Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Babylon Search im Firefox (https://www.trojaner-board.de/119501-babylon-search-firefox.html)

Gargamel456 14.07.2012 17:47
Babylon Search im Firefox
 
Hallo Trojaner-Board Team,

ich habe vor 2 Wochen beim Download einer Freeware (leider kann ich mich nicht mehr an den Namen erinnern, da ich es wieder deinstalliert habe) mir Babylon Search eingefangen, was nun in meinem Firefox (und Internet-Explorer, den ich aber nie benutze) steckt und sich nicht entfernen lässt. Hatte Babylon schon über systemsteuerung entfernt, auch rechts oben in der Suchleiste wieder google eingestellt, das babylon add on entfernt sowe google als startseite für jeden neuen tab gesetzt, trotzdem kommt jedes mal wenn ich einen neuen tab öffne automatisch dieses Babylon search wieder, was ausserdem den firefox etwas verlangsamt hat. Gibt es irgendwelche tipps, wie ich das wieder loswerde?

Ich bin über jede Hilfe dankbar.

Viele Grüße
Gargamel

cosinus 16.07.2012 21:19
Bitte erstmal routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

Gargamel456 18.07.2012 00:18
Hier der Malwarebytes Log, ESET folgt morgen...

Code:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.17.14

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Arne :: ARNE-HP [Administrator]

17.07.2012 23:43:01
mbam-log-2012-07-17 (23-43-01).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|Q:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 352692
Laufzeit: 1 Stunde(n), 20 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Arne\Desktop\Desktop Stuff\Daten 20.10.2011\Downloads\SoftonicDownloader_fuer_free-rar-extract-frog.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Gargamel456 18.07.2012 22:13
Liste der Anhänge anzeigen (Anzahl: 1)
Ich wollte gerade ESET ausführen, allerdings konnte ich die Windows Firewall nicht deaktivieren. In dem Fenster, wo man das machen soll, kommt folgendes Fenster (siehe anhang). Soll ich den scan trotzdem ausführen oder wie kann ich die firewall deaktivieren?

cosinus 19.07.2012 16:44
Die Windows-Firewall kann und sollte aktiviert bleiben! Sie muss nicht deaktiviert werden für ESET

Gargamel456 22.07.2012 14:10
Okay hier der ESET log:

Code:
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=d565c16021369244a29613f4f858ab1e
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-20 08:17:35
# local_time=2012-07-20 10:17:35 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 19778142 19778142 0 0
# compatibility_mode=5893 16776574 66 94 22207343 94437600 0 0
# compatibility_mode=8192 67108863 100 0 162556 162556 0 0
# scanned=48167
# found=0
# cleaned=0
# scan_time=7704
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=d565c16021369244a29613f4f858ab1e
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-21 12:24:19
# local_time=2012-07-21 02:24:19 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 19810769 19810769 0 0
# compatibility_mode=5893 16776574 66 94 22239970 94470227 0 0
# compatibility_mode=8192 67108863 100 0 195183 195183 0 0
# scanned=154546
# found=2
# cleaned=0
# scan_time=33081
C:\Users\Arne\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbar4ie.exe        Win32/Toolbar.Babylon application (unable to clean)        00000000000000000000000000000000        I
C:\Users\Arne\AppData\Local\Temp\is357113909\MyBabylonTB.exe        Win32/Toolbar.Babylon application (unable to clean)        00000000000000000000000000000000        I

cosinus 23.07.2012 14:30
adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

Gargamel456 24.07.2012 21:13
Okay, hier ist das logfile von dem AdwCleaner:

Code:
# AdwCleaner v1.703 - Logfile created 07/24/2012 at 22:10:43
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Arne - ARNE-HP
# Running from : C:\Users\Arne\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Arne\AppData\Local\Temp\BabylonToolbar
Folder Found : C:\Users\Arne\AppData\LocalLow\boost_interprocess
Folder Found : C:\Users\Arne\AppData\Roaming\Babylon
Folder Found : C:\ProgramData\Babylon
File Found : C:\Users\Public\Desktop\eBay.lnk
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml

***** [Registry] *****

Key Found : HKLM\SOFTWARE\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
[x64] Key Found : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=110819&tt=280612_8_&babsrc=HP_ss&mntrId=28137fb800000000000090004e5e7500

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default
File : C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\76jv5ydo.default\prefs.js

Found : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Found : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=110819&tt=280612_8_&babsrc=NT_ss&m[...]
Found : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Found : user_pref("browser.search.order.1", "Search the web (Babylon)");
Found : user_pref("extensions.BabylonToolbar.admin", false);
Found : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar.babExt", "");
Found : user_pref("extensions.BabylonToolbar.babTrack", "affID=110819&tt=280612_8_");
Found : user_pref("extensions.BabylonToolbar.bbDpng", 2);
Found : user_pref("extensions.BabylonToolbar.dfltSrch", false);
Found : user_pref("extensions.BabylonToolbar.hmpg", false);
Found : user_pref("extensions.BabylonToolbar.id", "28137fb800000000000090004e5e7500");
Found : user_pref("extensions.BabylonToolbar.instlDay", "15520");
Found : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar.lastDP", 2);
Found : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1720:41:46");
Found : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "13.0");
Found : user_pref("extensions.BabylonToolbar.newTab", true);
Found : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
Found : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Found : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar.propectorlck", 79824946);
Found : user_pref("extensions.BabylonToolbar.prtkDS", 1);
Found : user_pref("extensions.BabylonToolbar.prtkHmpg", 1);
Found : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Found : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Found : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
Found : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
Found : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1720:41:46");
Found : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110819&tt=280612_8_");
Found : user_pref("extensions.BabylonToolbar_i.hardId", "28137fb800000000000090004e5e7500");
Found : user_pref("extensions.BabylonToolbar_i.id", "28137fb800000000000090004e5e7500");
Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15520");
Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar_i.newTab", true);
Found : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=110819&tt=28061[...]
Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1720:41:46");
Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Found : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=110819&tt=280612_8_&babsrc=KW_ss&mntrId=2[...]

*************************

AdwCleaner[R1].txt - [6374 octets] - [24/07/2012 22:10:43]

########## EOF - C:\AdwCleaner[R1].txt - [6502 octets] ##########

cosinus 24.07.2012 22:06
adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.


Hätte danach mal drei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
3.) Die Toolbar bzw. Weiterleitung nun weg?

Gargamel456 24.07.2012 23:00
Hier der neue log:

Code:
# AdwCleaner v1.703 - Logfile created 07/24/2012 at 23:39:00
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Arne - ARNE-HP
# Running from : C:\Users\Arne\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Arne\AppData\Local\Temp\BabylonToolbar
Folder Deleted : C:\Users\Arne\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Arne\AppData\Roaming\Babylon
Folder Deleted : C:\ProgramData\Babylon
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=110819&tt=280612_8_&babsrc=HP_ss&mntrId=28137fb800000000000090004e5e7500 --> hxxp://www.google.com

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default
File : C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\76jv5ydo.default\prefs.js

C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\76jv5ydo.default\user.js ... Deleted !

Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Deleted : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=110819&tt=280612_8_&babsrc=NT_ss&m[...]
Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=110819&tt=280612_8_");
Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 2);
Deleted : user_pref("extensions.BabylonToolbar.dfltSrch", false);
Deleted : user_pref("extensions.BabylonToolbar.hmpg", false);
Deleted : user_pref("extensions.BabylonToolbar.id", "28137fb800000000000090004e5e7500");
Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15520");
Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar.lastDP", 2);
Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1720:41:46");
Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "13.0");
Deleted : user_pref("extensions.BabylonToolbar.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
Deleted : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 79824946);
Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 1);
Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 1);
Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1720:41:46");
Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110819&tt=280612_8_");
Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "28137fb800000000000090004e5e7500");
Deleted : user_pref("extensions.BabylonToolbar_i.id", "28137fb800000000000090004e5e7500");
Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15520");
Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=110819&tt=28061[...]
Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1720:41:46");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Deleted : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=110819&tt=280612_8_&babsrc=KW_ss&mntrId=2[...]

*************************

AdwCleaner[R1].txt - [6489 octets] - [24/07/2012 22:10:43]
AdwCleaner[S1].txt - [6109 octets] - [24/07/2012 23:39:00]

########## EOF - C:\AdwCleaner[S1].txt - [6237 octets] ##########
Zu den Fragen:

1.) Windows ging die ganze Zeit uneingeschränkt
2.) Ich würde sagen dass alles vorhanden ist...
3.) Ja, die Toolbar und die Weiterleitung sind tatsächlich weg!

cosinus 25.07.2012 09:38
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Gargamel456 25.07.2012 17:55
Alles klar, hier ist das OTL logfile:

Code:
OTL logfile created on: 25.07.2012 18:36:19 - Run 1
OTL by OldTimer - Version 3.2.54.1    Folder = C:\Users\Arne\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,95 Gb Total Physical Memory | 2,59 Gb Available Physical Memory | 65,49% Memory free
7,90 Gb Paging File | 6,14 Gb Available in Paging File | 77,73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450,66 Gb Total Space | 352,32 Gb Free Space | 78,18% Space Free | Partition Type: NTFS
Drive D: | 14,81 Gb Total Space | 1,62 Gb Free Space | 10,93% Space Free | Partition Type: NTFS
Drive F: | 99,02 Mb Total Space | 88,76 Mb Free Space | 89,63% Space Free | Partition Type: FAT32
 
Computer Name: ARNE-HP | User Name: Arne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Arne\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Arne\AppData\Local\Temp\Temp1_WakeupOnStandBy117.zip\wosb.exe (www.dennisbabkin.com)
PRC - C:\Users\Arne\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe (Hewlett-Packard Development Company L.P.)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\b1acb6d21dd13ae76f360354dc8f8de3\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\e2ed613308593613ac154671c7549c26\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (hpCMSrv) -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe (Hewlett-Packard Development Company L.P.)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard Company)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (CLKMSVC10_38F51D56) -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe (CyberLink)
SRV - (STacSV) -- C:\Programme\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (HPClientSvc) -- C:\Programme\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (ggsemc) -- C:\Windows\SysNative\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (ggflt) -- C:\Windows\SysNative\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (s117unic) -- C:\Windows\SysNative\drivers\s117unic.sys (MCCI Corporation)
DRV:64bit: - (s117obex) -- C:\Windows\SysNative\drivers\s117obex.sys (MCCI Corporation)
DRV:64bit: - (s117nd5) -- C:\Windows\SysNative\drivers\s117nd5.sys (MCCI Corporation)
DRV:64bit: - (s117mdm) -- C:\Windows\SysNative\drivers\s117mdm.sys (MCCI Corporation)
DRV:64bit: - (s117mgmt) -- C:\Windows\SysNative\drivers\s117mgmt.sys (MCCI Corporation)
DRV:64bit: - (s117mdfl) -- C:\Windows\SysNative\drivers\s117mdfl.sys (MCCI Corporation)
DRV:64bit: - (s117bus) -- C:\Windows\SysNative\drivers\s117bus.sys (MCCI Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{4AAE14DA-D382-4F01-A3AD-8D9BE20FD9F0}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{4AAE14DA-D382-4F01-A3AD-8D9BE20FD9F0}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3992862711-2143917435-1754787543-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
IE - HKU\S-1-5-21-3992862711-2143917435-1754787543-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-3992862711-2143917435-1754787543-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-3992862711-2143917435-1754787543-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-3992862711-2143917435-1754787543-1000\..\SearchScopes\{4AAE14DA-D382-4F01-A3AD-8D9BE20FD9F0}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKU\S-1-5-21-3992862711-2143917435-1754787543-1000\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKU\S-1-5-21-3992862711-2143917435-1754787543-1000\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-3992862711-2143917435-1754787543-1000\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
IE - HKU\S-1-5-21-3992862711-2143917435-1754787543-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3992862711-2143917435-1754787543-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.05 16:50:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.23 21:37:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.11.23 19:45:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.23 21:37:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.11.23 19:45:08 | 000,000,000 | ---D | M]
 
