979952538-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=110819&babsrc=SP_ss&mntrId=ec44ed7f00000000000000262d20314c
IE - HKU\S-1-5-21-3521642250-2297515864-3979952538-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE381
IE - HKU\S-1-5-21-3521642250-2297515864-3979952538-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-3521642250-2297515864-3979952538-1000\..\SearchScopes\{849BA102-CA62-4BA2-BAA5-19331FFA94E3}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=82A7FC3A-8DBF-436B-BF5C-F2403F7ED6CA&apn_sauid=A53A8577-7B1C-438C-91EE-6AB36AE6AB43&
IE - HKU\S-1-5-21-3521642250-2297515864-3979952538-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredimail.com//?search={searchTerms}&loc=search_box&a=1ex6c61osw6
IE - HKU\S-1-5-21-3521642250-2297515864-3979952538-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
[2011.10.10 11:19:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lander\AppData\Roaming\mozilla\Extensions
[2012.06.21 23:03:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lander\AppData\Roaming\mozilla\Firefox\Profiles\or0fcs3b.default\extensions
[2012.04.21 11:34:56 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Lander\AppData\Roaming\mozilla\Firefox\Profiles\or0fcs3b.default\extensions\ffxtlbr@babylon.com
[2012.04.17 12:06:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.03.02 17:23:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
 
========== Chrome  ==========
 
CHR - default_search_provider: Search the web (Babylon) (Enabled)
CHR - default_search_provider: search_url = hxxp://search.babylon.com/?q={searchTerms}&tt=010412_crm&babsrc=SP_crm
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Lander\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
 
O1 HOSTS File: ([2011.12.22 16:11:00 | 000,000,833 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-3521642250-2297515864-3979952538-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files (x86)\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia)
O4 - HKU\.DEFAULT..\Run: [Nokia.PCSync] C:\Program Files (x86)\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKU\S-1-5-18..\Run: [Nokia.PCSync] C:\Program Files (x86)\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3521642250-2297515864-3979952538-1000..\Run: [dradio-RecorderTimer] C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe ()
O4 - HKU\S-1-5-21-3521642250-2297515864-3979952538-1000..\Run: [EPSON BX310FN Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFHE.EXE /FU "C:\Users\Lander\AppData\Local\Temp\E_S4ADB.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Josefine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-3521642250-2297515864-3979952538-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3521642250-2297515864-3979952538-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-3521642250-2297515864-3979952538-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000018 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5A4F0A5F-8EA0-44EA-AF9A-AB6E3FBD2D6E}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\dssrequest - No CLSID value found
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\dssrequest - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MCODS -
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS -
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.mjpg - pvmjpg30.dll File not found
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.20 22:33:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.06.18 14:28:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer
[2012.06.18 14:27:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GridinSoft Trojan Killer
[2012.06.07 23:26:09 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.06.07 22:58:46 | 000,000,000 | ---D | C] -- C:\Users\Lander\AppData\Roaming\Malwarebytes
[2012.06.07 22:58:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.07 22:58:34 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.07 22:58:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.07 22:58:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.02.26 15:10:17 | 000,849,408 | ---- | C] (hxxp://lame.sf.net) -- C:\ProgramData\lame.exe
[2012.02.26 15:06:39 | 000,119,840 | ---- | C] (Martin Pesch) -- C:\ProgramData\mp3DirectCut.exe
[2009.10.17 04:04:41 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.22 12:10:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.22 11:41:07 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.22 11:41:07 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.22 11:37:55 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.22 11:37:55 | 000,654,022 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.22 11:37:55 | 000,615,904 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.22 11:37:55 | 000,129,894 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.22 11:37:55 | 000,106,284 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.22 11:33:52 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.22 11:33:36 | 000,000,306 | ---- | M] () -- C:\Windows\tasks\sxele.job
[2012.06.22 11:33:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.22 11:33:28 | 2414,776,320 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.22 08:25:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.20 22:39:03 | 000,000,254 | ---- | M] () -- C:\Windows\tasks\Epson Printer Software Downloader.job
[2012.06.18 14:28:00 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2012.06.13 13:56:21 | 000,408,184 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.12 10:20:46 | 000,002,348 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.06.09 11:37:04 | 000,003,525 | ---- | M] () -- C:\ProgramData\mp3DirectCut.ini
[2012.06.08 11:37:23 | 000,001,413 | ---- | M] () -- C:\Users\Lander\Desktop\cmd.lnk
[2012.06.08 10:55:26 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.old
[2012.06.07 22:58:35 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.06.07 14:48:54 | 000,003,698 | ---- | M] () -- C:\Users\Lander\AppData\Roaming\wklnhst.dat
[2012.05.29 16:22:00 | 000,200,704 | RHS- | M] () -- C:\Windows\SysWow64\ogldrvn.dll
 
========== Files Created - No Company Name ==========
 
[2012.06.18 14:28:00 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2012.06.08 11:35:42 | 000,001,413 | ---- | C] () -- C:\Users\Lander\Desktop\cmd.lnk
[2012.06.07 22:58:35 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.05.29 16:22:01 | 000,000,306 | ---- | C] () -- C:\Windows\tasks\sxele.job
[2012.05.29 16:22:00 | 000,200,704 | RHS- | C] () -- C:\Windows\SysWow64\ogldrvn.dll
[2012.03.14 09:37:17 | 000,207,419 | ---- | C] () -- C:\Users\Lander\AppData\Roaming\NMM-MetaData.db
[2012.02.26 15:10:17 | 000,672,256 | ---- | C] () -- C:\ProgramData\lame_enc.dll
[2012.02.26 15:08:42 | 000,003,525 | ---- | C] () -- C:\ProgramData\mp3DirectCut.ini
[2012.02.26 15:06:39 | 000,026,733 | ---- | C] () -- C:\ProgramData\Manual.htm
[2012.02.26 15:06:39 | 000,014,512 | ---- | C] () -- C:\ProgramData\FAQ.htm
[2011.12.09 20:14:11 | 000,015,360 | ---- | C] () -- C:\Users\Lander\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.03.29 13:16:01 | 000,772,505 | ---- | C] () -- C:\Users\Lander\PV-leitfaden.pdf
[2010.11.08 22:45:31 | 001,456,640 | ---- | C] () -- C:\Program Files (x86)\Common Files\Falk Navi-Manager.msi
[2010.11.05 10:08:34 | 000,177,490 | ---- | C] () -- C:\Users\Lander\Schloss Zschorna.mht
[2010.10.02 14:39:50 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2010.10.02 14:39:50 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2010.10.02 14:39:50 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2010.10.02 14:39:40 | 000,000,103 | ---- | C] () -- C:\Windows\ka.ini
[2010.10.01 14:28:10 | 000,226,923 | ---- | C] () -- C:\Users\Lander\Fußböden, Bodenbelag, Bodenfliesen, Steinteppich innen und außen - Neuhäuser Gruppe - René Neuhäuser in Radebeul bei Dresden an der Elbe in Sachsen, nahe Meißen, Pirna, Chemnitz, Bautzen.mht
[2010.09.22 11:40:58 | 000,159,625 | ---- | C] () -- C:\Users\Lander\Freizeitbad Wellenspiel Meißen.mht
[2010.09.08 11:31:51 | 000,003,698 | ---- | C] () -- C:\Users\Lander\AppData\Roaming\wklnhst.dat
[2010.08.23 22:05:22 | 000,007,597 | ---- | C] () -- C:\Users\Lander\AppData\Local\Resmon.ResmonCfg
[2010.07.28 13:08:33 | 000,000,314 | ---- | C] () -- C:\Windows\hegames.ini
[2010.05.26 23:08:41 | 000,000,680 | RHS- | C] () -- C:\Users\Lander\ntuser.pol
 
