Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   a variant of Win32/Kryptik.AIWA und mehr nach Systemwiederherstellung entdeckt (https://www.trojaner-board.de/120356-a-variant-of-win32-kryptik-aiwa-mehr-systemwiederherstellung-entdeckt.html)

mobspot 25.07.2012 12:29
a variant of Win32/Kryptik.AIWA und mehr nach Systemwiederherstellung entdeckt
 
Liste der Anhänge anzeigen (Anzahl: 1)
Hallo Zusammen, ein Neuling mit einem Problem, dass ich kurz schildern möchte. Ich hatte nach einer Internetrecherche plötzlich eine Meldung, dass sich ein Programm installieren möchte (irgendwas mit "w" und 4 Buchstaben). Das habe ich untersagt, die Meldung ist aber permanent aufgepoppt, auch STRG+ALT+ENTF und Taskmanager hat nicht funktioniert. Also habe ich das Laptop hart heruntergefahren und nach Restart einen cc-cleaner laufen lassen wollen. In diesem Verlauf sind dann ganze Heerscharen von popups gekommen, die mich auf einen totalen harddisk-Fehler und schwere Systemfehler aufmerksam machten, gleichzeitig ein weiteres Programm "filesys" oder so ähnlich, dass gegen Bezahlung meinen Rechner wieder fit macht. Stattdessen hab ich die Systemsteuerung gezogen und eine Wiederherstellung durchgeführt, soweit so gut. Danach waren die meisten Dateien auf allen Partitionen (insgesamt 3) überweigend als versteckte Dateien wiederzufinden. Nach einer ersten Recherche hab ich gestern eset.exe scannen lassen (hat 6h gedauert :balla:). das ergebnisfile hier im Folgenden:

C:\Users\***\AppData\Local\Temp\B948.tmp a variant of Win32/Kryptik.AIWA trojan
C:\Users\***\AppData\Local\Temp\vrnvVbm2q1Z9HC.exe.tmp a variant of Win32/Kryptik.AIVK trojan
C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\eBay.lnk Win32/Adware.ADON application
C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\eBay.lnk Win32/Adware.ADON application
C:\Users\***\Documents\Downloads\SoftonicDownloader_fuer_getdataback.exe a variant of Win32/SoftonicDownloader.A application
C:\Users\***\Documents\Downloads\SoftonicDownloader_fuer_pandora-recovery.exe a variant of Win32/SoftonicDownloader.A application
C:\Users\***\Documents\Downloads\SoftonicDownloader_fuer_recuva.exe a variant of Win32/SoftonicDownloader.A application
C:\Users\***\Documents\DVDVideoSoft\SoftonicDownloader_fuer_audiocon.exe a variant of Win32/SoftonicDownloader.A application
R:\System Volume Information\_restore{FCB56B84-9A2F-40C0-93A8-37B28BE17D11}\RP259\A0135310.exe Win32/Adware.ADON application
R:\****\FreeAudioCDtoMP3Converter.exe Win32/Adware.ADON application
S:\$RECYCLE.BIN\S-1-5-21-4018179539-3163974065-579344517-1003\$REIUPD4\Backup Files 2012-07-24 123242\Backup files 10.zip Win32/Adware.ADON application
S:\$RECYCLE.BIN\S-1-5-21-4018179539-3163974065-579344517-1003\$REIUPD4\Backup Files 2012-07-24 123242\Backup files 2.zip a variant of Win32/SoftonicDownloader.A application
S:\$RECYCLE.BIN\S-1-5-21-4018179539-3163974065-579344517-1003\$REIUPD4\Backup Files 2012-07-24 123242\Backup files 3.zip a variant of Win32/SoftonicDownloader.A application
S:\***-PC\Backup Set 2012-06-14 120001\Backup Files 2012-06-14 120001\Backup files 10.zip Win32/Adware.ADON application
S:\***-PC\Backup Set 2012-06-14 120001\Backup Files 2012-06-14 120001\Backup files 2.zip a variant of Win32/SoftonicDownloader.A application
S:\***-PC\Backup Set 2012-06-14 120001\Backup Files 2012-06-14 120001\Backup files 3.zip a variant of Win32/SoftonicDownloader.A application

(Zur Erklärung S:\ und R:\ sind meine Backups auf einer externen Platte).