[2011.10.27 20:35:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Arne\AppData\Roaming\mozilla\Extensions
[2012.07.02 23:35:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Arne\AppData\Roaming\mozilla\Firefox\Profiles\76jv5ydo.default\extensions
[2012.04.29 04:22:14 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Arne\AppData\Roaming\mozilla\Firefox\Profiles\76jv5ydo.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.10.27 20:34:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.07.23 21:37:23 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.26 20:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.07.23 21:37:21 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.23 21:37:21 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.07.23 21:37:21 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.23 21:37:21 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.23 21:37:21 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.23 21:37:21 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-3992862711-2143917435-1754787543-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3992862711-2143917435-1754787543-1000..\Run: [WOSB2] C:\Users\Arne\AppData\Local\Temp\Temp1_WakeupOnStandBy117.zip\wosb.exe (www.dennisbabkin.com)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Arne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Arne\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Arne\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Arne\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 87.216.1.65 87.216.1.66
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1CA8AC9C-9534-4F01-B422-9799409BBDEC}: DhcpNameServer = 87.216.1.65 87.216.1.66
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{86F57602-70B8-49A8-BEBA-DE5B962D5A11}: DhcpNameServer = 87.216.1.65 87.216.1.66
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: BFE - Service
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MPSSvc - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: BFE - Service
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MPSSvc - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.25 18:31:42 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Arne\Desktop\OTL.exe
[2012.07.25 00:09:27 | 000,000,000 | ---D | C] -- C:\Windows\de
[2012.07.24 23:59:44 | 000,000,000 | ---D | C] -- C:\Users\Arne\AppData\Local\{C9C4AD9B-18CE-42E4-9879-C8A1611D2376}
[2012.07.24 23:59:33 | 000,000,000 | ---D | C] -- C:\Users\Arne\AppData\Local\{DB6D3776-1295-45BC-8AE2-A398AF256F0A}
[2012.07.23 22:43:26 | 000,000,000 | ---D | C] -- C:\Users\Arne\AppData\Local\{B909221E-7855-43B4-B4DA-E8ADE0DA86AE}
[2012.07.23 22:43:16 | 000,000,000 | ---D | C] -- C:\Users\Arne\AppData\Local\{F8A83073-D9F4-41E4-ABFB-19DBE480476A}
[2012.07.20 20:13:37 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.07.18 22:59:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.07.17 23:41:58 | 000,000,000 | ---D | C] -- C:\Users\Arne\AppData\Roaming\Malwarebytes
[2012.07.17 23:41:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.17 23:41:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.17 23:41:46 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.17 23:41:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.14 17:08:01 | 000,000,000 | ---D | C] -- C:\Users\Arne\AppData\Local\{5304F3E1-5281-4EF0-A4B2-701419D8D54D}
[2012.07.14 17:07:51 | 000,000,000 | ---D | C] -- C:\Users\Arne\AppData\Local\{FE6595C8-AC3F-4A0E-AE96-3105DEA9EF64}
[2012.07.04 00:28:54 | 000,000,000 | ---D | C] -- C:\Users\Arne\Desktop\Bilder April - Juli 2012
[2012.07.03 23:39:38 | 000,000,000 | ---D | C] -- C:\Users\Arne\Desktop\ipod kram
[2012.07.03 23:26:15 | 000,000,000 | ---D | C] -- C:\Users\Arne\AppData\Roaming\Apple Computer
[2012.07.03 23:26:15 | 000,000,000 | ---D | C] -- C:\Users\Arne\AppData\Local\Apple Computer
[2012.07.03 23:26:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.07.03 23:26:02 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2012.07.03 23:25:35 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.07.03 23:25:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012.07.03 23:25:35 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.07.03 23:25:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012.07.03 23:25:35 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2012.07.03 23:24:19 | 000,000,000 | ---D | C] -- C:\Users\Arne\AppData\Local\Apple
[2012.07.03 23:24:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012.07.03 23:23:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012.07.03 23:23:44 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012.07.03 23:23:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012.07.03 23:23:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012.07.03 23:23:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2012.06.29 20:46:42 | 000,000,000 | ---D | C] -- C:\Users\Arne\AppData\Local\Windows Live
[2012.06.29 20:46:21 | 000,000,000 | ---D | C] -- C:\Users\Arne\AppData\Local\{7B4827C2-DB43-45C1-8E92-A5B0F208F27E}
[2012.06.29 20:46:20 | 000,000,000 | ---D | C] -- C:\Users\Arne\AppData\Local\{6DF5C0D0-1D2E-48F6-99CD-9DBFF07A1608}
[2012.06.29 20:34:00 | 000,000,000 | ---D | C] -- C:\Users\Arne\AppData\Roaming\WindSolutions
[2012.06.29 20:33:59 | 000,000,000 | ---D | C] -- C:\ProgramData\WindSolutions
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.25 18:38:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.25 18:31:42 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Arne\Desktop\OTL.exe
[2012.07.25 18:17:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.25 11:14:58 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.25 11:14:58 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.25 11:07:14 | 3180,220,416 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.24 22:20:50 | 001,500,254 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.24 22:20:50 | 000,654,844 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.24 22:20:50 | 000,616,686 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.24 22:20:50 | 000,130,426 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.24 22:20:50 | 000,106,808 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.24 22:10:07 | 000,632,049 | ---- | M] () -- C:\Users\Arne\Desktop\adwcleaner.exe
[2012.07.21 05:12:15 | 000,307,520 | ---- | M] () -- C:\Users\Arne\Desktop\photo.php
[2012.07.18 23:11:53 | 000,090,607 | ---- | M] () -- C:\Users\Arne\Desktop\Unbenannt.png
[2012.07.17 23:41:47 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.16 01:09:23 | 000,102,288 | ---- | M] () -- C:\Users\Arne\Desktop\553362_10150890763281481_918122341_n.jpg
[2012.07.16 00:32:32 | 000,469,112 | ---- | M] () -- C:\Users\Arne\Desktop\landkarte_spanien - Kopie - Kopie.jpg
[2012.07.14 02:20:50 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForArne.job
[2012.07.12 22:14:56 | 002,853,534 | ---- | M] () -- C:\Users\Arne\Desktop\IMG_1992.JPG
[2012.07.12 22:14:22 | 002,946,436 | ---- | M] () -- C:\Users\Arne\Desktop\IMG_1991.JPG
[2012.07.12 22:14:22 | 002,946,436 | ---- | M] () -- C:\Users\Arne\Desktop\IMG_1991 (2).JPG
[2012.07.11 21:28:31 | 000,276,216 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.29 20:41:47 | 000,000,500 | ---- | M] () -- C:\user.js
 
========== Files Created - No Company Name ==========
 
[2012.07.24 22:10:07 | 000,632,049 | ---- | C] () -- C:\Users\Arne\Desktop\adwcleaner.exe
[2012.07.21 05:12:14 | 000,307,520 | ---- | C] () -- C:\Users\Arne\Desktop\photo.php
[2012.07.18 23:11:52 | 000,090,607 | ---- | C] () -- C:\Users\Arne\Desktop\Unbenannt.png
[2012.07.17 23:41:47 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.16 01:09:23 | 000,102,288 | ---- | C] () -- C:\Users\Arne\Desktop\553362_10150890763281481_918122341_n.jpg
[2012.07.13 00:41:28 | 002,622,437 | ---- | C] () -- C:\Users\Arne\Desktop\DSC04874.JPG
[2012.07.12 23:56:03 | 002,853,534 | ---- | C] () -- C:\Users\Arne\Desktop\IMG_1992.JPG
[2012.07.12 23:55:32 | 002,946,436 | ---- | C] () -- C:\Users\Arne\Desktop\IMG_1991 (2).JPG
[2012.07.12 23:55:15 | 002,946,436 | ---- | C] () -- C:\Users\Arne\Desktop\IMG_1991.JPG
[2012.07.07 01:42:44 | 000,469,112 | ---- | C] () -- C:\Users\Arne\Desktop\landkarte_spanien - Kopie - Kopie.jpg
[2012.07.03 23:24:17 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012.06.29 20:36:59 | 000,000,500 | ---- | C] () -- C:\user.js
[2012.04.01 13:13:05 | 000,002,048 | -HS- | C] () -- C:\Users\Arne\AppData\Local\319bb7b7\@
[2011.10.27 22:26:10 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.06.01 01:45:37 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.06.01 01:42:46 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2011.06.01 01:39:23 | 000,003,054 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2011.06.01 01:35:39 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011.05.14 21:50:25 | 000,000,068 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2011.03.03 21:04:58 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2011.01.13 06:44:04 | 000,003,054 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.01.08 03:40:40 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.01.08 03:40:40 | 000,207,376 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.01.08 03:40:40 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2010.12.17 04:26:22 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
 
========== LOP Check ==========
 
[2012.04.29 16:14:19 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Canneverbe Limited
[2012.07.25 11:07:54 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Dropbox
[2012.04.29 04:22:19 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\DVDVideoSoft
[2012.04.29 04:22:14 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.10.27 22:09:55 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\PDF Writer
[2012.07.18 01:10:48 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\SoftGrid Client
[2011.10.27 20:22:49 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Synaptics
[2011.10.27 22:27:00 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\TP
[2012.07.03 23:33:21 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\WindSolutions
[2012.06.03 03:10:05 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.10.27 21:06:52 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Adobe
[2012.07.03 23:27:14 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Apple Computer
[2011.10.27 20:23:52 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\ATI
[2011.12.04 23:18:50 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Avira
[2012.04.29 16:14:19 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Canneverbe Limited
[2011.11.22 22:24:29 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\CyberLink
[2012.02.06 02:46:48 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\DivX
[2012.07.25 11:07:54 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Dropbox
[2012.04.29 04:22:19 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\DVDVideoSoft
[2012.04.29 04:22:14 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.01.13 00:06:07 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Hewlett-Packard
[2011.10.28 10:49:26 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\hpqlog
[2011.10.27 20:22:18 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Identities
[2011.10.27 20:22:55 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Intel Corporation
[2011.10.27 20:25:28 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Macromedia
[2012.07.17 23:41:58 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Malwarebytes
[2011.06.01 11:31:50 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Media Center Programs
[2012.07.18 23:02:11 | 000,000,000 | --SD | M] -- C:\Users\Arne\AppData\Roaming\Microsoft
[2011.10.27 20:35:35 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Mozilla
[2011.10.27 22:09:55 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\PDF Writer
[2012.07.25 18:33:58 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Skype
[2012.07.18 01:10:48 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\SoftGrid Client
[2011.10.27 20:22:49 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Synaptics
[2011.10.27 22:27:00 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\TP
[2012.07.24 23:45:47 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Winamp
[2012.07.03 23:33:21 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\WindSolutions
 
< %APPDATA%\*.exe /s >
[2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Arne\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2012.05.24 20:39:24 | 000,872,144 | ---- | M] (Dropbox, Inc.) -- C:\Users\Arne\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe
[2012.05.24 20:39:56 | 000,177,280 | ---- | M] (Dropbox, Inc.) -- C:\Users\Arne\AppData\Roaming\Dropbox\bin\Uninstall.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2011.01.12 17:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Windows\SysNative\drivers\iaStor.sys
[2011.01.12 17:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_a36325196df56f7d\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >
und hier das extras.txt

Code:
OTL Extras logfile created on: 25.07.2012 18:36:19 - Run 1
OTL by OldTimer - Version 3.2.54.1    Folder = C:\Users\Arne\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,95 Gb Total Physical Memory | 2,59 Gb Available Physical Memory | 65,49% Memory free
7,90 Gb Paging File | 6,14 Gb Available in Paging File | 77,73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450,66 Gb Total Space | 352,32 Gb Free Space | 78,18% Space Free | Partition Type: NTFS
Drive D: | 14,81 Gb Total Space | 1,62 Gb Free Space | 10,93% Space Free | Partition Type: NTFS
Drive F: | 99,02 Mb Total Space | 88,76 Mb Free Space | 89,63% Space Free | Partition Type: FAT32
 
Computer Name: ARNE-HP | User Name: Arne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3992862711-2143917435-1754787543-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08367DBF-91C2-4DE7-B257-DB2CBABCF187}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{09CDC6F9-D7AA-4326-95CD-FBAC706E912A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{0FD0090A-8177-4E46-A070-3070ED5E9AC4}" = lport=10243 | protocol=6 | dir=in | app=system |
"{23E6BD5C-BA45-496C-8FA2-8238F84E1218}" = lport=139 | protocol=6 | dir=in | app=system |
"{2527E7F7-0DA1-4D1D-82CA-14019FDE291E}" = rport=445 | protocol=6 | dir=out | app=system |
"{34610368-31D5-4C49-83E6-A620E24D23F0}" = lport=445 | protocol=6 | dir=in | app=system |
"{41235476-20DF-407F-B902-26237A6149DF}" = rport=138 | protocol=17 | dir=out | app=system |
"{43FA6E26-4181-4C83-9811-18C5D1F1C01D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5D771650-3DBB-4818-A7D8-0CCD48992E27}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{743D7DC8-AE3B-4FED-8D5B-163B0523449D}" = rport=137 | protocol=17 | dir=out | app=system |
"{7DF6C254-FA7C-410F-A1E5-74156FB7D286}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{942F1AE1-71B9-4A2F-89B8-E9727839E958}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{A50B3A6D-D517-44CD-A6F1-2A94E040F24F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A65FF9F8-76F4-4AA2-97B1-A8506DA0883D}" = rport=139 | protocol=6 | dir=out | app=system |
"{B618389E-4125-4525-9C05-C2145921A8FF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BB3E1FF8-1DA8-43B8-9FA6-B560F8C3F24F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BDDBE0F0-C2EF-454F-B6CE-D2F49126B5CF}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C5D91E69-F6B5-4633-A35D-4D6EDF9EC923}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CBD85E03-D8A9-457A-B060-D65A9313E279}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DDCBFD5A-8B67-4695-B450-632F71246994}" = lport=137 | protocol=17 | dir=in | app=system |
"{E45F1677-E4E4-452D-BF9B-A66F6F3D8B54}" = lport=138 | protocol=17 | dir=in | app=system |
"{F09D509F-44FB-4DC9-9A85-3E1D51953E17}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F6375602-1EB2-4F5C-B79A-4CA1114E702B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A2844AF-009C-487E-89C1-858D3F3E8A80}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update service\update service.exe |
"{0B31F7EB-9C46-4FD9-A06B-443B010AD00B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{2A3F9335-BE6C-4BB1-88A9-E0C9DEDCA203}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2A7275EE-3833-451F-A641-A2A5205E6AE5}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{2CF62D6E-C64C-432A-863D-1B75371CE59D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2E6EA67C-C30D-4CC2-971C-7E6080B39A05}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{487BB040-4D4D-4E5C-B832-78E0D33DDBD5}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{49651342-4441-4855-9CA4-B05704D18B96}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4B153B73-78B0-4898-A953-3043F1B4FD0C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{67F51CEC-B94D-4F4E-B4D3-05B4C36F15E0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7C8F8BC6-D571-4F93-921B-E9DEDBA13A27}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8A0139C5-D1D4-4B2B-93A9-FD23B9368655}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8E4976CE-3EC5-460F-B31E-724B294798C0}" = protocol=6 | dir=out | app=system |
"{9563DAE1-B0AB-4276-84DD-A351E90A4D16}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9832AFB6-7E31-45DA-B038-00725C042861}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B5BD436C-6732-49B9-9C59-5E1359E7547B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B8A88308-D67D-4805-BA34-63575802E54A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C86A1533-5533-4FC7-A44B-3ABBB51F0F97}" = dir=in | app=c:\program files (x86)\easybits for kids\ezdesktop.exe |
"{C93EAB13-7714-4EBB-BCDD-6A5D13E34311}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CDD8E87D-EAB0-4B3B-8902-69EC5C80CD1B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D4A229C0-58F6-46A3-95CE-398464982076}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DAC77474-E1C5-4780-B43C-B244211A90CB}" = protocol=6 | dir=in | app=c:\users\arne\appdata\roaming\dropbox\bin\dropbox.exe |
"{E0435A85-DF55-4A51-BF27-EB7DF676BC62}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E0576B92-3187-45AD-A345-683ADCEC5754}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{E0F68249-1898-478C-B5F3-7FA3E9F889A9}" = dir=in | app=c:\windows\system32\ezsharedsvchost.exe |
"{E5CDB0F6-86B6-477E-8DE0-733D215FC21F}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update service\update service.exe |
"{E68C8A96-23A4-4EF4-A809-2B5019385440}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F0E9A8A4-C21D-447A-9C95-029DCF53F5C5}" = protocol=17 | dir=in | app=c:\users\arne\appdata\roaming\dropbox\bin\dropbox.exe |
"{F4622CA3-F2C8-44C7-BC3A-23E57742625B}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
"{FA4C62FA-B623-4A93-996A-626ACCF1A8E2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"TCP Query User{08554090-6166-482F-8829-C5D7CF13030F}C:\users\arne\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\arne\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{A0673C9D-17CC-40CE-9BF0-A457C3B87D4A}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{25D72B07-A93B-4754-95BC-88C79AF2EA4D}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{7446DAAA-11F4-4E14-B046-54FC0CF1EF5B}C:\users\arne\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\arne\appdata\roaming\dropbox\bin\dropbox.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{127BEDB9-CFBA-91A2-BCC1-A3A21AFA02F6}" = ATI Catalyst Install Manager
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit)
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B4780D78-61F7-DE72-2E26-94EAEF13A877}" = ccc-utility64
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 7.2.0.1319
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0AD8324F-C5F8-7D42-194E-329B8D1DB340}" = CCC Help Chinese Traditional
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{13D5D877-E722-1A5B-B554-074A7DE71772}" = CCC Help Korean
"{18F4179A-385F-40EE-AE2D-FA0E1BE62753}" = HP Software Framework
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1AA895E9-B751-408B-BB9C-527C04E52C91}" = Catalyst Control Center - Branding
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DC6D76B-AFDE-A59F-20AB-790BCA036D0F}" = CCC Help Russian
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F2FBAD1-7DCC-4769-0D28-F148B04B6EE0}" = CCC Help Greek
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{210A03F5-B2ED-4947-B27E-516F50CBB292}" = HP Setup
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4574C6C1-41CE-54F1-C942-5B923A2DAB30}" = CCC Help Hungarian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F51B5A2-952D-52D9-196A-8E9E8B7023A5}" = CCC Help Spanish
"{4F52A280-7164-3B30-0F56-CCFF6B4BFF9F}" = CCC Help Danish
"{520F374B-6157-BF93-E988-0EA3E3D3946D}" = CCC Help Thai
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A0D5C83-DFA2-D5EA-2F5C-07F9C281DFAC}" = CCC Help Norwegian
"{5EBF0407-366C-1A14-DEE0-502E26C69A2C}" = CCC Help German
"{620C8175-DA37-E6BE-0378-B4B91869B44E}" = Catalyst Control Center Profiles Mobile
"{622EF969-C000-54E6-5EDF-557908AAC259}" = ccc-core-static
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6C453C9C-38AE-494D-BF89-7AA0DE87F3E5}" = HP Documentation
"{6E7542AC-201E-A4B5-A357-632D77CEC2C0}" = CCC Help Japanese
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8027F887-2A1B-0C4E-0573-0243F491CB98}" = CCC Help Dutch
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{814D1480-82F1-89A8-94E9-17115DBB844C}" = Catalyst Control Center InstallProxy
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8508C2D5-AE78-C335-F6D6-07F96F8F4E7D}" = CCC Help Chinese Standard
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{872B1C80-38EC-4A31-A25C-980820593900}" = HP Power Manager
"{8783555D-7EE3-C162-DEFC-0BF92AF9FCFA}" = CCC Help Portuguese
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{896448B2-2F82-E322-7A3B-98180D8015BC}" = CCC Help Swedish
"{8B3F2E25-6825-1FC7-7A59-4324E37F1974}" = CCC Help Finnish
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT5390 802.11b/g/n WiFi Adapter
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94D48CF3-FD0A-EF10-13BE-66BD803A5A16}" = PX Profile Update
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9B9B8EE4-2EDB-41C2-AF2E-63E75D37CDDF}" = HP On Screen Display
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F5CC09D-97E9-E35D-00D6-44FCE1543322}" = Catalyst Control Center Graphics Previews Common
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B420318C-D55C-5C71-4A57-6A2F850604DC}" = Catalyst Control Center Localization All
"{B65FCAA5-F3A6-4B3F-ABEE-CBC2B085796B}" = HP Connection Manager
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager
"{DD90EFA4-37B7-C4DA-F7A3-5B150E058508}" = CCC Help Czech
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E8C2751F-1ECF-E73B-CCAD-F21FE827C5C0}" = CCC Help Italian
"{E96CAA2A-0244-4A2A-8403-0C3C9534778B}" = ESU for Microsoft Windows 7 SP1
"{EB58480C-0721-483C-B354-9D35A147999F}" = HP Quick Launch
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Display Audio Driver
"{F29DD72D-F748-6D9E-AEB1-8610E279A0ED}" = CCC Help English
"{F55AA104-4F14-FE47-2A2C-8D734FB346DA}" = CCC Help French
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.2
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FD2A3058-0547-E960-430D-1A580E044AA1}" = CCC Help Polish
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira Free Antivirus
"DivX Setup" = DivX-Setup
"EasyBits Magic Desktop" = Magic Desktop
"ESET Online Scanner" = ESET Online Scanner v3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.20.423
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Update Service" = Sony Ericsson Update Service
"WildTangent hp Master Uninstall" = HP Games
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WT087330" = Bounce Symphony
"WT087361" = FATE
"WT087393" = Mah Jong Medley
"WT087394" = Penguins!
"WT087396" = Polar Bowler
"WT087490" = Jewel Quest Solitaire
"WT087510" = Slingo Deluxe
"WT087513" = Virtual Villagers - The Secret City
"WT087519" = Wedding Dash
"WT087536" = Diner Dash 2 Restaurant Rescue
"WT089308" = Blasterball 3
"WT089328" = Farm Frenzy
"WT089359" = Cake Mania
"WT089362" = Agatha Christie - Peril at End House
"WT089453" = Bejeweled 2 Deluxe
"WT089454" = Chuzzle Deluxe
"WT089455" = Zuma Deluxe
"WT089458" = Plants vs. Zombies - Game of the Year
"WT089460" = Mystery P.I. - The London Caper
"WT089484" = Namco All-Stars PAC-MAN
"WT089492" = Crazy Chicken Kart 2
"WT089493" = Fishdom
"WT089497" = Big Rig Europe
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3992862711-2143917435-1754787543-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"pdfsam" = pdfsam
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 15.07.2012 19:43:32 | Computer Name = Arne-HP | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
 