========== LOP Check ==========
 
[2011.09.05 10:13:41 | 000,000,000 | ---D | M] -- C:\Users\Elisabeth\AppData\Roaming\Epson
[2012.03.18 18:41:04 | 000,000,000 | ---D | M] -- C:\Users\Elisabeth\AppData\Roaming\PC Suite
[2011.06.09 22:23:24 | 000,000,000 | ---D | M] -- C:\Users\Josefine\AppData\Roaming\elsterformular
[2010.06.07 19:14:47 | 000,000,000 | ---D | M] -- C:\Users\Josefine\AppData\Roaming\Epson
[2012.03.16 20:46:31 | 000,000,000 | ---D | M] -- C:\Users\Josefine\AppData\Roaming\PC Suite
[2012.05.15 15:15:54 | 000,000,000 | ---D | M] -- C:\Users\Josefine\AppData\Roaming\Systweak
[2010.05.28 16:52:41 | 000,000,000 | ---D | M] -- C:\Users\Josefine\AppData\Roaming\Template
[2010.10.28 15:17:42 | 000,000,000 | -HSD | M] -- C:\Users\Lander\AppData\Roaming\.#
[2012.04.21 11:34:46 | 000,000,000 | ---D | M] -- C:\Users\Lander\AppData\Roaming\Babylon
[2011.09.19 22:19:03 | 000,000,000 | ---D | M] -- C:\Users\Lander\AppData\Roaming\elsterformular
[2010.10.15 16:34:39 | 000,000,000 | ---D | M] -- C:\Users\Lander\AppData\Roaming\Epson
[2010.06.04 10:35:59 | 000,000,000 | ---D | M] -- C:\Users\Lander\AppData\Roaming\eSobi
[2010.05.27 10:14:47 | 000,000,000 | ---D | M] -- C:\Users\Lander\AppData\Roaming\GameConsole
[2010.05.31 20:45:30 | 000,000,000 | ---D | M] -- C:\Users\Lander\AppData\Roaming\InterTrust
[2010.06.01 11:13:49 | 000,000,000 | ---D | M] -- C:\Users\Lander\AppData\Roaming\klickTel
[2012.03.26 09:03:08 | 000,000,000 | ---D | M] -- C:\Users\Lander\AppData\Roaming\Nokia
[2012.03.28 14:31:11 | 000,000,000 | ---D | M] -- C:\Users\Lander\AppData\Roaming\Nokia Multimedia Player
[2012.03.28 14:19:24 | 000,000,000 | ---D | M] -- C:\Users\Lander\AppData\Roaming\PC Suite
[2011.06.22 13:57:03 | 000,000,000 | ---D | M] -- C:\Users\Lander\AppData\Roaming\phonostar GmbH
[2011.10.28 11:36:32 | 000,000,000 | ---D | M] -- C:\Users\Lander\AppData\Roaming\ProtectDisc
[2012.05.16 08:32:22 | 000,000,000 | ---D | M] -- C:\Users\Lander\AppData\Roaming\Systweak
[2011.05.22 14:09:52 | 000,000,000 | ---D | M] -- C:\Users\Lander\AppData\Roaming\TeamViewer
[2011.01.28 19:33:07 | 000,000,000 | ---D | M] -- C:\Users\Lander\AppData\Roaming\Template
[2012.06.20 22:39:03 | 000,000,254 | ---- | M] () -- C:\Windows\Tasks\Epson Printer Software Downloader.job
[2010.08.17 07:44:27 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\Install.job
[2012.06.17 16:09:12 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.06.22 11:33:36 | 000,000,306 | ---- | M] () -- C:\Windows\Tasks\sxele.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.10.28 15:17:42 | 000,000,000 | -HSD | M] -- C:\Users\Lander\AppData\Roaming\.#
[2010.08.30 15:49:15 | 000,000,000 | ---D | M] -- C:\Users\Lander\AppData\Roaming\Adobe
[2012.04.12 18:09:01 | 000,000,000 | ---D | M] -- C:\Users\Lander\AppData\Roaming\Avira
[2012.04.21 11:34:46 | 000,000,000 | ---D | M] -- C:\Users\Lander\AppData\Roaming\Babylon
[2011.09.19 22:19:03 | 000,000,000 | ---D | M] -- C:\Users\Lander\AppData\Roaming\elsterformular
[2010.10.15 16:34:39 | 000,000,000 | ---D | M] -- C:\Users\Lander\AppData\Roaming\Epson
[2010.06.04 10:35:59 | 000,000,000 | ---D | M] -- C:\Users\Lander\AppData\Roaming\eSobi
[2010.05.27 10:14:47 | 000,000,000 | ---D | M] -- C:\Users\Lander\AppData\Roaming\GameConsole
[2010.05.26 23:17:24 | 000,000,000 | ---D | M] -- C:\Users\Lander\AppData\Roaming\Google
[2010.05.26 23:01:18 | 000,000,000 | ---D | M] -- C:\Users\Lander\AppData\Roaming\Identities
[2010.05.30 22:31:39 | 000,000,000 | ---D | M] -- C:\Users\Lander\AppData\Roaming\InstallShield
[2010.05.31 20:45:30 | 000,000,000 | ---D | M] -- C:\Users\Lander\AppData\Roaming\InterTrust
[2010.06.01 11:13:49 | 000,000,000 | ---D | M] -- C:\Users\Lander\AppData\Roaming\klickTel
[2010.05.26 23:01:54 | 000,000,000 | ---D | M] -- C:\Users\Lander\AppData\Roaming\Macromedia
[2012.06.07 22:58:46 | 000,000,000 | ---D | M] -- C:\Users\Lander\AppData\Roaming\Malwarebytes
[2009.07.14 09:44:38 | 000,000,000 | ---D | M] -- C:\Users\Lander\AppData\Roaming\Media Center Programs
[2011.03.01 14:22:28 | 000,000,000 | --SD | M] -- C:\Users\Lander\AppData\Roaming\Microsoft
[2011.10.10 11:19:51 | 000,000,000 | ---D | M] -- C:\Users\Lander\AppData\Roaming\Mozilla
[2012.02.26 13:55:38 | 000,000,000 | ---D | M] -- C:\Users\Lander\AppData\Roaming\Nero
[2012.03.26 09:03:08 | 000,000,000 | ---D | M] -- C:\Users\Lander\AppData\Roaming\Nokia
[2012.03.28 14:31:11 | 000,000,000 | ---D | M] -- C:\Users\Lander\AppData\Roaming\Nokia Multimedia Player
[2012.03.28 14:19:24 | 000,000,000 | ---D | M] -- C:\Users\Lander\AppData\Roaming\PC Suite
[2011.06.22 13:57:03 | 000,000,000 | ---D | M] -- C:\Users\Lander\AppData\Roaming\phonostar GmbH
[2011.10.28 11:36:32 | 000,000,000 | ---D | M] -- C:\Users\Lander\AppData\Roaming\ProtectDisc
[2012.05.16 08:32:22 | 000,000,000 | ---D | M] -- C:\Users\Lander\AppData\Roaming\Systweak
[2011.05.22 14:09:52 | 000,000,000 | ---D | M] -- C:\Users\Lander\AppData\Roaming\TeamViewer
[2011.01.28 19:33:07 | 000,000,000 | ---D | M] -- C:\Users\Lander\AppData\Roaming\Template
 
< %APPDATA%\*.exe /s >
[2011.07.13 17:40:53 | 000,029,926 | R--- | M] () -- C:\Users\Lander\AppData\Roaming\Microsoft\Installer\{6DE721A5-5E89-4D74-994C-652BB3C0672E}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2012.05.29 16:22:00 | 000,200,704 | RHS- | M] () Unable to obtain MD5 -- C:\Windows\system32\ogldrvn.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:0B9176C0

< End of report >

cosinus 22.06.2012 12:19
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
IE - HKU\S-1-5-21-3521642250-2297515864-3979952538-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=110819&babsrc=SP_ss&mntrId=ec44ed7f00000000000000262d20314c
IE - HKU\S-1-5-21-3521642250-2297515864-3979952538-1000\..\SearchScopes\{849BA102-CA62-4BA2-BAA5-19331FFA94E3}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=82A7FC3A-8DBF-436B-BF5C-F2403F7ED6CA&apn_sauid=A53A8577-7B1C-438C-91EE-6AB36AE6AB43&
IE - HKU\S-1-5-21-3521642250-2297515864-3979952538-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredimail.com//?search={searchTerms}&loc=search_box&a=1ex6c61osw6
[2012.04.21 11:34:56 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Lander\AppData\Roaming\mozilla\Firefox\Profiles\or0fcs3b.default\extensions\ffxtlbr@babylon.com
CHR - default_search_provider: Search the web (Babylon) (Enabled)
CHR - default_search_provider: search_url = http://search.babylon.com/?q={searchTerms}&tt=010412_crm&babsrc=SP_crm
O2:64bit: - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2:64bit: - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-3521642250-2297515864-3979952538-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3521642250-2297515864-3979952538-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-3521642250-2297515864-3979952538-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:0B9176C0
:Files
C:\Program Files (x86)\BabylonToolbar
C:\ProgramData\FullRemove.exe
C:\Windows\tasks\sxele.job
C:\Windows\SysWow64\ogldrvn.dll
C:\Users\Lander\AppData\Roaming\.#
C:\Users\Lander\AppData\Roaming\Babylon
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

katolan 22.06.2012 12:41
Liste der Anhänge anzeigen (Anzahl: 1)
Hi, habe alles so gemacht wie beschrieben. Der PC wurde runtergefahren und nach dem erneuten Hochfahren gleich das Logfile, ich musste nirgends mehr OK klicken.