Danach hab ich mich hier angemeldet und bin oder wollte wie beschrieben vorgehen: defogger und OTL sind problemlos gelaufen (files im Anhang);

bei "gmer" ist mir der Rechner beim ersten Versuch abgedampft (siehe Anhang "unerwartetes herunterfahren.txt"). 2. Versuch, dann wieder um 4Uhr früh ausgestiegen, das heißt Uhr stehen gebleiben, Maus weg, keinerlei Tastenfunktionen mehr) Deswegen gibt´s dazu leider kein file. Aber als nachtaktiver Mensch hab ich mir den Dateipfad abgeschrieben, bei dem´s passiert ist, wie folgt:

C:\Windows\winsxs\x86_wcf_m_smsvchost_perf_c_reg31bf3856ad364e35_6.1.7600.16385_none_3023f96a70048f98. Anbei auch ein Bild (img_0420)

Soviel zur Schilderung (Gott war das hoffentlich nicht zu lang :confused:). Hoffe auf eure Hilfe, damit ich meinen Rechner wieder clean kriege.

Vielen Dank vorab :dankeschoen:

cosinus 30.07.2012 10:34
Bitte erstmal routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!


Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

mobspot 30.07.2012 13:13
Hallo Cosinus,

Danke für die erste Antwort. Hier das logfile von malwarebytes. Ich hab versucht das in den Code-Tags direkt zu posten, bekomm das aber nicht hin, sorry.

Hoffe auf weitere Rückmeldungen.

Danke:dankeschoen:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.30.05

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
bslap :: BSLAP-PC [Administrator]

30.07.2012 11:44:11
mbam-log-2012-07-30 (11-44-11).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|P:\|Q:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 406715
Laufzeit: 2 Stunde(n), 19 Minute(n), 43 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Program Files\RelevantKnowledge (PUP.Spyware.MarketScore) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 3
C:\Users\bslap\Documents\Downloads\SoftonicDownloader_fuer_getdataback.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\bslap\Documents\Downloads\SoftonicDownloader_fuer_pandora-recovery.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\bslap\Documents\Downloads\SoftonicDownloader_fuer_recuva.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

cosinus 30.07.2012 18:44
Code:
C:\Users\bslap\Documents\Downloads\SoftonicDownloader_fuer_getdataback.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\bslap\Documents\Downloads\SoftonicDownloader_fuer_pandora-recovery.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\bslap\Documents\Downloads\SoftonicDownloader_fuer_recuva.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.
Vermüllte Software von Softonic scheint gerade stark in Mode zu sein! http://cosgan.de/images/midi/boese/a040.gif

Finger weg von Softonic!! :pfui:

Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller und nicht von solchen Toolbarklitschen wie Softonic! Im Notfall würde natürlich chip.de gehen


Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

mobspot 30.07.2012 20:43
Hallo cosinus,

hab die Botschaft verstanden :-|

Bislang hatte ich noch nihct mit Malwarebytes gescannt. Nur mit eset, das logfile hatte ich ja gepostet.

Wie geht´s weiter?

Gruß mobspot.