Error - 15.07.2012 19:43:32 | Computer Name = Arne-HP | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
 
Error - 15.07.2012 19:43:32 | Computer Name = Arne-HP | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
 
Error - 16.07.2012 13:05:47 | Computer Name = Arne-HP | Source = WinMgmt | ID = 10
Description =
 
Error - 16.07.2012 15:38:24 | Computer Name = Arne-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_265.exe,
 Version: 11.3.300.265, Zeitstempel: 0x4febd5ac  Name des fehlerhaften Moduls: NPSWF32_11_3_300_265.dll,
 Version: 11.3.300.265, Zeitstempel: 0x4febd798  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x0016b5c4  ID des fehlerhaften Prozesses: 0x1580  Startzeit der fehlerhaften Anwendung:
 0x01cd637554ea45c2  Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
Berichtskennung:
 ce06e5f4-cf7d-11e1-88c8-2c27d7de51e5
 
Error - 16.07.2012 15:38:31 | Computer Name = Arne-HP | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
 
Error - 16.07.2012 18:50:17 | Computer Name = Arne-HP | Source = WinMgmt | ID = 10
Description =
 
Error - 17.07.2012 01:43:06 | Computer Name = Arne-HP | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
 
Error - 17.07.2012 12:14:00 | Computer Name = Arne-HP | Source = WinMgmt | ID = 10
Description =
 
Error - 17.07.2012 12:48:55 | Computer Name = Arne-HP | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
 
[ HP Connection Manager Events ]
Error - 21.07.2012 22:33:15 | Computer Name = Arne-HP | Source = hpCMSrv | ID = 5
Description = 2012/07/22 04:33:15.442|00000F5C|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 22.07.2012 10:14:13 | Computer Name = Arne-HP | Source = hpCMSrv | ID = 5
Description = 2012/07/22 16:14:13.913|00001370|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 22.07.2012 10:14:15 | Computer Name = Arne-HP | Source = hpCMSrv | ID = 5
Description = 2012/07/22 16:14:15.420|00001370|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 22.07.2012 10:14:17 | Computer Name = Arne-HP | Source = hpCMSrv | ID = 5
Description = 2012/07/22 16:14:17.410|00001370|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 22.07.2012 10:14:19 | Computer Name = Arne-HP | Source = hpCMSrv | ID = 5
Description = 2012/07/22 16:14:19.407|00001370|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 23.07.2012 19:15:00 | Computer Name = Arne-HP | Source = hpCMSrv | ID = 5
Description = 2012/07/24 01:15:00.428|0000176C|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 23.07.2012 19:15:02 | Computer Name = Arne-HP | Source = hpCMSrv | ID = 5
Description = 2012/07/24 01:15:02.436|0000176C|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 24.07.2012 17:39:26 | Computer Name = Arne-HP | Source = hpCMSrv | ID = 5
Description = 2012/07/24 23:39:26.464|00001630|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 24.07.2012 17:39:28 | Computer Name = Arne-HP | Source = hpCMSrv | ID = 5
Description = 2012/07/24 23:39:28.461|00001630|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 24.07.2012 19:03:42 | Computer Name = Arne-HP | Source = hpCMSrv | ID = 5
Description = 2012/07/25 01:03:42.483|000017CC|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
[ HP Software Framework Events ]
Error - 08.05.2012 16:08:53 | Computer Name = Arne-HP | Source = CaslWmi | ID = 5
Description = 2012.05.08 22:08:53.150|00001388|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 09.05.2012 03:43:50 | Computer Name = Arne-HP | Source = CaslWmi | ID = 5
Description = 2012.05.09 09:43:50.763|000000F8|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 09.05.2012 12:51:15 | Computer Name = Arne-HP | Source = CaslWmi | ID = 5
Description = 2012.05.09 18:51:15.333|00000FD0|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 09.05.2012 18:33:02 | Computer Name = Arne-HP | Source = CaslWmi | ID = 5
Description = 2012.05.10 00:33:02.331|000012D0|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 10.05.2012 03:54:49 | Computer Name = Arne-HP | Source = CaslWmi | ID = 5
Description = 2012.05.10 09:54:49.671|000013E8|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 10.05.2012 13:03:49 | Computer Name = Arne-HP | Source = CaslWmi | ID = 5
Description = 2012.05.10 19:03:49.345|000006D8|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 11.05.2012 13:01:14 | Computer Name = Arne-HP | Source = CaslWmi | ID = 5
Description = 2012.05.11 19:01:14.500|00000B18|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 11.05.2012 13:29:08 | Computer Name = Arne-HP | Source = CaslWmi | ID = 5
Description = 2012.05.11 19:29:08.045|00001408|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 11.05.2012 13:30:36 | Computer Name = Arne-HP | Source = CaslWmi | ID = 5
Description = 2012.05.11 19:30:36.166|00001304|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 11.05.2012 13:30:38 | Computer Name = Arne-HP | Source = CaslWmi | ID = 5
Description = 2012.05.11 19:30:38.954|0000161C|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
[ System Events ]
Error - 24.07.2012 04:28:51 | Computer Name = Arne-HP | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig:
 BFE. Dieser Dienst ist eventuell nicht installiert.
 
Error - 24.07.2012 04:29:17 | Computer Name = Arne-HP | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-2147023143.
 
Error - 24.07.2012 17:40:16 | Computer Name = Arne-HP | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:  %%1060
 
Error - 24.07.2012 17:40:20 | Computer Name = Arne-HP | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist
von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
 
Error - 24.07.2012 17:40:20 | Computer Name = Arne-HP | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig:
 BFE. Dieser Dienst ist eventuell nicht installiert.
 
Error - 24.07.2012 17:40:49 | Computer Name = Arne-HP | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-2147023143.
 
Error - 25.07.2012 05:07:31 | Computer Name = Arne-HP | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:  %%1060
 
Error - 25.07.2012 05:07:35 | Computer Name = Arne-HP | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist
von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
 
Error - 25.07.2012 05:07:35 | Computer Name = Arne-HP | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig:
 BFE. Dieser Dienst ist eventuell nicht installiert.
 
Error - 25.07.2012 05:08:04 | Computer Name = Arne-HP | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-2147023143.
 
 
< End of report >
soll ich eigentlich mit den Funden von ESET irgend etwas machen oder sind die jetzt schon durch den adwcleaner gelöscht?

cosinus 26.07.2012 11:36
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
:OTL
FF - user.js - File not found
O4 - HKLM..\Run: []  File not found
O4 - HKU\S-1-5-21-3992862711-2143917435-1754787543-1000..\Run: [WOSB2] C:\Users\Arne\AppData\Local\Temp\Temp1_WakeupOnStandBy117.zip\wosb.exe (www.dennisbabkin.com)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
:Files
C:\user.js
C:\Users\Arne\AppData\Local\319bb7b7
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Gargamel456 28.07.2012 14:36
Okay, hier das OTL Logfile:

Code:
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3992862711-2143917435-1754787543-1000\Software\Microsoft\Windows\CurrentVersion\Run\\WOSB2 not found.
C:\Users\Arne\AppData\Local\Temp\Temp1_WakeupOnStandBy117.zip\wosb.exe moved successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\EnableShellExecuteHooks deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
========== FILES ==========
C:\user.js moved successfully.
C:\Users\Arne\AppData\Local\319bb7b7\U folder moved successfully.
C:\Users\Arne\AppData\Local\319bb7b7 folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Arne
->Temp folder emptied: 4776090966 bytes
->Temporary Internet Files folder emptied: 36662894 bytes
->Java cache emptied: 41344 bytes
->FireFox cache emptied: 148377321 bytes
->Flash cache emptied: 1556 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 259563738 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 66818 bytes
RecycleBin emptied: 938490892 bytes
 
Total Files Cleaned = 5.874,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Arne
->Flash cache emptied: 0 bytes
 
User: Default
 
User: Default User
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.54.1 log created on 07282012_151241

Files\Folders moved on Reboot...
C:\Users\Arne\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\Arne\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...

cosinus 29.07.2012 00:30
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Gargamel456 30.07.2012 22:30
Okay, hier der TDSS Killer log:

Code:
23:21:27.0950 0832        TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
23:21:28.0400 0832        ============================================================
23:21:28.0400 0832        Current date / time: 2012/07/30 23:21:28.0400
23:21:28.0400 0832        SystemInfo:
23:21:28.0400 0832       
23:21:28.0400 0832        OS Version: 6.1.7601 ServicePack: 1.0
23:21:28.0400 0832        Product type: Workstation
23:21:28.0400 0832        ComputerName: ARNE-HP
23:21:28.0400 0832        UserName: Arne
23:21:28.0400 0832        Windows directory: C:\Windows
23:21:28.0400 0832        System windows directory: C:\Windows
23:21:28.0400 0832        Running under WOW64
23:21:28.0400 0832        Processor architecture: Intel x64
23:21:28.0400 0832        Number of processors: 4
23:21:28.0400 0832        Page size: 0x1000
23:21:28.0400 0832        Boot type: Normal boot
23:21:28.0400 0832        ============================================================
23:21:29.0131 0832        Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:21:29.0131 0832        ============================================================
23:21:29.0131 0832        \Device\Harddisk0\DR0:
23:21:29.0131 0832        MBR partitions:
23:21:29.0131 0832        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
23:21:29.0131 0832        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x38551000
23:21:29.0131 0832        \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x385B5000, BlocksNum 0x1D9D000
23:21:29.0131 0832        \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
23:21:29.0131 0832        ============================================================
23:21:29.0161 0832        C: <-> \Device\Harddisk0\DR0\Partition1
23:21:29.0211 0832        D: <-> \Device\Harddisk0\DR0\Partition2
23:21:29.0231 0832        F: <-> \Device\Harddisk0\DR0\Partition3
23:21:29.0231 0832        ============================================================
23:21:29.0231 0832        Initialize success
23:21:29.0231 0832        ============================================================
23:22:59.0380 2780        ============================================================
23:22:59.0380 2780        Scan started
23:22:59.0380 2780        Mode: Manual; SigCheck; TDLFS;
23:22:59.0380 2780        ============================================================
23:22:59.0848 2780        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
23:22:59.0926 2780        1394ohci - ok
23:22:59.0973 2780        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
23:23:00.0019 2780        ACPI - ok
23:23:00.0035 2780        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
23:23:00.0113 2780        AcpiPmi - ok
23:23:00.0238 2780        AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:23:00.0269 2780        AdobeFlashPlayerUpdateSvc - ok
23:23:00.0363 2780        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
23:23:00.0409 2780        adp94xx - ok
23:23:00.0456 2780        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
23:23:00.0487 2780        adpahci - ok
23:23:00.0534 2780        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
23:23:00.0565 2780        adpu320 - ok
23:23:00.0597 2780        AeLookupSvc    (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
23:23:00.0737 2780        AeLookupSvc - ok
23:23:00.0799 2780        AFD            (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
23:23:00.0846 2780        AFD - ok
23:23:00.0877 2780        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
23:23:00.0893 2780        agp440 - ok
23:23:00.0924 2780        ALG            (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
23:23:00.0955 2780        ALG - ok
23:23:00.0987 2780        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
23:23:01.0002 2780        aliide - ok
23:23:01.0049 2780        AMD External Events Utility (2902a4fe2571ccb491e3ca51b75f8d2d) C:\Windows\system32\atiesrxx.exe
23:23:01.0174 2780        AMD External Events Utility - ok
23:23:01.0189 2780        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
23:23:01.0205 2780        amdide - ok
23:23:01.0267 2780        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
23:23:01.0299 2780        AmdK8 - ok
23:23:01.0689 2780        amdkmdag        (49a9a2fb39e682c4c7b2c27033b714d0) C:\Windows\system32\DRIVERS\atikmdag.sys
23:23:01.0954 2780        amdkmdag - ok
23:23:02.0125 2780        amdkmdap        (692c5a435f65cfd629f5338021f1364d) C:\Windows\system32\DRIVERS\atikmpag.sys
23:23:02.0172 2780        amdkmdap - ok
23:23:02.0203 2780        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
23:23:02.0235 2780        AmdPPM - ok
23:23:02.0266 2780        amdsata        (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
23:23:02.0266 2780        amdsata - ok
23:23:02.0328 2780        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
23:23:02.0359 2780        amdsbs - ok
23:23:02.0375 2780        amdxata        (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
23:23:02.0391 2780        amdxata - ok
23:23:02.0500 2780        AntiVirSchedulerService (0a1cc583e8147004e4ad4625d7fbf88c) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
23:23:02.0515 2780        AntiVirSchedulerService - ok
23:23:02.0562 2780        AntiVirService  (c9a36ef935aced86aedf93e97e606911) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
23:23:02.0593 2780        AntiVirService - ok
23:23:02.0640 2780        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
23:23:02.0843 2780        AppID - ok
23:23:02.0874 2780        AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
23:23:02.0952 2780        AppIDSvc - ok
23:23:02.0952 2780        Appinfo        (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
23:23:02.0999 2780        Appinfo - ok
23:23:03.0061 2780        Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:23:03.0093 2780        Apple Mobile Device - ok
23:23:03.0124 2780        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
23:23:03.0139 2780        arc - ok
23:23:03.0171 2780        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
23:23:03.0186 2780        arcsas - ok
23:23:03.0217 2780        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
23:23:03.0295 2780        AsyncMac - ok
23:23:03.0311 2780        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
23:23:03.0311 2780        atapi - ok
23:23:03.0389 2780        AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
23:23:03.0451 2780        AudioEndpointBuilder - ok
23:23:03.0451 2780        AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
23:23:03.0483 2780        AudioSrv - ok
23:23:03.0545 2780        avgntflt        (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
23:23:03.0576 2780        avgntflt - ok
23:23:03.0607 2780        avipbb          (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
23:23:03.0623 2780        avipbb - ok
23:23:03.0654 2780        avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
23:23:03.0654 2780        avkmgr - ok
23:23:03.0701 2780        AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
23:23:03.0810 2780        AxInstSV - ok
23:23:03.0873 2780        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
23:23:03.0935 2780        b06bdrv - ok
23:23:03.0997 2780        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
23:23:04.0060 2780        b57nd60a - ok
23:23:04.0138 2780        BBSvc          (93ee7d9c35ae7e9ffda148d7805f1421) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
23:23:04.0169 2780        BBSvc - ok
23:23:04.0278 2780        BCM43XX        (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
23:23:04.0356 2780        BCM43XX - ok
23:23:04.0403 2780        BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
23:23:04.0434 2780        BDESVC - ok
23:23:04.0497 2780        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
23:23:04.0575 2780        Beep - ok
23:23:04.0637 2780        BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
23:23:04.0731 2780        BITS - ok
23:23:04.0746 2780        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
23:23:04.0777 2780        blbdrive - ok
23:23:04.0871 2780        Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
23:23:04.0887 2780        Bonjour Service - ok
23:23:04.0933 2780        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
23:23:04.0965 2780        bowser - ok
23:23:04.0996 2780        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
23:23:05.0043 2780        BrFiltLo - ok
23:23:05.0074 2780        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
23:23:05.0089 2780        BrFiltUp - ok
23:23:05.0152 2780        Browser        (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
23:23:05.0230 2780        Browser - ok
23:23:05.0277 2780        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
23:23:05.0355 2780        Brserid - ok
23:23:05.0370 2780        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
23:23:05.0401 2780        BrSerWdm - ok
23:23:05.0433 2780        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:23:05.0479 2780        BrUsbMdm - ok
23:23:05.0495 2780        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
23:23:05.0526 2780        BrUsbSer - ok
23:23:05.0557 2780        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
23:23:05.0589 2780        BTHMODEM - ok
23:23:05.0651 2780        bthserv        (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
23:23:05.0698 2780        bthserv - ok
23:23:05.0713 2780        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
23:23:05.0760 2780        cdfs - ok
23:23:05.0823 2780        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
23:23:05.0869 2780        cdrom - ok
23:23:05.0916 2780        CertPropSvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
23:23:05.0994 2780        CertPropSvc - ok
23:23:06.0041 2780        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
23:23:06.0088 2780        circlass - ok
23:23:06.0135 2780        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
23:23:06.0166 2780        CLFS - ok
23:23:06.0275 2780        CLKMSVC10_38F51D56 (524dc3807cb1746225f9d26add19c319) C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
23:23:06.0306 2780        CLKMSVC10_38F51D56 - ok
23:23:06.0369 2780        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:23:06.0400 2780        clr_optimization_v2.0.50727_32 - ok
23:23:06.0447 2780        clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:23:06.0478 2780        clr_optimization_v2.0.50727_64 - ok
23:23:06.0571 2780        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:23:06.0618 2780        clr_optimization_v4.0.30319_32 - ok
23:23:06.0649 2780        clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:23:06.0665 2780        clr_optimization_v4.0.30319_64 - ok
23:23:06.0727 2780        clwvd          (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
23:23:06.0743 2780        clwvd - ok
23:23:06.0790 2780        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
23:23:06.0837 2780        CmBatt - ok
23:23:06.0868 2780        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
23:23:06.0883 2780        cmdide - ok
23:23:06.0946 2780        CNG            (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
23:23:07.0008 2780        CNG - ok
23:23:07.0039 2780        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
23:23:07.0055 2780        Compbatt - ok
23:23:07.0086 2780        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
23:23:07.0117 2780        CompositeBus - ok
23:23:07.0133 2780        COMSysApp - ok
23:23:07.0149 2780        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
23:23:07.0164 2780        crcdisk - ok
23:23:07.0195 2780        CryptSvc        (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
23:23:07.0227 2780        CryptSvc - ok
23:23:07.0367 2780        cvhsvc          (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
23:23:07.0398 2780        cvhsvc - ok
23:23:07.0461 2780        DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
23:23:07.0523 2780        DcomLaunch - ok
23:23:07.0570 2780        defragsvc      (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
23:23:07.0663 2780        defragsvc - ok
23:23:07.0741 2780        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
23:23:07.0819 2780        DfsC - ok
23:23:07.0882 2780        Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
23:23:07.0975 2780        Dhcp - ok
23:23:08.0007 2780        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
23:23:08.0053 2780        discache - ok
23:23:08.0085 2780        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
23:23:08.0116 2780        Disk - ok
23:23:08.0163 2780        Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
23:23:08.0178 2780        Dnscache - ok
23:23:08.0225 2780        dot3svc        (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
23:23:08.0303 2780        dot3svc - ok
23:23:08.0319 2780        DPS            (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
23:23:08.0365 2780        DPS - ok
23:23:08.0397 2780        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
23:23:08.0443 2780        drmkaud - ok
23:23:08.0506 2780        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
23:23:08.0537 2780        DXGKrnl - ok
23:23:08.0568 2780        EapHost        (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
23:23:08.0615 2780        EapHost - ok
23:23:08.0787 2780        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
23:23:08.0896 2780        ebdrv - ok
23:23:09.0021 2780        EFS            (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
23:23:09.0052 2780        EFS - ok
23:23:09.0145 2780        ehRecvr        (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
23:23:09.0208 2780        ehRecvr - ok
23:23:09.0223 2780        ehSched        (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
23:23:09.0239 2780        ehSched - ok
23:23:09.0333 2780        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
23:23:09.0379 2780        elxstor - ok
23:23:09.0411 2780        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
23:23:09.0426 2780        ErrDev - ok
23:23:09.0473 2780        EventSystem    (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
23:23:09.0567 2780        EventSystem - ok
23:23:09.0629 2780        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
23:23:09.0691 2780        exfat - ok
23:23:09.0707 2780        ezSharedSvc - ok
23:23:09.0723 2780        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
23:23:09.0769 2780        fastfat - ok
23:23:09.0847 2780        Fax            (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
23:23:09.0910 2780        Fax - ok
23:23:09.0925 2780        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
23:23:09.0957 2780        fdc - ok
23:23:09.0988 2780        fdPHost        (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
23:23:10.0050 2780        fdPHost - ok
23:23:10.0066 2780        FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
23:23:10.0097 2780        FDResPub - ok
23:23:10.0113 2780        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
23:23:10.0128 2780        FileInfo - ok
23:23:10.0144 2780        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
23:23:10.0191 2780        Filetrace - ok
23:23:10.0206 2780        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
23:23:10.0237 2780        flpydisk - ok
23:23:10.0269 2780        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
23:23:10.0284 2780        FltMgr - ok
23:23:10.0362 2780        FontCache      (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
23:23:10.0440 2780        FontCache - ok
23:23:10.0503 2780        FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:23:10.0534 2780        FontCache3.0.0.0 - ok
23:23:10.0581 2780        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
23:23:10.0596 2780        FsDepends - ok
23:23:10.0643 2780        Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
23:23:10.0674 2780        Fs_Rec - ok
23:23:10.0705 2780        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
23:23:10.0721 2780        fvevol - ok
23:23:10.0768 2780        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
23:23:10.0783 2780        gagp30kx - ok
23:23:10.0877 2780        GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
23:23:10.0908 2780        GamesAppService - ok
23:23:10.0971 2780        GEARAspiWDM    (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:23:10.0986 2780        GEARAspiWDM - ok
23:23:11.0017 2780        ggflt          (a4198f2bd8aa592cb90476277a81b5e1) C:\Windows\system32\DRIVERS\ggflt.sys
23:23:11.0049 2780        ggflt - ok
23:23:11.0080 2780        ggsemc          (d266350bdaab9eb6c1aec370eeaaff3a) C:\Windows\system32\DRIVERS\ggsemc.sys
23:23:11.0095 2780        ggsemc - ok
23:23:11.0158 2780        gpsvc          (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
23:23:11.0267 2780        gpsvc - ok
23:23:11.0298 2780        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
23:23:11.0314 2780        hcw85cir - ok
23:23:11.0361 2780        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
23:23:11.0407 2780        HdAudAddService - ok
23:23:11.0454 2780        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
23:23:11.0501 2780        HDAudBus - ok
23:23:11.0517 2780        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
23:23:11.0532 2780        HidBatt - ok
23:23:11.0548 2780        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
23:23:11.0579 2780        HidBth - ok
23:23:11.0626 2780        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
23:23:11.0657 2780        HidIr - ok
23:23:11.0688 2780        hidserv        (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
23:23:11.0751 2780        hidserv - ok
23:23:11.0782 2780        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
23:23:11.0797 2780        HidUsb - ok
23:23:11.0844 2780        hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
23:23:11.0891 2780        hkmsvc - ok
23:23:11.0922 2780        HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
23:23:11.0985 2780        HomeGroupListener - ok
23:23:12.0000 2780        HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
23:23:12.0031 2780        HomeGroupProvider - ok
23:23:12.0187 2780        HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
23:23:12.0219 2780        HP Support Assistant Service - ok
23:23:12.0281 2780        HPClientSvc    (3dc11a802353401332d49c3cbfbbe5fc) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
23:23:12.0312 2780        HPClientSvc - ok
23:23:12.0421 2780        hpCMSrv        (e07f8e78d08d9269e3365c2a4f637191) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
23:23:12.0468 2780        hpCMSrv - ok
23:23:12.0593 2780        hpqwmiex        (5298e3b4844328a11c9eb6c001cf0529) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
23:23:12.0640 2780        hpqwmiex - ok
23:23:12.0780 2780        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
23:23:12.0811 2780        HpSAMD - ok
23:23:12.0874 2780        HPWMISVC        (f630dd7564ebb7248a13b1cc774d9ea6) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
23:23:12.0889 2780        HPWMISVC - ok
23:23:12.0967 2780        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
23:23:13.0077 2780        HTTP - ok
23:23:13.0077 2780        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
23:23:13.0092 2780        hwpolicy - ok
23:23:13.0139 2780        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
23:23:13.0155 2780        i8042prt - ok
23:23:13.0201 2780        iaStor          (d469b77687e12fe43e344806740b624d) C:\Windows\system32\DRIVERS\iaStor.sys
23:23:13.0217 2780        iaStor - ok
23:23:13.0295 2780        IAStorDataMgrSvc (983fc69644ddf0486c8dfea262948d1a) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
23:23:13.0311 2780        IAStorDataMgrSvc - ok
23:23:13.0373 2780        iaStorV        (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
23:23:13.0435 2780        iaStorV - ok
23:23:13.0607 2780        IconMan_R      (d22d82d74fd1b6c77e7556dbdc3ea9d2) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
23:23:13.0685 2780        IconMan_R ( UnsignedFile.Multi.Generic ) - warning
23:23:13.0685 2780        IconMan_R - detected UnsignedFile.Multi.Generic (1)
23:23:13.0825 2780        idsvc          (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:23:13.0888 2780        idsvc - ok
23:23:13.0981 2780        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
23:23:14.0013 2780        iirsp - ok
23:23:14.0091 2780        IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
23:23:14.0184 2780        IKEEXT - ok
23:23:14.0231 2780        IntcDAud        (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
23:23:14.0262 2780        IntcDAud - ok
23:23:14.0293 2780        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
23:23:14.0293 2780        intelide - ok
23:23:14.0839 2780        intelkmd        (78527e6a4d78b1153925914c55872beb) C:\Windows\system32\DRIVERS\igdpmd64.sys
23:23:15.0167 2780        intelkmd - ok
23:23:15.0307 2780        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
23:23:15.0354 2780        intelppm - ok
23:23:15.0385 2780        IPBusEnum      (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
23:23:15.0448 2780        IPBusEnum - ok
23:23:15.0479 2780        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:23:15.0526 2780        IpFilterDriver - ok
23:23:15.0541 2780        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
23:23:15.0573 2780        IPMIDRV - ok
23:23:15.0604 2780        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
23:23:15.0651 2780        IPNAT - ok
23:23:15.0744 2780        iPod Service    (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
23:23:15.0791 2780        iPod Service - ok
23:23:15.0807 2780        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
23:23:15.0838 2780        IRENUM - ok
23:23:15.0869 2780        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
23:23:15.0885 2780        isapnp - ok
23:23:15.0916 2780        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
23:23:15.0947 2780        iScsiPrt - ok
23:23:15.0978 2780        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
23:23:15.0978 2780        kbdclass - ok
23:23:16.0009 2780        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
23:23:16.0056 2780        kbdhid - ok
23:23:16.0072 2780        KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:23:16.0103 2780        KeyIso - ok
23:23:16.0119 2780        KSecDD          (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
23:23:16.0150 2780        KSecDD - ok
23:23:16.0165 2780        KSecPkg        (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
23:23:16.0181 2780        KSecPkg - ok
23:23:16.0212 2780        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
23:23:16.0259 2780        ksthunk - ok
23:23:16.0321 2780        KtmRm          (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
23:23:16.0415 2780        KtmRm - ok
23:23:16.0477 2780        LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
23:23:16.0571 2780        LanmanServer - ok
23:23:16.0602 2780        LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
23:23:16.0665 2780        LanmanWorkstation - ok
23:23:16.0696 2780        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
23:23:16.0727 2780        lltdio - ok
23:23:16.0774 2780        lltdsvc        (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
23:23:16.0899 2780        lltdsvc - ok
23:23:16.0914 2780        lmhosts        (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
23:23:17.0008 2780        lmhosts - ok
23:23:17.0101 2780        LMS            (d75c4b4a8fe6d7fd74a7eecdbaec729f) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
23:23:17.0133 2780        LMS - ok
23:23:17.0179 2780        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
23:23:17.0195 2780        LSI_FC - ok
23:23:17.0226 2780        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
23:23:17.0242 2780        LSI_SAS - ok
23:23:17.0273 2780        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
23:23:17.0289 2780        LSI_SAS2 - ok
23:23:17.0304 2780        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
23:23:17.0320 2780        LSI_SCSI - ok
23:23:17.0335 2780        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
23:23:17.0382 2780        luafv - ok
23:23:17.0413 2780        Mcx2Svc        (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
23:23:17.0460 2780        Mcx2Svc - ok
23:23:17.0491 2780        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
23:23:17.0491 2780        megasas - ok
23:23:17.0538 2780        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
23:23:17.0585 2780        MegaSR - ok
23:23:17.0616 2780        MEIx64          (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
23:23:17.0616 2780        MEIx64 - ok
23:23:17.0663 2780        MMCSS          (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:23:17.0725 2780        MMCSS - ok
23:23:17.0757 2780        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
23:23:17.0803 2780        Modem - ok
23:23:17.0835 2780        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
23:23:17.0866 2780        monitor - ok
23:23:17.0897 2780        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
23:23:17.0897 2780        mouclass - ok
23:23:17.0928 2780        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
23:23:17.0944 2780        mouhid - ok
23:23:17.0991 2780        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
23:23:18.0006 2780        mountmgr - ok
23:23:18.0131 2780        MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
23:23:18.0162 2780        MozillaMaintenance - ok
23:23:18.0193 2780        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
23:23:18.0209 2780        mpio - ok
23:23:18.0240 2780        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
23:23:18.0287 2780        mpsdrv - ok
23:23:18.0303 2780        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
23:23:18.0334 2780        MRxDAV - ok
23:23:18.0365 2780        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:23:18.0381 2780        mrxsmb - ok
23:23:18.0412 2780        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:23:18.0427 2780        mrxsmb10 - ok
23:23:18.0459 2780        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:23:18.0459 2780        mrxsmb20 - ok
23:23:18.0474 2780        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
23:23:18.0490 2780        msahci - ok
23:23:18.0505 2780        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
23:23:18.0521 2780        msdsm - ok
23:23:18.0552 2780        MSDTC          (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
23:23:18.0583 2780        MSDTC - ok
23:23:18.0630 2780        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
23:23:18.0708 2780        Msfs - ok
23:23:18.0739 2780        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
23:23:18.0771 2780        mshidkmdf - ok
23:23:18.0802 2780        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
23:23:18.0817 2780        msisadrv - ok
23:23:18.0849 2780        MSiSCSI        (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
23:23:18.0864 2780        MSiSCSI - ok
23:23:18.0880 2780        msiserver - ok
23:23:18.0911 2780        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
23:23:18.0973 2780        MSKSSRV - ok
23:23:18.0989 2780        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
23:23:19.0051 2780        MSPCLOCK - ok
23:23:19.0067 2780        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
23:23:19.0114 2780        MSPQM - ok
23:23:19.0145 2780        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
23:23:19.0192 2780        MsRPC - ok
23:23:19.0207 2780        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
23:23:19.0223 2780        mssmbios - ok
23:23:19.0254 2780        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
23:23:19.0317 2780        MSTEE - ok
23:23:19.0332 2780        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
23:23:19.0348 2780        MTConfig - ok
23:23:19.0363 2780        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
23:23:19.0363 2780        Mup - ok
23:23:19.0410 2780        napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
23:23:19.0519 2780        napagent - ok
23:23:19.0566 2780        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
23:23:19.0660 2780        NativeWifiP - ok
23:23:19.0753 2780        NDIS            (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
23:23:19.0800 2780        NDIS - ok
23:23:19.0831 2780        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
23:23:19.0863 2780        NdisCap - ok
23:23:19.0894 2780        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
23:23:19.0909 2780        NdisTapi - ok
23:23:19.0925 2780        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
23:23:19.0972 2780        Ndisuio - ok
23:23:19.0987 2780        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