Code:
All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-3521642250-2297515864-3979952538-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-3521642250-2297515864-3979952538-1000\Software\Microsoft\Internet Explorer\SearchScopes\{849BA102-CA62-4BA2-BAA5-19331FFA94E3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{849BA102-CA62-4BA2-BAA5-19331FFA94E3}\ not found.
Registry key HKEY_USERS\S-1-5-21-3521642250-2297515864-3979952538-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found.
C:\Users\Lander\AppData\Roaming\mozilla\Firefox\Profiles\or0fcs3b.default\extensions\ffxtlbr@babylon.com\defaults\preferences folder moved successfully.
C:\Users\Lander\AppData\Roaming\mozilla\Firefox\Profiles\or0fcs3b.default\extensions\ffxtlbr@babylon.com\defaults folder moved successfully.
C:\Users\Lander\AppData\Roaming\mozilla\Firefox\Profiles\or0fcs3b.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs folder moved successfully.
C:\Users\Lander\AppData\Roaming\mozilla\Firefox\Profiles\or0fcs3b.default\extensions\ffxtlbr@babylon.com\content\imgs folder moved successfully.
C:\Users\Lander\AppData\Roaming\mozilla\Firefox\Profiles\or0fcs3b.default\extensions\ffxtlbr@babylon.com\content folder moved successfully.
C:\Users\Lander\AppData\Roaming\mozilla\Firefox\Profiles\or0fcs3b.default\extensions\ffxtlbr@babylon.com\components folder moved successfully.
C:\Users\Lander\AppData\Roaming\mozilla\Firefox\Profiles\or0fcs3b.default\extensions\ffxtlbr@babylon.com folder moved successfully.
Unable to fix default_search_provider items.
Unable to fix default_search_provider items.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ deleted successfully.
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3521642250-2297515864-3979952538-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3521642250-2297515864-3979952538-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\LogonHoursAction deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3521642250-2297515864-3979952538-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DontDisplayLogonHoursWarnings deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2670000A-7350-4f3c-8081-5663EE0C6C49}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2670000A-7350-4f3c-8081-5663EE0C6C49}\ not found.
ADS C:\ProgramData\TEMP:0B9176C0 deleted successfully.
========== FILES ==========
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh folder moved successfully.
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17 folder moved successfully.
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar folder moved successfully.
C:\Program Files (x86)\BabylonToolbar folder moved successfully.
C:\ProgramData\FullRemove.exe moved successfully.
C:\Windows\tasks\sxele.job moved successfully.
C:\Windows\SysWow64\ogldrvn.dll moved successfully.
C:\Users\Lander\AppData\Roaming\.# folder moved successfully.
C:\Users\Lander\AppData\Roaming\Babylon folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Elisabeth
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Josefine
->Temp folder emptied: 1402596 bytes
->Temporary Internet Files folder emptied: 55921741 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 31342242 bytes
->Flash cache emptied: 1766 bytes
 
User: Lander
->Temp folder emptied: 14081300 bytes
->Temporary Internet Files folder emptied: 1323771908 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 52027688 bytes
->Flash cache emptied: 36393 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 64695890 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1.472,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Elisabeth
->Flash cache emptied: 0 bytes
 
User: Josefine
->Flash cache emptied: 0 bytes
 
User: Lander
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.51.0 log created on 06222012_132233

Files\Folders moved on Reboot...
C:\Users\Lander\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
Als ich jetzt das Torjaner-Board wegen meiner Antwort wieder aufgerufen habe, hat allerdings der IE gemeckert, dass der Standardsuchanbieter geändert wurde und dass er es wieder auf Google zurückgesetzt hat, ich konnte nur OK klicken, eine Auswahl hatte ich nicht. (Meldung: siehe Anhang)

cosinus 22.06.2012 13:10
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

katolan 22.06.2012 14:07
Hier das Log vom TDSS. Es ist jetzt noch was komisches passiert: der IE lässt mich auf Eurer Seite hier nicht mehr einloggen, bin jetzt mit Chrome drin. Ich erhalten im IE immer wieder die Seite zum Einloggen vorgeblendet, obwohl ich vorher kurz die Begrüßung gesehen habe.