23:23:20.0034 2780        NdisWan - ok
23:23:20.0065 2780        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
23:23:20.0128 2780        NDProxy - ok
23:23:20.0143 2780        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
23:23:20.0237 2780        NetBIOS - ok
23:23:20.0268 2780        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
23:23:20.0299 2780        NetBT - ok
23:23:20.0331 2780        Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:23:20.0346 2780        Netlogon - ok
23:23:20.0393 2780        Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
23:23:20.0487 2780        Netman - ok
23:23:20.0518 2780        netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
23:23:20.0565 2780        netprofm - ok
23:23:20.0643 2780        netr28x        (24cf1304d899124336f67f88f3c15e21) C:\Windows\system32\DRIVERS\netr28x.sys
23:23:20.0674 2780        netr28x - ok
23:23:20.0752 2780        NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:23:20.0783 2780        NetTcpPortSharing - ok
23:23:20.0814 2780        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
23:23:20.0830 2780        nfrd960 - ok
23:23:20.0861 2780        NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
23:23:20.0939 2780        NlaSvc - ok
23:23:20.0970 2780        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
23:23:21.0001 2780        Npfs - ok
23:23:21.0017 2780        nsi            (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
23:23:21.0064 2780        nsi - ok
23:23:21.0079 2780        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
23:23:21.0111 2780        nsiproxy - ok
23:23:21.0220 2780        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
23:23:21.0313 2780        Ntfs - ok
23:23:21.0438 2780        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
23:23:21.0501 2780        Null - ok
23:23:21.0532 2780        NVENETFD        (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
23:23:21.0594 2780        NVENETFD - ok
23:23:21.0641 2780        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
23:23:21.0657 2780        nvraid - ok
23:23:21.0688 2780        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
23:23:21.0703 2780        nvstor - ok
23:23:21.0750 2780        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
23:23:21.0766 2780        nv_agp - ok
23:23:21.0797 2780        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
23:23:21.0844 2780        ohci1394 - ok
23:23:21.0937 2780        ose            (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:23:21.0969 2780        ose - ok
23:23:22.0281 2780        osppsvc        (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:23:22.0421 2780        osppsvc - ok
23:23:22.0546 2780        p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:23:22.0624 2780        p2pimsvc - ok
23:23:22.0655 2780        p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
23:23:22.0702 2780        p2psvc - ok
23:23:22.0764 2780        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
23:23:22.0795 2780        Parport - ok
23:23:22.0827 2780        partmgr        (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
23:23:22.0842 2780        partmgr - ok
23:23:22.0873 2780        PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
23:23:22.0920 2780        PcaSvc - ok
23:23:22.0951 2780        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
23:23:22.0998 2780        pci - ok
23:23:23.0014 2780        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
23:23:23.0029 2780        pciide - ok
23:23:23.0045 2780        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
23:23:23.0061 2780        pcmcia - ok
23:23:23.0092 2780        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
23:23:23.0092 2780        pcw - ok
23:23:23.0139 2780        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
23:23:23.0217 2780        PEAUTH - ok
23:23:23.0310 2780        PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
23:23:23.0357 2780        PerfHost - ok
23:23:23.0435 2780        pla            (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
23:23:23.0529 2780        pla - ok
23:23:23.0591 2780        PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
23:23:23.0653 2780        PlugPlay - ok
23:23:23.0669 2780        PNRPAutoReg    (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
23:23:23.0685 2780        PNRPAutoReg - ok
23:23:23.0716 2780        PNRPsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:23:23.0731 2780        PNRPsvc - ok
23:23:23.0763 2780        PolicyAgent    (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
23:23:23.0841 2780        PolicyAgent - ok
23:23:23.0903 2780        Power          (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
23:23:23.0997 2780        Power - ok
23:23:24.0075 2780        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
23:23:24.0121 2780        PptpMiniport - ok
23:23:24.0137 2780        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
23:23:24.0168 2780        Processor - ok
23:23:24.0215 2780        ProfSvc        (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
23:23:24.0277 2780        ProfSvc - ok
23:23:24.0293 2780        ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:23:24.0324 2780        ProtectedStorage - ok
23:23:24.0355 2780        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
23:23:24.0418 2780        Psched - ok
23:23:24.0527 2780        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
23:23:24.0621 2780        ql2300 - ok
23:23:24.0745 2780        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
23:23:24.0777 2780        ql40xx - ok
23:23:24.0808 2780        QWAVE          (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
23:23:24.0855 2780        QWAVE - ok
23:23:24.0886 2780        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
23:23:24.0901 2780        QWAVEdrv - ok
23:23:24.0917 2780        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
23:23:24.0948 2780        RasAcd - ok
23:23:24.0979 2780        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:23:25.0011 2780        RasAgileVpn - ok
23:23:25.0042 2780        RasAuto        (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
23:23:25.0073 2780        RasAuto - ok
23:23:25.0104 2780        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:23:25.0135 2780        Rasl2tp - ok
23:23:25.0167 2780        RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
23:23:25.0213 2780        RasMan - ok
23:23:25.0276 2780        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
23:23:25.0338 2780        RasPppoe - ok
23:23:25.0369 2780        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
23:23:25.0401 2780        RasSstp - ok
23:23:25.0432 2780        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
23:23:25.0479 2780        rdbss - ok
23:23:25.0510 2780        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
23:23:25.0557 2780        rdpbus - ok
23:23:25.0603 2780        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:23:25.0635 2780        RDPCDD - ok
23:23:25.0650 2780        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
23:23:25.0697 2780        RDPENCDD - ok
23:23:25.0697 2780        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
23:23:25.0728 2780        RDPREFMP - ok
23:23:25.0759 2780        RDPWD          (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
23:23:25.0775 2780        RDPWD - ok
23:23:25.0822 2780        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
23:23:25.0869 2780        rdyboost - ok
23:23:25.0900 2780        RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
23:23:25.0978 2780        RemoteAccess - ok
23:23:26.0009 2780        RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
23:23:26.0087 2780        RemoteRegistry - ok
23:23:26.0103 2780        RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
23:23:26.0149 2780        RpcEptMapper - ok
23:23:26.0165 2780        RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
23:23:26.0196 2780        RpcLocator - ok
23:23:26.0243 2780        RpcSs          (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
23:23:26.0305 2780        RpcSs - ok
23:23:26.0352 2780        RSPCIESTOR      (546d7f426776090b90ef5f195b6ae662) C:\Windows\system32\DRIVERS\RtsPStor.sys
23:23:26.0352 2780        RSPCIESTOR - ok
23:23:26.0399 2780        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
23:23:26.0430 2780        rspndr - ok
23:23:26.0477 2780        RTL8167        (ea5532868ba76923d75bcb2a1448d810) C:\Windows\system32\DRIVERS\Rt64win7.sys
23:23:26.0508 2780        RTL8167 - ok
23:23:26.0555 2780        s117bus        (6c90231046fb9fc4123c42179832817f) C:\Windows\system32\DRIVERS\s117bus.sys
23:23:26.0571 2780        s117bus - ok
23:23:26.0602 2780        s117mdfl        (3279341c90ef8f226af77623039f4495) C:\Windows\system32\DRIVERS\s117mdfl.sys
23:23:26.0617 2780        s117mdfl - ok
23:23:26.0633 2780        s117mdm        (73e331f555279e753b312675ddaf4516) C:\Windows\system32\DRIVERS\s117mdm.sys
23:23:26.0649 2780        s117mdm - ok
23:23:26.0680 2780        s117mgmt        (d420731fd2880f0f40f20771efaad671) C:\Windows\system32\DRIVERS\s117mgmt.sys
23:23:26.0695 2780        s117mgmt - ok
23:23:26.0727 2780        s117nd5        (98236ca5a9a77d0983ac3f6d6527c796) C:\Windows\system32\DRIVERS\s117nd5.sys
23:23:26.0727 2780        s117nd5 - ok
23:23:26.0773 2780        s117obex        (1dd613909477ae298c98e86617ec356b) C:\Windows\system32\DRIVERS\s117obex.sys
23:23:26.0789 2780        s117obex - ok
23:23:26.0805 2780        s117unic        (9a22df5fe9b6be279d820776a6adb56f) C:\Windows\system32\DRIVERS\s117unic.sys
23:23:26.0805 2780        s117unic - ok
23:23:26.0836 2780        SamSs          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:23:26.0836 2780        SamSs - ok
23:23:26.0867 2780        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
23:23:26.0883 2780        sbp2port - ok
23:23:26.0914 2780        SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
23:23:26.0961 2780        SCardSvr - ok
23:23:26.0976 2780        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
23:23:27.0023 2780        scfilter - ok
23:23:27.0085 2780        Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
23:23:27.0179 2780        Schedule - ok
23:23:27.0210 2780        SCPolicySvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
23:23:27.0273 2780        SCPolicySvc - ok
23:23:27.0304 2780        sdbus          (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
23:23:27.0335 2780        sdbus - ok
23:23:27.0366 2780        SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
23:23:27.0413 2780        SDRSVC - ok
23:23:27.0475 2780        SeaPort        (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
23:23:27.0507 2780        SeaPort - ok
23:23:27.0538 2780        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:23:27.0585 2780        secdrv - ok
23:23:27.0600 2780        seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
23:23:27.0631 2780        seclogon - ok
23:23:27.0647 2780        SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
23:23:27.0709 2780        SENS - ok
23:23:27.0756 2780        SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
23:23:27.0803 2780        SensrSvc - ok
23:23:27.0834 2780        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
23:23:27.0865 2780        Serenum - ok
23:23:27.0897 2780        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
23:23:27.0928 2780        Serial - ok
23:23:27.0959 2780        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
23:23:28.0006 2780        sermouse - ok
23:23:28.0037 2780        SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
23:23:28.0068 2780        SessionEnv - ok
23:23:28.0099 2780        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
23:23:28.0099 2780        sffdisk - ok
23:23:28.0115 2780        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
23:23:28.0131 2780        sffp_mmc - ok
23:23:28.0146 2780        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
23:23:28.0162 2780        sffp_sd - ok
23:23:28.0177 2780        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
23:23:28.0209 2780        sfloppy - ok
23:23:28.0271 2780        Sftfs          (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
23:23:28.0287 2780        Sftfs - ok
23:23:28.0380 2780        sftlist        (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
23:23:28.0427 2780        sftlist - ok
23:23:28.0458 2780        Sftplay        (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
23:23:28.0458 2780        Sftplay - ok
23:23:28.0474 2780        Sftredir        (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
23:23:28.0489 2780        Sftredir - ok
23:23:28.0505 2780        Sftvol          (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
23:23:28.0505 2780        Sftvol - ok
23:23:28.0536 2780        sftvsa          (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
23:23:28.0536 2780        sftvsa - ok
23:23:28.0583 2780        SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
23:23:28.0630 2780        SharedAccess - ok
23:23:28.0661 2780        ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
23:23:28.0708 2780        ShellHWDetection - ok
23:23:28.0739 2780        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
23:23:28.0770 2780        SiSRaid2 - ok
23:23:28.0786 2780        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
23:23:28.0801 2780        SiSRaid4 - ok
23:23:28.0879 2780        SkypeUpdate    (ea396139541706b4b433641d62ea53ce) C:\Program Files (x86)\Skype\Updater\Updater.exe
23:23:28.0911 2780        SkypeUpdate - ok
23:23:28.0942 2780        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
23:23:29.0004 2780        Smb - ok
23:23:29.0035 2780        SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
23:23:29.0082 2780        SNMPTRAP - ok
23:23:29.0098 2780        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
23:23:29.0113 2780        spldr - ok
23:23:29.0145 2780        Spooler        (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
23:23:29.0191 2780        Spooler - ok
23:23:29.0363 2780        sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
23:23:29.0503 2780        sppsvc - ok
23:23:29.0613 2780        sppuinotify    (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
23:23:29.0675 2780        sppuinotify - ok
23:23:29.0753 2780        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
23:23:29.0831 2780        srv - ok
23:23:29.0862 2780        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
23:23:29.0925 2780        srv2 - ok
23:23:29.0956 2780        SrvHsfHDA      (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
23:23:29.0987 2780        SrvHsfHDA - ok
23:23:30.0081 2780        SrvHsfV92      (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
23:23:30.0143 2780        SrvHsfV92 - ok
23:23:30.0315 2780        SrvHsfWinac    (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
23:23:30.0361 2780        SrvHsfWinac - ok
23:23:30.0393 2780        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
23:23:30.0408 2780        srvnet - ok
23:23:30.0455 2780        SSDPSRV        (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
23:23:30.0533 2780        SSDPSRV - ok
23:23:30.0549 2780        SstpSvc        (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
23:23:30.0580 2780        SstpSvc - ok
23:23:30.0658 2780        STacSV          (b2d8b364a831427a5741f6c408fa8ae3) C:\Program Files\IDT\WDM\STacSV64.exe
23:23:30.0736 2780        STacSV - ok
23:23:30.0767 2780        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
23:23:30.0783 2780        stexstor - ok
23:23:30.0845 2780        STHDA          (ef5acde92ba3f691bbfef781cb063501) C:\Windows\system32\DRIVERS\stwrt64.sys
23:23:30.0892 2780        STHDA - ok
23:23:30.0954 2780        stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
23:23:31.0017 2780        stisvc - ok
23:23:31.0032 2780        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
23:23:31.0048 2780        swenum - ok
23:23:31.0079 2780        swprv          (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
23:23:31.0157 2780        swprv - ok
23:23:31.0266 2780        SynTP          (33e6a285daa5134d8ea2247914c86c09) C:\Windows\system32\DRIVERS\SynTP.sys
23:23:31.0313 2780        SynTP - ok
23:23:31.0516 2780        SysMain        (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
23:23:31.0641 2780        SysMain - ok
23:23:31.0703 2780        TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
23:23:31.0734 2780        TabletInputService - ok
23:23:31.0750 2780        TapiSrv        (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
23:23:31.0797 2780        TapiSrv - ok
23:23:31.0812 2780        TBS            (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
23:23:31.0843 2780        TBS - ok
23:23:31.0999 2780        Tcpip          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
23:23:32.0109 2780        Tcpip - ok
23:23:32.0296 2780        TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
23:23:32.0343 2780        TCPIP6 - ok
23:23:32.0405 2780        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
23:23:32.0467 2780        tcpipreg - ok
23:23:32.0483 2780        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
23:23:32.0499 2780        TDPIPE - ok
23:23:32.0514 2780        TDTCP          (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
23:23:32.0530 2780        TDTCP - ok
23:23:32.0545 2780        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
23:23:32.0577 2780        tdx - ok
23:23:32.0623 2780        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
23:23:32.0623 2780        TermDD - ok
23:23:32.0686 2780        TermService    (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
23:23:32.0779 2780        TermService - ok
23:23:32.0811 2780        Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
23:23:32.0811 2780        Themes - ok
23:23:32.0826 2780        THREADORDER    (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:23:32.0857 2780        THREADORDER - ok
23:23:32.0889 2780        TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
23:23:32.0935 2780        TrkWks - ok
23:23:32.0982 2780        TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
23:23:33.0045 2780        TrustedInstaller - ok
23:23:33.0076 2780        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:23:33.0107 2780        tssecsrv - ok
23:23:33.0154 2780        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
23:23:33.0185 2780        TsUsbFlt - ok
23:23:33.0216 2780        TsUsbGD        (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
23:23:33.0232 2780        TsUsbGD - ok
23:23:33.0263 2780        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
23:23:33.0325 2780        tunnel - ok
23:23:33.0341 2780        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
23:23:33.0341 2780        uagp35 - ok
23:23:33.0372 2780        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
23:23:33.0450 2780        udfs - ok
23:23:33.0481 2780        UI0Detect      (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
23:23:33.0497 2780        UI0Detect - ok
23:23:33.0528 2780        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
23:23:33.0528 2780        uliagpkx - ok
23:23:33.0559 2780        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
23:23:33.0591 2780        umbus - ok
23:23:33.0606 2780        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
23:23:33.0622 2780        UmPass - ok
23:23:33.0825 2780        UNS            (758c2ce427c343f780a205e28555c98d) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
23:23:33.0887 2780        UNS - ok
23:23:34.0027 2780        upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
23:23:34.0121 2780        upnphost - ok
23:23:34.0168 2780        USBAAPL64      (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
23:23:34.0215 2780        USBAAPL64 - ok
23:23:34.0246 2780        usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
23:23:34.0261 2780        usbaudio - ok
23:23:34.0293 2780        usbccgp        (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
23:23:34.0324 2780        usbccgp - ok
23:23:34.0371 2780        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
23:23:34.0402 2780        usbcir - ok
23:23:34.0402 2780        usbehci        (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
23:23:34.0433 2780        usbehci - ok
23:23:34.0495 2780        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
23:23:34.0558 2780        usbhub - ok
23:23:34.0573 2780        usbohci        (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
23:23:34.0589 2780        usbohci - ok
23:23:34.0605 2780        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
23:23:34.0651 2780        usbprint - ok
23:23:34.0683 2780        USBSTOR        (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:23:34.0698 2780        USBSTOR - ok
23:23:34.0714 2780        usbuhci        (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
23:23:34.0729 2780        usbuhci - ok
23:23:34.0776 2780        usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
23:23:34.0792 2780        usbvideo - ok
23:23:34.0823 2780        UxSms          (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
23:23:34.0870 2780        UxSms - ok
23:23:34.0901 2780        VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:23:34.0901 2780        VaultSvc - ok
23:23:34.0932 2780        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
23:23:34.0932 2780        vdrvroot - ok
23:23:34.0979 2780        vds            (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
23:23:35.0057 2780        vds - ok
23:23:35.0104 2780        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
23:23:35.0135 2780        vga - ok
23:23:35.0151 2780        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
23:23:35.0197 2780        VgaSave - ok
23:23:35.0213 2780        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
23:23:35.0244 2780        vhdmp - ok
23:23:35.0260 2780        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
23:23:35.0260 2780        viaide - ok
23:23:35.0291 2780        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
23:23:35.0307 2780        volmgr - ok
23:23:35.0338 2780        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
23:23:35.0369 2780        volmgrx - ok
23:23:35.0400 2780        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
23:23:35.0416 2780        volsnap - ok
23:23:35.0447 2780        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
23:23:35.0463 2780        vsmraid - ok
23:23:35.0556 2780        VSS            (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
23:23:35.0665 2780        VSS - ok
23:23:35.0759 2780        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
23:23:35.0806 2780        vwifibus - ok
23:23:35.0821 2780        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
23:23:35.0853 2780        vwififlt - ok
23:23:35.0899 2780        W32Time        (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
23:23:35.0977 2780        W32Time - ok
23:23:36.0009 2780        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
23:23:36.0040 2780        WacomPen - ok
23:23:36.0087 2780        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:23:36.0149 2780        WANARP - ok
23:23:36.0149 2780        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:23:36.0180 2780        Wanarpv6 - ok
23:23:36.0289 2780        WatAdminSvc    (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
23:23:36.0352 2780        WatAdminSvc - ok
23:23:36.0430 2780        wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
23:23:36.0508 2780        wbengine - ok
23:23:36.0617 2780        WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
23:23:36.0648 2780        WbioSrvc - ok
23:23:36.0679 2780        wcncsvc        (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
23:23:36.0711 2780        wcncsvc - ok
23:23:36.0726 2780        WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
23:23:36.0757 2780        WcsPlugInService - ok
23:23:36.0804 2780        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
23:23:36.0820 2780        Wd - ok
23:23:36.0882 2780        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
23:23:36.0945 2780        Wdf01000 - ok
23:23:36.0976 2780        WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:23:36.0991 2780        WdiServiceHost - ok
23:23:36.0991 2780        WdiSystemHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:23:37.0007 2780        WdiSystemHost - ok
23:23:37.0054 2780        WebClient      (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
23:23:37.0101 2780        WebClient - ok
23:23:37.0116 2780        Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
23:23:37.0179 2780        Wecsvc - ok
23:23:37.0194 2780        wercplsupport  (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
23:23:37.0225 2780        wercplsupport - ok
23:23:37.0257 2780        WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
23:23:37.0288 2780        WerSvc - ok
23:23:37.0335 2780        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
23:23:37.0397 2780        WfpLwf - ok
23:23:37.0413 2780        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
23:23:37.0428 2780        WIMMount - ok
23:23:37.0506 2780        Winmgmt        (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
23:23:37.0569 2780        Winmgmt - ok
23:23:37.0678 2780        WinRM          (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
23:23:37.0787 2780        WinRM - ok
23:23:37.0927 2780        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
23:23:37.0974 2780        WinUsb - ok
23:23:38.0037 2780        Wlansvc        (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
23:23:38.0115 2780        Wlansvc - ok
23:23:38.0177 2780        wlcrasvc        (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
23:23:38.0193 2780        wlcrasvc - ok
23:23:38.0395 2780        wlidsvc        (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:23:38.0473 2780        wlidsvc - ok
23:23:38.0598 2780        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
23:23:38.0629 2780        WmiAcpi - ok
23:23:38.0707 2780        wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
23:23:38.0754 2780        wmiApSrv - ok
23:23:38.0817 2780        WMPNetworkSvc - ok
23:23:38.0832 2780        WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
23:23:38.0863 2780        WPCSvc - ok
23:23:38.0895 2780        WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
23:23:38.0910 2780        WPDBusEnum - ok
23:23:38.0941 2780        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
23:23:38.0988 2780        ws2ifsl - ok
23:23:39.0004 2780        WSearch - ok
23:23:39.0129 2780        wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
23:23:39.0238 2780        wuauserv - ok
23:23:39.0378 2780        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
23:23:39.0456 2780        WudfPf - ok
23:23:39.0487 2780        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:23:39.0534 2780        WUDFRd - ok
23:23:39.0565 2780        wudfsvc        (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
23:23:39.0581 2780        wudfsvc - ok
23:23:39.0628 2780        WwanSvc        (ce8cf9de9cbfdaa318bd04d8be3fcada) C:\Windows\System32\wwansvc.dll
23:23:39.0675 2780        WwanSvc - ok
23:23:39.0721 2780        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
23:23:40.0080 2780        \Device\Harddisk0\DR0 - ok
23:23:40.0080 2780        Boot (0x1200)  (1a67824003d6558a0437bbcb70f2b285) \Device\Harddisk0\DR0\Partition0
23:23:40.0080 2780        \Device\Harddisk0\DR0\Partition0 - ok
23:23:40.0127 2780        Boot (0x1200)  (59fb920bd536b7023bcde246932ddea4) \Device\Harddisk0\DR0\Partition1
23:23:40.0127 2780        \Device\Harddisk0\DR0\Partition1 - ok
23:23:40.0158 2780        Boot (0x1200)  (04bf0f00aee3421e974d9b361caaf28b) \Device\Harddisk0\DR0\Partition2
23:23:40.0174 2780        \Device\Harddisk0\DR0\Partition2 - ok
23:23:40.0189 2780        Boot (0x1200)  (68142f2f18bb37f973da2700f46d5afe) \Device\Harddisk0\DR0\Partition3
23:23:40.0189 2780        \Device\Harddisk0\DR0\Partition3 - ok
23:23:40.0189 2780        ============================================================
23:23:40.0189 2780        Scan finished
23:23:40.0189 2780        ============================================================
23:23:40.0205 4432        Detected object count: 1
23:23:40.0205 4432        Actual detected object count: 1
23:26:50.0042 4432        IconMan_R ( UnsignedFile.Multi.Generic ) - skipped by user
23:26:50.0042 4432        IconMan_R ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 31.07.2012 10:20
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Gargamel456 04.08.2012 17:25
Habe leider vergessen Antivir vorher auszuschalten, habe es kurz nach dem Start von cofix gemacht. Hoffe das war kein problem. Falls doch, lass mich bitte wissen ob ich es nochmal ausführen soll...

Hier der log:

Code:
ComboFix 12-08-04.02 - Arne 04.08.2012  14:25:31.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.4044.2671 [GMT 2:00]
ausgeführt von:: c:\users\Arne\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\tmp\U
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-07-04 bis 2012-08-04  ))))))))))))))))))))))))))))))
.
.
2012-07-28 13:12 . 2012-07-28 13:12        --------        d-----w-        C:\_OTL
2012-07-24 22:09 . 2012-07-24 22:09        --------        d-----w-        c:\windows\de
2012-07-24 22:05 . 2012-07-24 22:05        89944        ----a-w-        c:\program files (x86)\Common Files\Windows Live\.cache\793608451cd69e802\DSETUP.dll
2012-07-24 22:05 . 2012-07-24 22:05        537432        ----a-w-        c:\program files (x86)\Common Files\Windows Live\.cache\793608451cd69e802\DXSETUP.exe
2012-07-24 22:05 . 2012-07-24 22:05        1801048        ----a-w-        c:\program files (x86)\Common Files\Windows Live\.cache\793608451cd69e802\dsetup32.dll
2012-07-24 22:05 . 2012-07-24 22:05        15712        ----a-w-        c:\program files (x86)\Common Files\Windows Live\.cache\796b702a1cd69e803\MeshBetaRemover.exe
2012-07-18 20:59 . 2012-07-18 20:59        --------        d-----w-        c:\program files (x86)\ESET
2012-07-17 21:41 . 2012-07-17 21:41        --------        d-----w-        c:\users\Arne\AppData\Roaming\Malwarebytes
2012-07-17 21:41 . 2012-07-17 21:41        --------        d-----w-        c:\programdata\Malwarebytes
2012-07-17 21:41 . 2012-07-17 21:41        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-17 21:41 . 2012-07-03 11:46        24904        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-07-11 17:07 . 2012-06-12 03:08        3148800        ----a-w-        c:\windows\system32\win32k.sys
2012-07-11 16:14 . 2012-06-06 06:06        2004480        ----a-w-        c:\windows\system32\msxml6.dll
2012-07-06 16:26 . 2010-02-23 08:16        294912        ----a-w-        c:\windows\system32\browserchoice.exe
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 21:38 . 2012-04-01 11:38        426184        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-03 21:38 . 2011-10-28 09:16        70344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-24 22:07 . 2010-06-24 09:33        19736        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-06-02 22:19 . 2012-06-21 21:37        38424        ----a-w-        c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 21:37        2428952        ----a-w-        c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 21:37        57880        ----a-w-        c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 21:37        44056        ----a-w-        c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 21:37        701976        ----a-w-        c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 21:37        2622464        ----a-w-        c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 21:37        99840        ----a-w-        c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-21 21:36        186752        ----a-w-        c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-21 21:36        36864        ----a-w-        c:\windows\system32\wuapp.exe
2012-05-08 18:16 . 2011-12-04 21:13        98848        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2012-05-08 18:16 . 2011-12-04 21:13        132832        ----a-w-        c:\windows\system32\drivers\avipbb.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        ----a-w-        c:\users\Arne\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        ----a-w-        c:\users\Arne\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        ----a-w-        c:\users\Arne\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-03 17417392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-07 336384]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-02 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2011-01-25 75048]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-15 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-03-16 61112]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-01-27 318520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-09-13 103992]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-10-26 74752]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
c:\users\Arne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Arne\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 CLKMSVC10_38F51D56;CyberLink Product - 2011/06/01 01:53;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-01-25 241648]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2011-11-14 13352]
R3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-09-13 1098296]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-23 113120]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-02-15 335464]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-28 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-19 27760]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-07 203776]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-05 291896]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 13336]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-02-18 2372096]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-07 8281600]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-07 293376]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-01-08 12262688]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2010-11-04 1041760]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-27 425064]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - CLKMDRV10_38F51D56
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 21:38]
.
2012-08-04 c:\windows\Tasks\HPCeeScheduleForArne.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        97792        ----a-w-        c:\users\Arne\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        97792        ----a-w-        c:\users\Arne\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        97792        ----a-w-        c:\users\Arne\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        97792        ----a-w-        c:\users\Arne\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-08 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-08 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-08 418328]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-25 525312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to MP3 Converter - c:\users\Arne\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 87.216.1.65 87.216.1.66
FF - ProfilePath - c:\users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\76jv5ydo.default\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-08-04  14:35:38 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-08-04 12:35
.
Vor Suchlauf: 11 Verzeichnis(se), 381.226.901.504 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 380.689.989.632 Bytes frei
.
- - End Of File - - 61374A32069230E935FFE839F88F3359