Code:
14:25:44.0859 1932        TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
14:25:44.0968 1932        ============================================================
14:25:44.0968 1932        Current date / time: 2012/06/22 14:25:44.0968
14:25:44.0968 1932        SystemInfo:
14:25:44.0968 1932       
14:25:44.0968 1932        OS Version: 6.1.7601 ServicePack: 1.0
14:25:44.0968 1932        Product type: Workstation
14:25:44.0968 1932        ComputerName: LANDER-PC
14:25:44.0968 1932        UserName: Lander
14:25:44.0968 1932        Windows directory: C:\Windows
14:25:44.0968 1932        System windows directory: C:\Windows
14:25:44.0968 1932        Running under WOW64
14:25:44.0968 1932        Processor architecture: Intel x64
14:25:44.0968 1932        Number of processors: 2
14:25:44.0968 1932        Page size: 0x1000
14:25:44.0968 1932        Boot type: Normal boot
14:25:44.0968 1932        ============================================================
14:25:46.0809 1932        Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:25:46.0825 1932        ============================================================
14:25:46.0825 1932        \Device\Harddisk0\DR0:
14:25:46.0825 1932        MBR partitions:
14:25:46.0825 1932        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B58800, BlocksNum 0x32000
14:25:46.0825 1932        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1B8A800, BlocksNum 0x11C52000
14:25:46.0825 1932        \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x137DC800, BlocksNum 0x11C51AB0
14:25:46.0825 1932        ============================================================
14:25:46.0856 1932        C: <-> \Device\Harddisk0\DR0\Partition1
14:25:46.0872 1932        D: <-> \Device\Harddisk0\DR0\Partition2
14:25:46.0872 1932        ============================================================
14:25:46.0872 1932        Initialize success
14:25:46.0872 1932        ============================================================
14:27:58.0247 1424        ============================================================
14:27:58.0247 1424        Scan started
14:27:58.0247 1424        Mode: Manual; SigCheck; TDLFS;
14:27:58.0247 1424        ============================================================
14:27:58.0902 1424        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
14:27:59.0074 1424        1394ohci - ok
14:27:59.0105 1424        61883          (e0a8525a951addb4655bc2068566407d) C:\Windows\system32\DRIVERS\61883.sys
14:27:59.0214 1424        61883 - ok
14:27:59.0246 1424        acedrv09        (d8ca98e813d08e267e7e140bd22e073e) C:\Windows\system32\drivers\acedrv09.sys
14:27:59.0261 1424        acedrv09 - ok
14:27:59.0292 1424        acehlp09        (f535d9cf9ab68df08d92aeb6d697ebdb) C:\Windows\system32\drivers\acehlp09.sys
14:27:59.0292 1424        acehlp09 - ok
14:27:59.0339 1424        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:27:59.0355 1424        ACPI - ok
14:27:59.0370 1424        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:27:59.0464 1424        AcpiPmi - ok
14:27:59.0526 1424        AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:27:59.0558 1424        AdobeFlashPlayerUpdateSvc - ok
14:27:59.0589 1424        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
14:27:59.0604 1424        adp94xx - ok
14:27:59.0620 1424        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
14:27:59.0636 1424        adpahci - ok
14:27:59.0651 1424        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
14:27:59.0682 1424        adpu320 - ok
14:27:59.0714 1424        AeLookupSvc    (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
14:27:59.0854 1424        AeLookupSvc - ok
14:27:59.0885 1424        AFD            (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
14:27:59.0963 1424        AFD - ok
14:28:00.0026 1424        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:28:00.0057 1424        agp440 - ok
14:28:00.0088 1424        ALG            (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
14:28:00.0166 1424        ALG - ok
14:28:00.0166 1424        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:28:00.0182 1424        aliide - ok
14:28:00.0197 1424        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:28:00.0213 1424        amdide - ok
14:28:00.0244 1424        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
14:28:00.0306 1424        AmdK8 - ok
14:28:00.0322 1424        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
14:28:00.0384 1424        AmdPPM - ok
14:28:00.0416 1424        amdsata        (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
14:28:00.0447 1424        amdsata - ok
14:28:00.0478 1424        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
14:28:00.0494 1424        amdsbs - ok
14:28:00.0509 1424        amdxata        (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
14:28:00.0525 1424        amdxata - ok
14:28:00.0587 1424        AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
14:28:00.0618 1424        AntiVirSchedulerService - ok
14:28:00.0650 1424        AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
14:28:00.0665 1424        AntiVirService - ok
14:28:00.0681 1424        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:28:00.0852 1424        AppID - ok
14:28:00.0852 1424        AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
14:28:00.0962 1424        AppIDSvc - ok
14:28:01.0008 1424        Appinfo        (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
14:28:01.0040 1424        Appinfo - ok
14:28:01.0071 1424        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
14:28:01.0071 1424        arc - ok
14:28:01.0086 1424        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
14:28:01.0118 1424        arcsas - ok
14:28:01.0118 1424        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:28:01.0196 1424        AsyncMac - ok
14:28:01.0211 1424        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:28:01.0227 1424        atapi - ok
14:28:01.0274 1424        AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:28:01.0352 1424        AudioEndpointBuilder - ok
14:28:01.0367 1424        AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:28:01.0445 1424        AudioSrv - ok
14:28:01.0461 1424        Avc            (16fabe84916623d0607e4a975544032c) C:\Windows\system32\DRIVERS\avc.sys
14:28:01.0492 1424        Avc - ok
14:28:01.0539 1424        avgntflt        (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
14:28:01.0554 1424        avgntflt - ok
14:28:01.0586 1424        avipbb          (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
14:28:01.0617 1424        avipbb - ok
14:28:01.0632 1424        avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
14:28:01.0632 1424        avkmgr - ok
14:28:01.0664 1424        AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
14:28:01.0773 1424        AxInstSV - ok
14:28:01.0820 1424        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
14:28:01.0898 1424        b06bdrv - ok
14:28:01.0976 1424        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:28:02.0054 1424        b57nd60a - ok
14:28:02.0163 1424        BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
14:28:02.0288 1424        BDESVC - ok
14:28:02.0303 1424        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:28:02.0381 1424        Beep - ok
14:28:02.0444 1424        BFE            (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
14:28:02.0490 1424        BFE - ok
14:28:02.0537 1424        BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
14:28:02.0600 1424        BITS - ok
14:28:02.0678 1424        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:28:02.0724 1424        blbdrive - ok
14:28:02.0771 1424        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
14:28:02.0818 1424        bowser - ok
14:28:02.0834 1424        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:28:02.0880 1424        BrFiltLo - ok
14:28:02.0880 1424        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:28:02.0896 1424        BrFiltUp - ok
14:28:02.0943 1424        Browser        (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
14:28:03.0021 1424        Browser - ok
14:28:03.0052 1424        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:28:03.0114 1424        Brserid - ok
14:28:03.0130 1424        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:28:03.0161 1424        BrSerWdm - ok
14:28:03.0208 1424        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:28:03.0270 1424        BrUsbMdm - ok
14:28:03.0286 1424        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:28:03.0302 1424        BrUsbSer - ok
14:28:03.0333 1424        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
14:28:03.0395 1424        BTHMODEM - ok
14:28:03.0411 1424        bthserv        (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
14:28:03.0489 1424        bthserv - ok
14:28:03.0504 1424        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:28:03.0567 1424        cdfs - ok
14:28:03.0598 1424        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
14:28:03.0629 1424        cdrom - ok
14:28:03.0645 1424        CertPropSvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:28:03.0723 1424        CertPropSvc - ok
14:28:03.0754 1424        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
14:28:03.0785 1424        circlass - ok
14:28:03.0816 1424        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:28:03.0848 1424        CLFS - ok
14:28:03.0910 1424        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:28:03.0941 1424        clr_optimization_v2.0.50727_32 - ok
14:28:03.0972 1424        clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:28:04.0004 1424        clr_optimization_v2.0.50727_64 - ok
14:28:04.0066 1424        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:28:04.0128 1424        clr_optimization_v4.0.30319_32 - ok
14:28:04.0144 1424        clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:28:04.0160 1424        clr_optimization_v4.0.30319_64 - ok
14:28:04.0191 1424        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
14:28:04.0238 1424        CmBatt - ok
14:28:04.0269 1424        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:28:04.0300 1424        cmdide - ok
14:28:04.0331 1424        CNG            (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
14:28:04.0378 1424        CNG - ok
14:28:04.0394 1424        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
14:28:04.0409 1424        Compbatt - ok
14:28:04.0440 1424        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
14:28:04.0472 1424        CompositeBus - ok
14:28:04.0472 1424        COMSysApp - ok
14:28:04.0503 1424        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
14:28:04.0518 1424        crcdisk - ok
14:28:04.0550 1424        CryptSvc        (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
14:28:04.0581 1424        CryptSvc - ok
14:28:04.0643 1424        DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:28:04.0706 1424        DcomLaunch - ok
14:28:04.0752 1424        defragsvc      (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
14:28:04.0799 1424        defragsvc - ok
14:28:04.0830 1424        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:28:04.0877 1424        DfsC - ok
14:28:04.0908 1424        Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
14:28:04.0955 1424        Dhcp - ok
14:28:04.0986 1424        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:28:05.0018 1424        discache - ok
14:28:05.0033 1424        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
14:28:05.0033 1424        Disk - ok
14:28:05.0064 1424        Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
14:28:05.0158 1424        Dnscache - ok
14:28:05.0189 1424        dot3svc        (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
14:28:05.0283 1424        dot3svc - ok
14:28:05.0314 1424        DPS            (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
14:28:05.0392 1424        DPS - ok
14:28:05.0423 1424        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:28:05.0454 1424        drmkaud - ok
14:28:05.0517 1424        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
14:28:05.0564 1424        DXGKrnl - ok
14:28:05.0579 1424        EapHost        (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
14:28:05.0657 1424        EapHost - ok
14:28:05.0813 1424        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
14:28:05.0922 1424        ebdrv - ok
14:28:06.0032 1424        EFS            (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
14:28:06.0094 1424        EFS - ok
14:28:06.0156 1424        ehRecvr        (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
14:28:06.0250 1424        ehRecvr - ok
14:28:06.0281 1424        ehSched        (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
14:28:06.0359 1424        ehSched - ok
14:28:06.0406 1424        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
14:28:06.0468 1424        elxstor - ok
14:28:06.0546 1424        EpsonBidirectionalService (abdd5ad016affd34ad40e944ce94bf59) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
14:28:06.0562 1424        EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - warning
14:28:06.0562 1424        EpsonBidirectionalService - detected UnsignedFile.Multi.Generic (1)
14:28:06.0640 1424        EPSON_EB_RPCV4_01 (b5581646636759d0dafa8b008881c079) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
14:28:06.0702 1424        EPSON_EB_RPCV4_01 - ok
14:28:06.0718 1424        EPSON_PM_RPCV4_01 (1e345f2a2d95da3190596e691cde9342) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
14:28:06.0765 1424        EPSON_PM_RPCV4_01 - ok
14:28:06.0796 1424        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:28:06.0827 1424        ErrDev - ok
14:28:06.0874 1424        EventSystem    (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
14:28:06.0921 1424        EventSystem - ok
14:28:06.0952 1424        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:28:07.0046 1424        exfat - ok
14:28:07.0077 1424        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:28:07.0124 1424        fastfat - ok
14:28:07.0295 1424        Fax            (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
14:28:07.0373 1424        Fax - ok
14:28:07.0389 1424        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
14:28:07.0482 1424        fdc - ok
14:28:07.0514 1424        fdPHost        (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
14:28:07.0592 1424        fdPHost - ok
14:28:07.0592 1424        FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
14:28:07.0654 1424        FDResPub - ok
14:28:07.0670 1424        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:28:07.0701 1424        FileInfo - ok
14:28:07.0716 1424        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:28:07.0779 1424        Filetrace - ok
14:28:07.0794 1424        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
14:28:07.0794 1424        flpydisk - ok
14:28:07.0826 1424        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
14:28:07.0841 1424        FltMgr - ok
14:28:07.0935 1424        FontCache      (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
14:28:07.0982 1424        FontCache - ok
14:28:08.0060 1424        FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:28:08.0091 1424        FontCache3.0.0.0 - ok
14:28:08.0153 1424        ForceWare Intelligent Application Manager (IAM) (a9ff65ea14e4cabfcc1bb8ece111a249) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
14:28:08.0184 1424        ForceWare Intelligent Application Manager (IAM) - ok
14:28:08.0231 1424        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:28:08.0247 1424        FsDepends - ok
14:28:08.0262 1424        Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
14:28:08.0278 1424        Fs_Rec - ok
14:28:08.0294 1424        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:28:08.0325 1424        fvevol - ok
14:28:08.0340 1424        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
14:28:08.0356 1424        gagp30kx - ok
14:28:08.0387 1424        gpsvc          (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
14:28:08.0450 1424        gpsvc - ok
14:28:08.0559 1424        Greg_Service    (816fd5a6f3c2f3d600900096632fc60e) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
14:28:08.0606 1424        Greg_Service - ok
14:28:08.0652 1424        gupdate        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:28:08.0668 1424        gupdate - ok
14:28:08.0684 1424        gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:28:08.0699 1424        gupdatem - ok
14:28:08.0715 1424        gusvc          (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
14:28:08.0730 1424        gusvc - ok
14:28:08.0808 1424        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:28:08.0855 1424        hcw85cir - ok
14:28:08.0918 1424        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
14:28:08.0964 1424        HdAudAddService - ok
14:28:09.0011 1424        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
14:28:09.0058 1424        HDAudBus - ok
14:28:09.0074 1424        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
14:28:09.0089 1424        HidBatt - ok
14:28:09.0120 1424        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
14:28:09.0167 1424        HidBth - ok
14:28:09.0183 1424        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
14:28:09.0214 1424        HidIr - ok
14:28:09.0230 1424        hidserv        (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
14:28:09.0292 1424        hidserv - ok
14:28:09.0308 1424        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
14:28:09.0339 1424        HidUsb - ok
14:28:09.0370 1424        hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
14:28:09.0448 1424        hkmsvc - ok
14:28:09.0495 1424        HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
14:28:09.0557 1424        HomeGroupListener - ok
14:28:09.0604 1424        HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
14:28:09.0651 1424        HomeGroupProvider - ok
14:28:09.0682 1424        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
14:28:09.0682 1424        HpSAMD - ok
14:28:09.0744 1424        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
14:28:09.0838 1424        HTTP - ok
14:28:09.0869 1424        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
14:28:09.0900 1424        hwpolicy - ok
14:28:09.0916 1424        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
14:28:09.0932 1424        i8042prt - ok
14:28:09.0963 1424        iaStorV        (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
14:28:09.0978 1424        iaStorV - ok
14:28:10.0056 1424        idsvc          (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:28:10.0088 1424        idsvc - ok
14:28:10.0119 1424        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
14:28:10.0119 1424        iirsp - ok
14:28:10.0166 1424        IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
14:28:10.0259 1424        IKEEXT - ok
14:28:10.0337 1424        IntcAzAudAddService (bc64b75e8e0a0b8982ab773483164e72) C:\Windows\system32\drivers\RTKVHD64.sys
14:28:10.0384 1424        IntcAzAudAddService - ok
14:28:10.0478 1424        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:28:10.0493 1424        intelide - ok
14:28:10.0524 1424        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:28:10.0556 1424        intelppm - ok
14:28:10.0587 1424        IPBusEnum      (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
14:28:10.0680 1424        IPBusEnum - ok
14:28:10.0696 1424        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:28:10.0743 1424        IpFilterDriver - ok
14:28:10.0790 1424        iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
14:28:10.0836 1424        iphlpsvc - ok
14:28:10.0868 1424        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
14:28:10.0883 1424        IPMIDRV - ok
14:28:10.0899 1424        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:28:10.0946 1424        IPNAT - ok
14:28:10.0977 1424        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:28:11.0070 1424        IRENUM - ok
14:28:11.0086 1424        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:28:11.0102 1424        isapnp - ok
14:28:11.0117 1424        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
14:28:11.0133 1424        iScsiPrt - ok
14:28:11.0148 1424        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
14:28:11.0164 1424        kbdclass - ok
14:28:11.0180 1424        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
14:28:11.0195 1424        kbdhid - ok
14:28:11.0226 1424        KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:28:11.0242 1424        KeyIso - ok
14:28:11.0258 1424        KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
14:28:11.0273 1424        KSecDD - ok
14:28:11.0304 1424        KSecPkg        (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
14:28:11.0336 1424        KSecPkg - ok
14:28:11.0351 1424        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:28:11.0429 1424        ksthunk - ok
14:28:11.0460 1424        KtmRm          (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
14:28:11.0538 1424        KtmRm - ok
14:28:11.0585 1424        LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
14:28:11.0648 1424        LanmanServer - ok
14:28:11.0679 1424        LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
14:28:11.0757 1424        LanmanWorkstation - ok
14:28:11.0804 1424        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:28:11.0850 1424        lltdio - ok
14:28:11.0897 1424        lltdsvc        (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
14:28:11.0975 1424        lltdsvc - ok
14:28:11.0991 1424        lmhosts        (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
14:28:12.0022 1424        lmhosts - ok
14:28:12.0053 1424        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
14:28:12.0069 1424        LSI_FC - ok
14:28:12.0069 1424        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
14:28:12.0084 1424        LSI_SAS - ok
14:28:12.0084 1424        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:28:12.0116 1424        LSI_SAS2 - ok
14:28:12.0116 1424        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:28:12.0131 1424        LSI_SCSI - ok
14:28:12.0162 1424        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:28:12.0240 1424        luafv - ok
14:28:12.0303 1424        MarvinBus      (024da28053d57e9e32bee52600576bbb) C:\Windows\system32\DRIVERS\MarvinBus64.sys
14:28:12.0412 1424        MarvinBus - ok
14:28:12.0599 1424        MBAMProtector  (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
14:28:12.0615 1424        MBAMProtector - ok
14:28:12.0708 1424        MBAMService    (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
14:28:12.0740 1424        MBAMService - ok
14:28:12.0755 1424        Mcx2Svc        (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
14:28:12.0802 1424        Mcx2Svc - ok
14:28:12.0833 1424        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
14:28:12.0849 1424        megasas - ok
14:28:12.0864 1424        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
14:28:12.0880 1424        MegaSR - ok
14:28:12.0911 1424        MMCSS          (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:28:12.0942 1424        MMCSS - ok
14:28:12.0958 1424        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:28:12.0989 1424        Modem - ok
14:28:13.0005 1424        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:28:13.0036 1424        monitor - ok
14:28:13.0067 1424        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
14:28:13.0098 1424        mouclass - ok
14:28:13.0114 1424        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:28:13.0145 1424        mouhid - ok
14:28:13.0176 1424        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
14:28:13.0208 1424        mountmgr - ok
14:28:13.0239 1424        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
14:28:13.0254 1424        mpio - ok
14:28:13.0270 1424        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:28:13.0332 1424        mpsdrv - ok
14:28:13.0395 1424        MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
14:28:13.0457 1424        MpsSvc - ok
14:28:13.0504 1424        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
14:28:13.0551 1424        MRxDAV - ok
14:28:13.0598 1424        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:28:13.0644 1424        mrxsmb - ok
14:28:13.0676 1424        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:28:13.0691 1424        mrxsmb10 - ok
14:28:13.0707 1424        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:28:13.0722 1424        mrxsmb20 - ok
14:28:13.0754 1424        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
14:28:13.0769 1424        msahci - ok
14:28:13.0800 1424        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
14:28:13.0832 1424        msdsm - ok
14:28:13.0847 1424        MSDTC          (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
14:28:13.0894 1424        MSDTC - ok
14:28:13.0925 1424        MSDV            (72949a24d37a20a54b3d4d3dadbb55e9) C:\Windows\system32\DRIVERS\msdv.sys
14:28:13.0972 1424        MSDV - ok
14:28:14.0019 1424        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:28:14.0066 1424        Msfs - ok
14:28:14.0081 1424        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:28:14.0144 1424        mshidkmdf - ok
14:28:14.0175 1424        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:28:14.0175 1424        msisadrv - ok
14:28:14.0206 1424        MSiSCSI        (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
14:28:14.0253 1424        MSiSCSI - ok
14:28:14.0253 1424        msiserver - ok
14:28:14.0284 1424        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:28:14.0346 1424        MSKSSRV - ok
14:28:14.0362 1424        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:28:14.0409 1424        MSPCLOCK - ok
14:28:14.0424 1424        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:28:14.0471 1424        MSPQM - ok
14:28:14.0518 1424        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
14:28:14.0549 1424        MsRPC - ok
14:28:14.0596 1424        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
14:28:14.0596 1424        mssmbios - ok
14:28:14.0612 1424        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:28:14.0705 1424        MSTEE - ok
14:28:14.0721 1424        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
14:28:14.0752 1424        MTConfig - ok
14:28:14.0783 1424        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:28:14.0814 1424        Mup - ok
14:28:14.0830 1424        napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
14:28:14.0892 1424        napagent - ok
14:28:14.0924 1424        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:28:14.0955 1424        NativeWifiP - ok
14:28:15.0002 1424        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
14:28:15.0048 1424        NDIS - ok
14:28:15.0064 1424        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:28:15.0095 1424        NdisCap - ok
14:28:15.0111 1424        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:28:15.0142 1424        NdisTapi - ok
14:28:15.0173 1424        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
14:28:15.0251 1424        Ndisuio - ok
14:28:15.0267 1424        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
14:28:15.0345 1424        NdisWan - ok
14:28:15.0376 1424        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
14:28:15.0454 1424        NDProxy - ok
14:28:15.0579 1424        Nero BackItUp Scheduler 4.0 (7d2633295eb6ff2b938185874884059d) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
14:28:15.0626 1424        Nero BackItUp Scheduler 4.0 - ok
14:28:15.0641 1424        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:28:15.0704 1424        NetBIOS - ok