cosinus 04.08.2012 18:55
Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Gargamel456 06.08.2012 19:39
GMER habe ich durchlaufen lassen, am Ende wurde angezeigt dass nichts gefunden wurde, es gab keine Einträge und das logfile war leer.

Komischerweise hat sich gestern das babylon search in meinem firefox zum ersten mal seit 2 wochen wieder gezeigt, allerdings nur einmal und seitdem auch nicht wieder. Fand ich jedenfalls verwirrend.

Das OSAM logfile ist hier:

Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 20:36:13 on 06.08.2012

OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 64-bit
Default Browser: Mozilla Corporation Firefox 14.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"HPCeeScheduleForArne.job" - "Hewlett-Packard" - C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys
"Sftfs" (Sftfs) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftfslh.sys
"Sftplay" (Sftplay) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftplaylh.sys
"Sftredir" (Sftredir) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftredirlh.sys
"Sftvol" (Sftvol) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftvollh.sys

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -  (File not found | COM-object registry key not found)
{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -  (File not found | COM-object registry key not found)
{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -  (File not found | COM-object registry key not found)
{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{E54729E8-BB3D-4270-9D49-7389EA579090} "EasyBits ShellExecute Hook" - "EasyBits Software Corp." - C:\Windows\SysWow64\EZUPBH~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{5E2121EE-0300-11D4-8D3B-444553540000} "Catalyst Context Menu extension" - ? -  (File not found | COM-object registry key not found)
{D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files (x86)\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll
{83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files (x86)\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{0563DB41-F538-4B37-A92D-4659049B7766} "WLMD Message Handler" - ? -  (File not found | COM-object registry key not found)
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101" - ? - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204  (File not found)
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "@C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{8dcb7100-df86-4384-8842-8fa844297b3f} "Bing Bar" - "Microsoft Corporation." - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{d2ce3e00-f94a-4740-988e-03dc2f38c34f} "Bing Bar Helper" - "Microsoft Corporation." - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll
{326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Arne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Dropbox.lnk" - "Dropbox, Inc." - C:\Users\Arne\AppData\Roaming\Dropbox\bin\Dropbox.exe  (Shortcut exists | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Skype" - "Skype Technologies S.A." - "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"APSDaemon" - "Apple Inc." - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
"BDRegion" - "cyberlink" - C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
"DivXUpdate" - ? - "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"Easybits Recovery" - "EasyBits Software AS" - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
"HP Quick Launch" - "Hewlett-Packard Development Company, L.P." - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
"HPConnectionManager" - "Hewlett-Packard Development Company L.P." - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
"HPOSD" - "Hewlett-Packard Development Company, L.P." - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
"IAStorIcon" - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
"iTunesHelper" - "Apple Inc." - "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"RemoteControl10" - "CyberLink Corp." - "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"WinampAgent" - "Nullsoft, Inc." - "C:\Program Files (x86)\Winamp\winampa.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Bullzip PDF Print Monitor" - "Bullzip" - C:\Windows\system32\bzpdf.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll  (File not found)
"@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe"  (File not found)
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Application Virtualization Client" (sftlist) - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
"Application Virtualization Service Agent" (sftvsa) - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
"Avira Realtime Protection" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
"Avira Scheduler" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
"Bing Bar Update Service" (BBSvc) - "Microsoft Corporation." - C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
"Client Virtualization Handler" (cvhsvc) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
"CyberLink Product - 2011/06/01 01:53:42" (CLKMSVC10_38F51D56) - "CyberLink" - C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"Easybits Services for Windows" (ezSharedSvc) - ? - C:\Windows\System32\ezSharedSvcHost.exe  (File not found)
"GamesAppService" (GamesAppService) - "WildTangent, Inc." - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
"HP Client Services" (HPClientSvc) - "Hewlett-Packard Company" - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
"HP Connection Manager 4 Service" (hpCMSrv) - "Hewlett-Packard Development Company L.P." - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
"HP Software Framework Service" (hpqwmiex) - "Hewlett-Packard Company" - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
"HP Support Assistant Service" (HP Support Assistant Service) - "Hewlett-Packard Company" - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
"HPWMISVC" (HPWMISVC) - "Hewlett-Packard Development Company, L.P." - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
"IconMan_R" (IconMan_R) - "Realsil Microelectronics Inc." - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
"Intel(R) Management and Security Application Local Management Service" (LMS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
"Intel(R) Management and Security Application User Notification Service" (UNS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
"Intel(R) Rapid Storage Technology" (IAStorDataMgrSvc) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
"SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
"Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files (x86)\Skype\Updater\Updater.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files (x86)\Bonjour\mdnsNSP.dll
"WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
"WindowsLive NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

cosinus 07.08.2012 13:22
und was ist mit aswMBR?

Gargamel456 07.08.2012 16:01
Oh, habe ich übersehen, hier ist der log:

Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-07 16:29:17
-----------------------------
16:29:17.829    OS Version: Windows x64 6.1.7601 Service Pack 1
16:29:17.829    Number of processors: 4 586 0x2A07
16:29:17.839    ComputerName: ARNE-HP  UserName: Arne
16:29:19.010    Initialize success
16:32:59.619    AVAST engine defs: 12080700
16:34:03.654    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:34:03.654    Disk 0 Vendor: ST950032 0005 Size: 476940MB BusType: 3
16:34:03.664    Disk 0 MBR read successfully
16:34:03.664    Disk 0 MBR scan
16:34:03.684    Disk 0 Windows 7 default MBR code
16:34:03.694    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          199 MB offset 2048
16:34:03.714    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS      461474 MB offset 409600
16:34:03.754    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS        15162 MB offset 945508352
16:34:03.784    Disk 0 Partition 4 00    0C    FAT32 LBA MSDOS5.0      103 MB offset 976560128
16:34:03.824    Disk 0 scanning C:\Windows\system32\drivers
16:34:19.597    Service scanning
16:34:52.112    Modules scanning
16:34:52.122    Disk 0 trace - called modules:
16:34:52.202    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
16:34:52.212    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006bdf060]
16:34:52.222    3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004d08050]
16:34:53.602    AVAST engine scan C:\Windows
16:34:57.023    AVAST engine scan C:\Windows\system32
16:39:08.658    File: C:\Windows\assembly\tmp\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6} **SUSPICIOUS**
16:39:09.378    AVAST engine scan C:\Windows\system32\drivers
16:39:27.632    AVAST engine scan C:\Users\Arne
16:55:54.683    AVAST engine scan C:\ProgramData
16:57:14.556    Scan finished successfully
17:00:18.843    Disk 0 MBR has been saved successfully to "C:\Users\Arne\Desktop\MBR.dat"
17:00:18.843    The log file has been saved successfully to "C:\Users\Arne\Desktop\aswMBR.txt"

cosinus 08.08.2012 15:57
Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Gargamel456 11.08.2012 15:45
Hier der Scan von SASW:

Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 08/11/2012 at 04:34 PM

Application Version : 5.5.1012

Core Rules Database Version : 9044
Trace Rules Database Version: 6856

Scan type      : Complete Scan
Total Scan Time : 01:38:59

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 745
Memory threats detected  : 0
Registry items scanned    : 65258
Registry threats detected : 0
File items scanned        : 139775
File threats detected    : 61