14:28:15.0750 1424        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
14:28:15.0828 1424        NetBT - ok
14:28:15.0860 1424        Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:28:15.0860 1424        Netlogon - ok
14:28:15.0891 1424        Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
14:28:15.0953 1424        Netman - ok
14:28:15.0984 1424        netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
14:28:16.0031 1424        netprofm - ok
14:28:16.0094 1424        NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:28:16.0125 1424        NetTcpPortSharing - ok
14:28:16.0156 1424        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
14:28:16.0156 1424        nfrd960 - ok
14:28:16.0203 1424        NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
14:28:16.0250 1424        NlaSvc - ok
14:28:16.0296 1424        nmwcd          (907b5e1e4a592e5edc5e4ccbde4863c2) C:\Windows\system32\drivers\ccdcmbx64.sys
14:28:16.0374 1424        nmwcd - ok
14:28:16.0406 1424        nmwcdc          (41c1ac1f3613435eb32d67bcb80a5fa5) C:\Windows\system32\drivers\ccdcmbox64.sys
14:28:16.0452 1424        nmwcdc - ok
14:28:16.0468 1424        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:28:16.0499 1424        Npfs - ok
14:28:16.0530 1424        nsi            (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
14:28:16.0577 1424        nsi - ok
14:28:16.0608 1424        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:28:16.0655 1424        nsiproxy - ok
14:28:16.0718 1424        nSvcIp          (c04f5def37e55f6a34428b050f44d3d6) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
14:28:16.0733 1424        nSvcIp - ok
14:28:16.0796 1424        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
14:28:16.0858 1424        Ntfs - ok
14:28:16.0920 1424        NTI IScheduleSvc (bd691091ac7d9713d8f0b07c6b099e6c) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
14:28:16.0936 1424        NTI IScheduleSvc - ok
14:28:17.0014 1424        NTIDrvr        (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
14:28:17.0030 1424        NTIDrvr - ok
14:28:17.0045 1424        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:28:17.0108 1424        Null - ok
14:28:17.0139 1424        NVENETFD        (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
14:28:17.0170 1424        NVENETFD - ok
14:28:17.0201 1424        NVHDA          (181e7fe39211e04128a30708906627d8) C:\Windows\system32\drivers\nvhda64v.sys
14:28:17.0217 1424        NVHDA - ok
14:28:17.0810 1424        nvlddmkm        (ac8cbe9a0663e88f6429ee5530d5e32b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:28:18.0012 1424        nvlddmkm - ok
14:28:18.0122 1424        NVNET          (0ad267a4674805b61a5d7b911d2a978a) C:\Windows\system32\DRIVERS\nvmf6264.sys
14:28:18.0153 1424        NVNET - ok
14:28:18.0200 1424        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
14:28:18.0231 1424        nvraid - ok
14:28:18.0246 1424        nvsmu          (afde3015bb8d76e26bec3b287c5443a0) C:\Windows\system32\DRIVERS\nvsmu.sys
14:28:18.0262 1424        nvsmu - ok
14:28:18.0278 1424        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
14:28:18.0293 1424        nvstor - ok
14:28:18.0324 1424        nvstor64        (7c7eef51979658ce15bbc04f96a77d56) C:\Windows\system32\DRIVERS\nvstor64.sys
14:28:18.0340 1424        nvstor64 - ok
14:28:18.0371 1424        nvsvc          (902bb5d857538cc31163009959df0116) C:\Windows\system32\nvvsvc.exe
14:28:18.0387 1424        nvsvc - ok
14:28:18.0402 1424        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:28:18.0434 1424        nv_agp - ok
14:28:18.0449 1424        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:28:18.0480 1424        ohci1394 - ok
14:28:18.0543 1424        ose            (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:28:18.0574 1424        ose - ok
14:28:18.0636 1424        p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:28:18.0699 1424        p2pimsvc - ok
14:28:18.0746 1424        p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
14:28:18.0777 1424        p2psvc - ok
14:28:18.0792 1424        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
14:28:18.0808 1424        Parport - ok
14:28:18.0855 1424        partmgr        (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
14:28:18.0855 1424        partmgr - ok
14:28:18.0870 1424        PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
14:28:18.0948 1424        PcaSvc - ok
14:28:18.0980 1424        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
14:28:19.0011 1424        pci - ok
14:28:19.0026 1424        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:28:19.0026 1424        pciide - ok
14:28:19.0058 1424        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
14:28:19.0089 1424        pcmcia - ok
14:28:19.0104 1424        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:28:19.0104 1424        pcw - ok
14:28:19.0136 1424        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:28:19.0182 1424        PEAUTH - ok
14:28:19.0245 1424        PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
14:28:19.0292 1424        PerfHost - ok
14:28:19.0416 1424        pla            (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
14:28:19.0541 1424        pla - ok
14:28:19.0572 1424        PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
14:28:19.0619 1424        PlugPlay - ok
14:28:19.0635 1424        PNRPAutoReg    (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
14:28:19.0666 1424        PNRPAutoReg - ok
14:28:19.0697 1424        PNRPsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:28:19.0713 1424        PNRPsvc - ok
14:28:19.0744 1424        PolicyAgent    (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
14:28:19.0791 1424        PolicyAgent - ok
14:28:19.0853 1424        Power          (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
14:28:19.0931 1424        Power - ok
14:28:19.0994 1424        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
14:28:20.0072 1424        PptpMiniport - ok
14:28:20.0103 1424        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
14:28:20.0150 1424        Processor - ok
14:28:20.0196 1424        ProfSvc        (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
14:28:20.0259 1424        ProfSvc - ok
14:28:20.0274 1424        ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:28:20.0290 1424        ProtectedStorage - ok
14:28:20.0321 1424        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
14:28:20.0415 1424        Psched - ok
14:28:20.0477 1424        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
14:28:20.0524 1424        ql2300 - ok
14:28:20.0602 1424        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
14:28:20.0633 1424        ql40xx - ok
14:28:20.0649 1424        QWAVE          (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
14:28:20.0696 1424        QWAVE - ok
14:28:20.0711 1424        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:28:20.0758 1424        QWAVEdrv - ok
14:28:20.0805 1424        RapiMgr        (a55e7d0d873b2c97585b3b5926ac6ade) C:\Windows\WindowsMobile\rapimgr.dll
14:28:20.0852 1424        RapiMgr - ok
14:28:20.0852 1424        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:28:20.0898 1424        RasAcd - ok
14:28:20.0930 1424        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:28:20.0992 1424        RasAgileVpn - ok
14:28:21.0008 1424        RasAuto        (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
14:28:21.0070 1424        RasAuto - ok
14:28:21.0101 1424        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:28:21.0179 1424        Rasl2tp - ok
14:28:21.0226 1424        RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
14:28:21.0288 1424        RasMan - ok
14:28:21.0304 1424        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:28:21.0351 1424        RasPppoe - ok
14:28:21.0382 1424        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:28:21.0460 1424        RasSstp - ok
14:28:21.0491 1424        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
14:28:21.0569 1424        rdbss - ok
14:28:21.0600 1424        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
14:28:21.0616 1424        rdpbus - ok
14:28:21.0632 1424        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:28:21.0663 1424        RDPCDD - ok
14:28:21.0678 1424        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:28:21.0725 1424        RDPENCDD - ok
14:28:21.0772 1424        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:28:21.0803 1424        RDPREFMP - ok
14:28:21.0834 1424        RDPWD          (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
14:28:21.0881 1424        RDPWD - ok
14:28:21.0912 1424        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
14:28:21.0959 1424        rdyboost - ok
14:28:21.0975 1424        RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
14:28:22.0053 1424        RemoteAccess - ok
14:28:22.0084 1424        RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
14:28:22.0131 1424        RemoteRegistry - ok
14:28:22.0162 1424        RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
14:28:22.0209 1424        RpcEptMapper - ok
14:28:22.0224 1424        RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
14:28:22.0256 1424        RpcLocator - ok
14:28:22.0287 1424        RpcSs          (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:28:22.0318 1424        RpcSs - ok
14:28:22.0349 1424        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:28:22.0380 1424        rspndr - ok
14:28:22.0427 1424        SamSs          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:28:22.0443 1424        SamSs - ok
14:28:22.0474 1424        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
14:28:22.0474 1424        sbp2port - ok
14:28:22.0505 1424        SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
14:28:22.0552 1424        SCardSvr - ok
14:28:22.0568 1424        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
14:28:22.0661 1424        scfilter - ok
14:28:22.0880 1424        Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
14:28:22.0942 1424        Schedule - ok
14:28:22.0958 1424        SCPolicySvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:28:23.0020 1424        SCPolicySvc - ok
14:28:23.0036 1424        SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
14:28:23.0082 1424        SDRSVC - ok
14:28:23.0129 1424        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:28:23.0207 1424        secdrv - ok
14:28:23.0238 1424        seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
14:28:23.0301 1424        seclogon - ok
14:28:23.0332 1424        SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
14:28:23.0363 1424        SENS - ok
14:28:23.0379 1424        SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
14:28:23.0426 1424        SensrSvc - ok
14:28:23.0441 1424        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
14:28:23.0457 1424        Serenum - ok
14:28:23.0472 1424        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
14:28:23.0504 1424        Serial - ok
14:28:23.0550 1424        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
14:28:23.0597 1424        sermouse - ok
14:28:23.0691 1424        ServiceLayer    (019ab047b932ad277a4da2673e5cc19c) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
14:28:23.0706 1424        ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
14:28:23.0706 1424        ServiceLayer - detected UnsignedFile.Multi.Generic (1)
14:28:23.0753 1424        SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
14:28:23.0816 1424        SessionEnv - ok
14:28:23.0847 1424        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:28:23.0862 1424        sffdisk - ok
14:28:23.0878 1424        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:28:23.0925 1424        sffp_mmc - ok
14:28:23.0940 1424        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
14:28:24.0003 1424        sffp_sd - ok
14:28:24.0034 1424        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
14:28:24.0065 1424        sfloppy - ok
14:28:24.0112 1424        SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
14:28:24.0221 1424        SharedAccess - ok
14:28:24.0268 1424        ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
14:28:24.0346 1424        ShellHWDetection - ok
14:28:24.0362 1424        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:28:24.0393 1424        SiSRaid2 - ok
14:28:24.0393 1424        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
14:28:24.0408 1424        SiSRaid4 - ok
14:28:24.0408 1424        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:28:24.0440 1424        Smb - ok
14:28:24.0471 1424        SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
14:28:24.0502 1424        SNMPTRAP - ok
14:28:24.0533 1424        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:28:24.0564 1424        spldr - ok
14:28:24.0580 1424        Spooler        (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
14:28:24.0642 1424        Spooler - ok
14:28:24.0783 1424        sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
14:28:24.0923 1424        sppsvc - ok
14:28:25.0017 1424        sppuinotify    (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
14:28:25.0095 1424        sppuinotify - ok
14:28:25.0173 1424        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
14:28:25.0251 1424        srv - ok
14:28:25.0266 1424        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
14:28:25.0313 1424        srv2 - ok
14:28:25.0344 1424        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
14:28:25.0391 1424        srvnet - ok
14:28:25.0438 1424        SSDPSRV        (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
14:28:25.0500 1424        SSDPSRV - ok
14:28:25.0547 1424        SstpSvc        (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
14:28:25.0594 1424        SstpSvc - ok
14:28:25.0719 1424        StarMoney 8.0 OnlineUpdate (7e784dc5c7ce2c6f3c392ad320f5f2c0) C:\Program Files (x86)\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
14:28:25.0734 1424        StarMoney 8.0 OnlineUpdate - ok
14:28:25.0797 1424        StatusAgent4    (773940b8d50439391ffa619b3eef01a3) C:\Windows\SysWOW64\SAgent4.exe
14:28:25.0828 1424        StatusAgent4 ( UnsignedFile.Multi.Generic ) - warning
14:28:25.0828 1424        StatusAgent4 - detected UnsignedFile.Multi.Generic (1)
14:28:25.0922 1424        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
14:28:25.0937 1424        stexstor - ok
14:28:26.0000 1424        stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
14:28:26.0046 1424        stisvc - ok
14:28:26.0078 1424        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
14:28:26.0093 1424        swenum - ok
14:28:26.0140 1424        swprv          (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
14:28:26.0187 1424        swprv - ok
14:28:26.0249 1424        SysMain        (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
14:28:26.0312 1424        SysMain - ok
14:28:26.0436 1424        TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
14:28:26.0468 1424        TabletInputService - ok
14:28:26.0499 1424        TapiSrv        (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
14:28:26.0592 1424        TapiSrv - ok
14:28:26.0670 1424        TBS            (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
14:28:26.0717 1424        TBS - ok
14:28:26.0842 1424        Tcpip          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
14:28:26.0920 1424        Tcpip - ok
14:28:27.0092 1424        TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
14:28:27.0123 1424        TCPIP6 - ok
14:28:27.0185 1424        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
14:28:27.0248 1424        tcpipreg - ok
14:28:27.0263 1424        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:28:27.0310 1424        TDPIPE - ok
14:28:27.0341 1424        TDTCP          (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
14:28:27.0388 1424        TDTCP - ok
14:28:27.0435 1424        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
14:28:27.0466 1424        tdx - ok
14:28:27.0622 1424        TeamViewer6    (efd6843c137991cd253ca959e300e886) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
14:28:27.0669 1424        TeamViewer6 - ok
14:28:27.0762 1424        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
14:28:27.0794 1424        TermDD - ok
14:28:27.0840 1424        TermService    (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
14:28:27.0950 1424        TermService - ok
14:28:27.0965 1424        Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
14:28:28.0028 1424        Themes - ok
14:28:28.0059 1424        THREADORDER    (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:28:28.0121 1424        THREADORDER - ok
14:28:28.0152 1424        TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
14:28:28.0230 1424        TrkWks - ok
14:28:28.0293 1424        TrojanKillerDriver (9bf9e809fbb2d5d0403b32b15abe5f30) C:\Windows\system32\DRIVERS\gtkdrv.sys
14:28:28.0308 1424        TrojanKillerDriver - ok
14:28:28.0371 1424        TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
14:28:28.0464 1424        TrustedInstaller - ok
14:28:28.0496 1424        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:28:28.0542 1424        tssecsrv - ok
14:28:28.0558 1424        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
14:28:28.0620 1424        TsUsbFlt - ok
14:28:28.0652 1424        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
14:28:28.0730 1424        tunnel - ok
14:28:28.0761 1424        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
14:28:28.0792 1424        uagp35 - ok
14:28:28.0823 1424        UBHelper        (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
14:28:28.0823 1424        UBHelper - ok
14:28:28.0870 1424        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
14:28:28.0932 1424        udfs - ok
14:28:28.0979 1424        UI0Detect      (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
14:28:29.0010 1424        UI0Detect - ok
14:28:29.0042 1424        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:28:29.0073 1424        uliagpkx - ok
14:28:29.0104 1424        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
14:28:29.0151 1424        umbus - ok
14:28:29.0166 1424        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
14:28:29.0198 1424        UmPass - ok
14:28:29.0260 1424        Updater Service (70dde3a86dbeb1d6c3c30ad687b1877a) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
14:28:29.0291 1424        Updater Service - ok
14:28:29.0338 1424        upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
14:28:29.0432 1424        upnphost - ok
14:28:29.0478 1424        upperdev        (4e93c8496359e97830c75ac36393654d) C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
14:28:29.0525 1424        upperdev - ok
14:28:29.0556 1424        usbccgp        (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
14:28:29.0572 1424        usbccgp - ok
14:28:29.0603 1424        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:28:29.0650 1424        usbcir - ok
14:28:29.0681 1424        usbehci        (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
14:28:29.0712 1424        usbehci - ok
14:28:29.0759 1424        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
14:28:29.0822 1424        usbhub - ok
14:28:29.0853 1424        usbohci        (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
14:28:29.0884 1424        usbohci - ok
14:28:29.0931 1424        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:28:29.0962 1424        usbprint - ok
14:28:29.0993 1424        usbscan        (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
14:28:29.0993 1424        usbscan - ok
14:28:30.0024 1424        usbser          (4acee387fa8fd39f83564fcd2fc234f2) C:\Windows\system32\drivers\usbser.sys
14:28:30.0087 1424        usbser - ok
14:28:30.0102 1424        UsbserFilt      (8844cb19a37b65e27049d4a7786726a9) C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
14:28:30.0165 1424        UsbserFilt - ok
14:28:30.0180 1424        USBSTOR        (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:28:30.0243 1424        USBSTOR - ok
14:28:30.0274 1424        usbuhci        (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
14:28:30.0321 1424        usbuhci - ok
14:28:30.0352 1424        UxSms          (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
14:28:30.0383 1424        UxSms - ok
14:28:30.0414 1424        VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:28:30.0414 1424        VaultSvc - ok
14:28:30.0430 1424        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:28:30.0446 1424        vdrvroot - ok
14:28:30.0477 1424        vds            (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
14:28:30.0555 1424        vds - ok
14:28:30.0586 1424        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:28:30.0602 1424        vga - ok
14:28:30.0617 1424        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:28:30.0695 1424        VgaSave - ok
14:28:30.0742 1424        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
14:28:30.0758 1424        vhdmp - ok
14:28:30.0758 1424        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:28:30.0773 1424        viaide - ok
14:28:30.0789 1424        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
14:28:30.0804 1424        volmgr - ok
14:28:30.0851 1424        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
14:28:30.0867 1424        volmgrx - ok
14:28:30.0882 1424        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
14:28:30.0929 1424        volsnap - ok
14:28:30.0945 1424        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
14:28:30.0960 1424        vsmraid - ok
14:28:31.0038 1424        VSS            (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
14:28:31.0163 1424        VSS - ok
14:28:31.0257 1424        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
14:28:31.0304 1424        vwifibus - ok
14:28:31.0366 1424        W32Time        (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
14:28:31.0413 1424        W32Time - ok
14:28:31.0444 1424        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
14:28:31.0460 1424        WacomPen - ok
14:28:31.0506 1424        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:28:31.0569 1424        WANARP - ok
14:28:31.0569 1424        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:28:31.0600 1424        Wanarpv6 - ok
14:28:31.0709 1424        wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
14:28:31.0787 1424        wbengine - ok
14:28:31.0881 1424        WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
14:28:31.0928 1424        WbioSrvc - ok
14:28:31.0990 1424        WcesComm        (8bda6db43aa54e8bb5e0794541ddc209) C:\Windows\WindowsMobile\wcescomm.dll
14:28:32.0037 1424        WcesComm - ok
14:28:32.0068 1424        wcncsvc        (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
14:28:32.0099 1424        wcncsvc - ok
14:28:32.0115 1424        WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
14:28:32.0130 1424        WcsPlugInService - ok
14:28:32.0177 1424        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
14:28:32.0208 1424        Wd - ok
14:28:32.0240 1424        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:28:32.0255 1424        Wdf01000 - ok
14:28:32.0286 1424        WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:28:32.0380 1424        WdiServiceHost - ok
14:28:32.0396 1424        WdiSystemHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:28:32.0427 1424        WdiSystemHost - ok
14:28:32.0458 1424        WebClient      (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
14:28:32.0505 1424        WebClient - ok
14:28:32.0552 1424        Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
14:28:32.0614 1424        Wecsvc - ok
14:28:32.0630 1424        wercplsupport  (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
14:28:32.0708 1424        wercplsupport - ok
14:28:32.0723 1424        WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
14:28:32.0801 1424        WerSvc - ok
14:28:32.0864 1424        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:28:32.0926 1424        WfpLwf - ok
14:28:32.0942 1424        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:28:32.0942 1424        WIMMount - ok
14:28:32.0988 1424        WinDefend - ok
14:28:33.0004 1424        WinHttpAutoProxySvc - ok
14:28:33.0066 1424        Winmgmt        (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
14:28:33.0129 1424        Winmgmt - ok
14:28:33.0238 1424        WinRM          (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
14:28:33.0332 1424        WinRM - ok
14:28:33.0425 1424        WINUSB          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
14:28:33.0488 1424        WINUSB - ok
14:28:33.0534 1424        Wlansvc        (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
14:28:33.0581 1424        Wlansvc - ok
14:28:33.0597 1424        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
14:28:33.0612 1424        WmiAcpi - ok
14:28:33.0675 1424        wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
14:28:33.0722 1424        wmiApSrv - ok
14:28:33.0784 1424        WMPNetworkSvc - ok
14:28:33.0815 1424        WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
14:28:33.0862 1424        WPCSvc - ok
14:28:33.0893 1424        WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
14:28:33.0909 1424        WPDBusEnum - ok
14:28:33.0940 1424        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:28:33.0987 1424        ws2ifsl - ok
14:28:34.0018 1424        wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
14:28:34.0065 1424        wscsvc - ok
14:28:34.0080 1424        WSearch - ok
14:28:34.0174 1424        wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
14:28:34.0252 1424        wuauserv - ok
14:28:34.0346 1424        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
14:28:34.0424 1424        WudfPf - ok
14:28:34.0455 1424        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:28:34.0517 1424        WUDFRd - ok
14:28:34.0548 1424        wudfsvc        (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
14:28:34.0611 1424        wudfsvc - ok
14:28:34.0626 1424        WwanSvc        (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
14:28:34.0673 1424        WwanSvc - ok
14:28:34.0704 1424        MBR (0x1B8)    (70e629b51c16b3c007730c6ae57144c9) \Device\Harddisk0\DR0
14:28:37.0731 1424        \Device\Harddisk0\DR0 - ok
14:28:37.0746 1424        Boot (0x1200)  (022497c1b7bcad2d5ceea13edfa891a2) \Device\Harddisk0\DR0\Partition0
14:28:37.0746 1424        \Device\Harddisk0\DR0\Partition0 - ok
14:28:37.0778 1424        Boot (0x1200)  (7482f6400504c655fa12ee7531016063) \Device\Harddisk0\DR0\Partition1
14:28:37.0778 1424        \Device\Harddisk0\DR0\Partition1 - ok
14:28:37.0793 1424        Boot (0x1200)  (f69b5289f6055b0687bad685292f1689) \Device\Harddisk0\DR0\Partition2
14:28:37.0809 1424        \Device\Harddisk0\DR0\Partition2 - ok
14:28:37.0809 1424        ============================================================
14:28:37.0809 1424        Scan finished
14:28:37.0809 1424        ============================================================
14:28:37.0824 3116        Detected object count: 3
14:28:37.0824 3116        Actual detected object count: 3
14:59:29.0052 3116        EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - skipped by user
14:59:29.0052 3116        EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:59:29.0052 3116        ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
14:59:29.0052 3116        ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:59:29.0052 3116        StatusAgent4 ( UnsignedFile.Multi.Generic ) - skipped by user
14:59:29.0052 3116        StatusAgent4 ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 24.06.2012 14:57
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