Adware.Tracking Cookie
        C:\Users\Arne\AppData\Roaming\Microsoft\Windows\Cookies\arne@ads.creative-serving[2].txt [ /ads.creative-serving ]
        C:\Users\Arne\AppData\Roaming\Microsoft\Windows\Cookies\352GOJ66.txt [ /atdmt.com ]
        C:\Users\Arne\AppData\Roaming\Microsoft\Windows\Cookies\TNQ1HR68.txt [ /bs.serving-sys.com ]
        C:\Users\Arne\AppData\Roaming\Microsoft\Windows\Cookies\W8L4Q9D0.txt [ /serving-sys.com ]
        C:\Users\Arne\AppData\Roaming\Microsoft\Windows\Cookies\QSYCLZ6F.txt [ /c.atdmt.com ]
        C:\USERS\ARNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\9SJ39ZPP.txt [ Cookie:arne@atdmt.com/ ]
        C:\USERS\ARNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\IHJV07TS.txt [ Cookie:arne@msnportal.112.2o7.net/ ]
        C:\USERS\ARNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\7G4OGH49.txt [ Cookie:arne@statse.webtrendslive.com/ ]
        C:\USERS\ARNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\4B9Y5E0C.txt [ Cookie:arne@www.qsstats.com/ ]
        C:\USERS\ARNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\VR97JOAB.txt [ Cookie:arne@o1.qnsr.com/ ]
        C:\USERS\ARNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\6E9PAXFT.txt [ Cookie:arne@msn.com/olympics-2012/inside-track/ ]
        C:\USERS\ARNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\SL1FEFJB.txt [ Cookie:arne@virginmedia.com/ ]
        C:\USERS\ARNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\35C5BC0T.txt [ Cookie:arne@adtech.de/ ]
        C:\USERS\ARNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZEJ5663P.txt [ Cookie:arne@h.atdmt.com/ ]
        C:\USERS\ARNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\KEFSE4Y4.txt [ Cookie:arne@e1.cdn.qnsr.com/ ]
        C:\USERS\ARNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\UNURY09M.txt [ Cookie:arne@ad.yieldmanager.com/ ]
        C:\USERS\ARNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\GBKMP637.txt [ Cookie:arne@qnsr.com/ ]
        C:\USERS\ARNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\SABI1SPY.txt [ Cookie:arne@zanox.com/ ]
        C:\USERS\ARNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\YHLB1ZDI.txt [ Cookie:arne@adfarm1.adition.com/ ]
        C:\USERS\ARNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\TLKNXB08.txt [ Cookie:arne@mediaplex.com/ ]
        C:\USERS\ARNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZTXK1K6I.txt [ Cookie:arne@horyzon-media.com/ ]
        C:\USERS\ARNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\2K0OHG02.txt [ Cookie:arne@ru4.com/ ]
        C:\USERS\ARNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\KOEZYQ2N.txt [ Cookie:arne@ad.zanox.com/ ]
        C:\USERS\ARNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\ISZRSGPI.txt [ Cookie:arne@smartadserver.com/ ]
        C:\USERS\ARNE\Cookies\352GOJ66.txt [ Cookie:arne@atdmt.com/ ]
        .zanox-affiliate.de [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
        .adform.net [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
        .zanox.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
        .youporn.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
        www.youporn.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
        www.star-advertising.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
        www.star-advertising.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
        www.star-advertising.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
        ads2.zeusclicks.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
        .exoclick.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
        traffic.acwebconnecting.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
        traffic.acwebconnecting.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
        ads.trafficjunky.net [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
        www.star-advertising.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
        www.star-advertising.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
        www.star-advertising.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
        .exoclick.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
        www.star-advertising.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
        www.star-advertising.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
        www.star-advertising.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
        www.star-advertising.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
        .youporn.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
        .youporn.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
        .youporn.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
        ad3.adfarm1.adition.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
        .bs.serving-sys.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]

Trojan.Agent/Gen-Sirefef
        C:\WINDOWS\SYSTEM32\CONSRV.DLL
Und hier von Malwarebytes:

Code:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.11.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Arne :: ARNE-HP [Administrator]

11.08.2012 17:11:54
mbam-log-2012-08-11 (17-11-54).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|Q:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 339196
Laufzeit: 1 Stunde(n), 18 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

cosinus 11.08.2012 18:41
Code:
UAC On - Limited User
Wie hast du SASW gestartet? Einfach per Doppelklick?

Code:
Trojan.Agent/Gen-Sirefef
        C:\WINDOWS\SYSTEM32\CONSRV.DLL
Vermutlich nur ein Überrest.
Bitte diese Datei bei Virustotal auswerten lassen und den Ergebnislink posten. Falls Du die Datei nicht siehst, musst Du sie evtl. vorher sichtbar machen.
Wenn die Datei schon ausgewertet sein sollte, bitte eine weitere Auswertung starten.

Gargamel456 12.08.2012 23:56
Okay, soll ich SASW nochmal als administrator ausführen?

Ich konnte die Datei nicht auf virustotal hochladen. Wenn ich in windows in dem ordner schaue, kann ich die datei finden, nicht aber beim hochladen bei virustotal. Auch nicht, nachdem ich die Anweisungen zum sichtbar machen von dateien befolgt habe. Erklären kann ich mir das nicht.

cosinus 13.08.2012 16:57
Zitat:
Okay, soll ich SUPERAntiSpyware nochmal als administrator ausführen?
Ja, wie in der Anleitung zu sasw erwähnt wurde

Zitat:
Auch nicht, nachdem ich die Anweisungen zum sichtbar machen von dateien befolgt habe. Erklären kann ich mir das nicht.
Man kann auch den kompletten Pfad der Datei kopieren und einfügen, man ist nicht gezwungen Dateien auszuwählen

Gargamel456 14.08.2012 16:55
Okay, hier nochmal der SASW Scan:

Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 08/14/2012 at 05:48 PM

Application Version : 5.5.1012

Core Rules Database Version : 9044
Trace Rules Database Version: 6856

Scan type      : Complete Scan
Total Scan Time : 01:42:32

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 743
Memory threats detected  : 0
Registry items scanned    : 65275
Registry threats detected : 0
File items scanned        : 140393
File threats detected    : 64

Adware.Tracking Cookie
        C:\Users\Arne\AppData\Roaming\Microsoft\Windows\Cookies\arne@ads.creative-serving[2].txt [ /ads.creative-serving ]
        C:\Users\Arne\AppData\Roaming\Microsoft\Windows\Cookies\984H31LN.txt [ /atdmt.com ]
        C:\Users\Arne\AppData\Roaming\Microsoft\Windows\Cookies\TNQ1HR68.txt [ /bs.serving-sys.com ]
        C:\Users\Arne\AppData\Roaming\Microsoft\Windows\Cookies\W8L4Q9D0.txt [ /serving-sys.com ]
        C:\Users\Arne\AppData\Roaming\Microsoft\Windows\Cookies\7OJQMR7X.txt [ /c.atdmt.com ]
        C:\USERS\ARNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\9SJ39ZPP.txt [ Cookie:arne@atdmt.com/ ]
        C:\USERS\ARNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\IHJV07TS.txt [ Cookie:arne@msnportal.112.2o7.net/ ]
        C:\USERS\ARNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\V4WHN3IG.txt [ Cookie:arne@imrworldwide.com/cgi-bin ]
        C:\USERS\ARNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\7G4OGH49.txt [ Cookie:arne@statse.webtrendslive.com/ ]
        C:\USERS\ARNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\4B9Y5E0C.txt [ Cookie:arne@www.qsstats.com/ ]
        C:\USERS\ARNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\VR97JOAB.txt [ Cookie:arne@o1.qnsr.com/ ]
        C:\USERS\ARNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\6E9PAXFT.txt [ Cookie:arne@msn.com/olympics-2012/inside-track/ ]
        C:\USERS\ARNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\SL1FEFJB.txt [ Cookie:arne@virginmedia.com/ ]
        C:\USERS\ARNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\35C5BC0T.txt [ Cookie:arne@adtech.de/ ]
        C:\USERS\ARNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZEJ5663P.txt [ Cookie:arne@h.atdmt.com/ ]
        C:\USERS\ARNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\KEFSE4Y4.txt [ Cookie:arne@e1.cdn.qnsr.com/ ]
        C:\USERS\ARNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\UNURY09M.txt [ Cookie:arne@ad.yieldmanager.com/ ]
        C:\USERS\ARNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\GBKMP637.txt [ Cookie:arne@qnsr.com/ ]
        C:\USERS\ARNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\SABI1SPY.txt [ Cookie:arne@zanox.com/ ]
        C:\USERS\ARNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\YHLB1ZDI.txt [ Cookie:arne@adfarm1.adition.com/ ]
        C:\USERS\ARNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\TLKNXB08.txt [ Cookie:arne@mediaplex.com/ ]
        C:\USERS\ARNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZTXK1K6I.txt [ Cookie:arne@horyzon-media.com/ ]
        C:\USERS\ARNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\2K0OHG02.txt [ Cookie:arne@ru4.com/ ]
        C:\USERS\ARNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\KOEZYQ2N.txt [ Cookie:arne@ad.zanox.com/ ]
        C:\USERS\ARNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\ISZRSGPI.txt [ Cookie:arne@smartadserver.com/ ]
        C:\USERS\ARNE\Cookies\984H31LN.txt [ Cookie:arne@atdmt.com/ ]
        C:\Users\Arne\AppData\Roaming\Microsoft\Windows\Cookies\9YU6U50B.txt [ /atdmt.com ]
        C:\USERS\ARNE\Cookies\9YU6U50B.txt [ Cookie:arne@atdmt.com/ ]
        .zanox-affiliate.de [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
        .adform.net [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
        .zanox.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
        .youporn.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
        www.youporn.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
        www.star-advertising.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
        www.star-advertising.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
        www.star-advertising.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
        ads2.zeusclicks.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
        .exoclick.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
        traffic.acwebconnecting.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
        traffic.acwebconnecting.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
        ads.trafficjunky.net [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
        www.star-advertising.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
        www.star-advertising.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
        www.star-advertising.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
        .exoclick.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
        www.star-advertising.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
        www.star-advertising.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
        www.star-advertising.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
        www.star-advertising.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
        .youporn.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
        .youporn.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
        .youporn.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
        ad3.adfarm1.adition.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]
        .bs.serving-sys.com [ C:\USERS\ARNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\76JV5YDO.DEFAULT\COOKIES.SQLITE ]

Trojan.Agent/Gen-Sirefef
        C:\WINDOWS\SYSTEM32\CONSRV.DLL
Die Datei C:\WINDOWS\SYSTEM32\CONSRV.DLL wird trotzdem nicht gefunden unter Virustotal, auch wenn ich den Pfad wie angegeben reinkopiere...

cosinus 14.08.2012 17:11
Machen wir das so:

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":Files" muss mitkopiert werden!!!)

Code:
:Files
C:\WINDOWS\SYSTEM32\CONSRV.DLL
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Gargamel456 14.08.2012 19:18
Okay, offensichtlich konnte die fragliche Datei auch hier nicht gefunden werden. Wenn ich in den Ordner schaue, sehe ich sie aber. Kann ich sie nicht einfach per SASW löschen?

Code:
All processes killed
========== FILES ==========
File\Folder C:\WINDOWS\SYSTEM32\CONSRV.DLL not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Arne
->Temp folder emptied: 149516 bytes
->Temporary Internet Files folder emptied: 1296822 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 5855771 bytes
->Flash cache emptied: 0 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2682 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 7,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Arne
->Flash cache emptied: 0 bytes
 
User: Default
 
User: Default User
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.54.1 log created on 08142012_201101

Files\Folders moved on Reboot...
C:\Users\Arne\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\Arne\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...

cosinus 15.08.2012 18:59
Hm, klingt zwar irgendwie nach einem Widerspruch in sich aber lösch ruhig mal mit SASW alles

Gargamel456 16.08.2012 22:53
Okay, Dateien sind gelöscht. Wie gehts weiter?

cosinus 17.08.2012 19:49
Wie wären eigentlich durch. Ich frage mich aber, ob die Datei nun von SASW noch gefunden wird, kannst ja noch abschließend einen Kontrollscan machen

Abgesehen davon nun wieder alles ok mit dem Rechner oder wäre noch was offen?

Gargamel456 18.08.2012 20:20
Der Rechner läuft einwandfrei. Hier ist nochmal der scanlog von SASW:

Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 08/18/2012 at 04:01 PM

Application Version : 5.5.1012

Core Rules Database Version : 9044
Trace Rules Database Version: 6856

Scan type      : Complete Scan
Total Scan Time : 01:39:45

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 748
Memory threats detected  : 0
Registry items scanned    : 65291
Registry threats detected : 0
File items scanned        : 139497
File threats detected    : 3

Adware.Tracking Cookie
        C:\Users\Arne\AppData\Roaming\Microsoft\Windows\Cookies\8XL5Y06D.txt [ /atdmt.com ]
        C:\Users\Arne\AppData\Roaming\Microsoft\Windows\Cookies\2C090DK3.txt [ /c.atdmt.com ]
        C:\USERS\ARNE\Cookies\8XL5Y06D.txt [ Cookie:arne@atdmt.com/ ]

cosinus 20.08.2012 16:52
Sieht ok aus, da wurden nur Cookies gefunden.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )


Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Gargamel456 21.08.2012 15:47
Okay, vielen Dank für die Tipps und Hinweise bzgl. Cookies.

Nein, weitere Probleme gibt es nicht...
Kann ich die ganzen Programme wieder deinstallieren oder soll ich sie behalten?

Also komischerweise scheint das babylon immer noch nicht zu 100% entfernt zu sein, auch wenn ich es nicht verstehe. Wenn ich den firefox neu starte, kommt als startseite die mozilla firefox startseite mit der suchleiste, die normalerweise google suchergebnisse bringen sollte. Wenn ich dort einen suchbegriff eingebe, bekomme ich aber suchergebnisse von babylon...

Gargamel456 28.08.2012 08:20
Letzteres konnte ich lösen, indem ich Firefox einmal deinstalliert und wieder neu heruntergeladen und installiert habe.

cosinus 30.08.2012 19:04
Bitte den neuen adwCleaner runterladen!

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

Gargamel456 30.08.2012 19:31
Okay, hier der log:

Code:
# AdwCleaner v2.000 - Datei am 08/30/2012 um 20:28:27 erstellt
# Aktualisiert am 30/08/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Arne - ARNE-HP
# Normaler Modus : Normal
# Ausgeführt unter : C:\Users\Arne\Downloads\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v14.0.1 (de)

Profilname : default
Datei : C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\ty0snz50.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [6489 octets] - [24/07/2012 22:10:43]
AdwCleaner[S1].txt - [6236 octets] - [24/07/2012 23:39:00]
AdwCleaner[R2].txt - [869 octets] - [30/08/2012 20:28:27]

########## EOF - C:\AdwCleaner[R2].txt - [928 octets] ##########

cosinus 30.08.2012 20:11
Kein Babylon mehr zu finden....ist der immer noch nicht weg?

Gargamel456 30.08.2012 20:50
Doch, Babylon ist jetzt weg!!

Wie oben geschrieben, hatte ich firefox einmal komplett deinstalliert, nach Neuinstallation kam babylon nicht mehr...

Soll ich den restlichen Kram von adwcleaner trotzdem noch löschen?

cosinus 30.08.2012 21:47
Was löschen? Es wurde nichts mehr gefunden!

Gargamel456 30.08.2012 23:08
Alles klar, also sind wir durch?

cosinus 31.08.2012 10:44
Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen:

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.


Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.


Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks => Adobe Flash Player Distribution | Adobe

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

Gargamel456 05.09.2012 22:58
:party:

Super!! Vielen vielen Dank!!!

Beste Grüße

Gargamel


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:38 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130