katolan 24.06.2012 21:08
Hallo, hier das Logfile vom Combofix. Er hat mir am Anfang gesagt, dass das Avira noch aktiv wäre, obwohl ich es auf "AUS" gestellt habe. Es lief dann aber trotzdem glatt durch...
Sorry, ich weiß nicht was ich anders hätte machen müssen. Ich hoffe, es hat trotzdem alles geklappt.

Code:
ComboFix 12-06-24.03 - Lander 24.06.2012  21:29:55.1.2 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.3071.1988 [GMT 2:00]
ausgeführt von:: c:\users\Lander\Downloads\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\Acer GameZone online.ico
c:\program files (x86)\DealPly
c:\program files (x86)\DealPly\DealPlyTune.dll
c:\program files (x86)\DealPly\sqlite3.dll
c:\programdata\lame_enc.dll
c:\users\Elisabeth\~WRL0002.tmp
c:\windows\IsUn0407.exe
c:\windows\system32\drivers\etc\hosts.txt
c:\windows\SysWow64\CddbCdda.dll
c:\windows\SysWow64\ChilkatMail_v7_9.dll
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-05-24 bis 2012-06-24  ))))))))))))))))))))))))))))))
.
.
2012-06-24 19:41 . 2012-06-24 19:41        --------        d-----w-        c:\users\Josefine\AppData\Local\temp
2012-06-24 19:41 . 2012-06-24 19:41        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-06-24 19:41 . 2012-06-24 19:41        --------        d-----w-        c:\users\Elisabeth\AppData\Local\temp
2012-06-22 05:54 . 2012-06-02 22:19        2428952        ----a-w-        c:\windows\system32\wuaueng.dll
2012-06-22 05:54 . 2012-06-02 22:19        57880        ----a-w-        c:\windows\system32\wuauclt.exe
2012-06-22 05:54 . 2012-06-02 22:19        44056        ----a-w-        c:\windows\system32\wups2.dll
2012-06-22 05:54 . 2012-06-02 22:15        2622464        ----a-w-        c:\windows\system32\wucltux.dll
2012-06-22 05:54 . 2012-06-02 22:19        38424        ----a-w-        c:\windows\system32\wups.dll
2012-06-22 05:54 . 2012-06-02 22:19        701976        ----a-w-        c:\windows\system32\wuapi.dll
2012-06-22 05:54 . 2012-06-02 22:15        99840        ----a-w-        c:\windows\system32\wudriver.dll
2012-06-22 05:54 . 2012-06-02 13:19        186752        ----a-w-        c:\windows\system32\wuwebv.dll
2012-06-22 05:54 . 2012-06-02 13:15        36864        ----a-w-        c:\windows\system32\wuapp.exe
2012-06-20 20:33 . 2012-06-20 20:33        --------        d-----w-        c:\program files (x86)\ESET
2012-06-18 12:27 . 2012-06-18 12:46        --------        d-----w-        c:\program files (x86)\GridinSoft Trojan Killer
2012-06-13 06:39 . 2012-04-26 05:41        77312        ----a-w-        c:\windows\system32\rdpwsx.dll
2012-06-13 06:39 . 2012-04-26 05:41        149504        ----a-w-        c:\windows\system32\rdpcorekmts.dll
2012-06-13 06:39 . 2012-04-26 05:34        9216        ----a-w-        c:\windows\system32\rdrmemptylst.exe
2012-06-09 06:49 . 2012-06-09 06:49        --------        d-----w-        c:\users\Josefine\AppData\Roaming\Malwarebytes
2012-06-07 21:26 . 2012-06-07 21:26        --------        d-----w-        C:\_OTL
2012-06-07 20:58 . 2012-06-07 20:58        --------        d-----w-        c:\users\Lander\AppData\Roaming\Malwarebytes
2012-06-07 20:58 . 2012-06-07 20:58        --------        d-----w-        c:\programdata\Malwarebytes
2012-06-07 20:58 . 2012-04-04 13:56        24904        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-06-07 20:58 . 2012-06-07 20:58        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-24 19:25 . 2012-05-15 08:02        70344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-24 19:25 . 2012-05-15 08:02        426184        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-16 06:30 . 2012-05-16 06:26        1664        ----a-w-        c:\windows\system32\ASOROSet.bin
2012-05-09 06:20 . 2012-04-12 16:03        98848        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2012-05-09 06:20 . 2012-04-12 16:03        132832        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-04-10 17:51 . 2010-08-18 18:55        2300696        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-04-10 17:51 . 2010-08-18 18:55        42776        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-03-30 11:35 . 2012-05-12 12:49        1918320        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2012-03-30 10:14 . 2012-05-15 08:00        18816        ----a-w-        c:\windows\system32\roboot64.exe
2010-12-10 13:27 . 2010-11-08 20:45        1456640        ----a-w-        c:\program files (x86)\Common Files\Falk Navi-Manager.msi
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"dradio-RecorderTimer"="c:\program files (x86)\dradio-Recorder\phonostarTimer.exe" [2010-11-23 39936]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-08-12 261888]
"Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2009-08-18 629280]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-06-04 843776]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"PCSuiteTrayApplication"="c:\program files (x86)\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-09 348624]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files (x86)\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]
.
c:\users\Josefine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-27 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-24 250056]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-27 136176]
R3 TrojanKillerDriver;GridinSoft Trojan Killer Driver;c:\windows\system32\DRIVERS\gtkdrv.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 acedrv09;acedrv09;c:\windows\system32\drivers\acedrv09.sys [x]
S2 acehlp09;acehlp09;c:\windows\system32\drivers\acehlp09.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-09 86224]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-08-12 62208]
S2 StarMoney 8.0 OnlineUpdate;StarMoney 8.0 OnlineUpdate;c:\program files (x86)\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [2012-02-23 690352]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-15 2280312]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-15 19:25]
.
2012-06-20 c:\windows\Tasks\Epson Printer Software Downloader.job
- c:\program files (x86)\EPSON\EPAPDL\E_SAPDL2.EXE [2009-05-26 09:43]
.
2012-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-27 18:02]
.
2012-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-27 18:02]
.
2010-08-17 c:\windows\Tasks\Install.job
- c:\windows\SysWOW64\Adobe\Shockwave 11\nssstub.exe [2010-08-13 12:46]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.sz-online.de/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_x1301&r=17360510sn07974280275bh4n1291q
mLocal Page = c:\windows\SysWOW64\blank.htm
LSP: %SYSTEMROOT%\system32\nvLsp.dll
TCP: DhcpNameServer = 192.168.2.1
DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{990AF1C2-5A27-4460-8149-ECC6BC122AF3} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Abenteuer auf dem Reiterhof - c:\windows\IsUn0407.exe
AddRemove-Adobe Acrobat 5.0 - c:\windows\ISUN0407.EXE
AddRemove-BabylonToolbar - c:\program files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\uninstall.exe
AddRemove-Geheimagentin Barbie(tm) - c:\windows\IsUn0407.exe
AddRemove-Music Converter - c:\program files (x86)\MusicConverter\Uninstall\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-06-24  22:00:20
ComboFix-quarantined-files.txt  2012-06-24 20:00
.
Vor Suchlauf: 14 Verzeichnis(se), 73.810.284.544 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 73.730.760.704 Bytes frei
.
- - End Of File - - 2E196A3A82D58228FA052F5B1600C494
Gruß katolan


Alle Zeitangaben in WEZ +1. Es ist jetzt 18:05 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131