cosinus 30.07.2012 21:27
adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

mobspot 31.07.2012 10:47
Servus again,

hier das txt-file von AdwCleaner

# AdwCleaner v1.703 - Logfile created 07/31/2012 at 11:44:48
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Professional (32 bits)
# User : bslap - BSLAP-PC
# Running from : C:\Users\bslap\AppData\Local\Opera\Opera\temporary_downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\bslap\AppData\Local\APN
Folder Found : C:\Users\bslap\AppData\Local\Conduit
Folder Found : C:\Users\bslap\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\bslap\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\bslap\AppData\LocalLow\Conduit
Folder Found : C:\Users\bslap\AppData\LocalLow\ConduitEngine
Folder Found : C:\Users\Johannes\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\Johannes\AppData\LocalLow\Conduit
Folder Found : C:\Users\Johannes\AppData\LocalLow\ConduitEngine
Folder Found : C:\Users\Johannes\AppData\LocalLow\DVDVideoSoftTB
Folder Found : C:\Users\Johannes\AppData\LocalLow\PriceGong
Folder Found : C:\Users\bslap\AppData\Roaming\Desktopicon
Folder Found : C:\Users\bslap\AppData\Roaming\OpenCandy
Folder Found : C:\Users\bslap\AppData\Roaming\Mozilla\Firefox\Profiles\7ns5zi8v.default\extensions\toolbar@ask.com
Folder Found : C:\Users\bslap\Documents\Save
Folder Found : C:\Program Files\Ask.com
Folder Found : C:\Program Files\AutocompletePro
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\ConduitEngine
Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
File Found : C:\Users\bslap\AppData\Roaming\Microsoft\Windows\Start Menu\eBay.lnk
File Found : C:\Users\bslap\AppData\Roaming\Mozilla\Firefox\Profiles\7ns5zi8v.default\searchplugins\Askcom.xml
File Found : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml

***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2269050[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2611456[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2776682
Key Found : HKCU\Software\APN
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\conduitEngine
Key Found : HKCU\Software\AppDataLow\Software\Toolbar
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\AutocompletePro
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Headlight
Key Found : HKCU\Software\Iminent
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\APN
Key Found : HKLM\SOFTWARE\AskToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\AutocompletePro.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO
Key Found : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO.1
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\conduitEngine
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\defdhglnppeioeflggkmglipcecffkhk
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Found : HKLM\SOFTWARE\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AutocompletePro3_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Value Found : HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel [Homepage]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://search.autocompletepro.com/?si=10205&bi=400
[HKCU\Software\Microsoft\Internet Explorer\Main - Default_Search_URL] = hxxp://search.autocompletepro.com/?si=10205&bi=400
[HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://search.autocompletepro.com/?si=10205&bi=400
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Default_Page_URL] = hxxp://search.autocompletepro.com/?si=10205&bi=400
[HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://search.autocompletepro.com/?si=10205&bi=400
[HKCU\Software\Microsoft\Internet Explorer\Search - Search Page] = hxxp://search.autocompletepro.com/?si=10205&bi=400
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=8e97ebda00000000000054ed87e48d15&tlver=1.4.19.19&affID=17162

-\\ Mozilla Firefox v5.0 (de)

Profile name : default
File : C:\Users\bslap\AppData\Roaming\Mozilla\Firefox\Profiles\7ns5zi8v.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v20.0.1132.57

File : C:\Users\bslap\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found : "scriptable_host": [ "*://*.ask.com/", "*://*.bagsbuy.com/*", "*://*.childrenschorus.[...]
Found : "matches": [ "*://*.google.com/*", "*://*.ask.com/", "*://*.bagsbuy.com/*", "*://*[...]
Found : "update_url": "hxxp://apnmedia.ask.com/media/toolbar/supertoolbar/chrome/manifest.php[...]

-\\ Opera v12.0.1467.0

File : C:\Users\bslap\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

File : C:\Users\Johannes\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [9777 octets] - [31/07/2012 11:44:48]

########## EOF - C:\AdwCleaner[R1].txt - [9905 octets] ##########

Danke:dankeschoen:

cosinus 31.07.2012 12:31
adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

mobspot 31.07.2012 13:03
Hi Arne,

hier die txt-Datei

# AdwCleaner v1.703 - Logfile created 07/31/2012 at 13:58:57
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Professional (32 bits)
# User : bslap - BSLAP-PC
# Running from : C:\Users\bslap\Documents\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\bslap\AppData\Local\APN
Folder Deleted : C:\Users\bslap\AppData\Local\Conduit
Folder Deleted : C:\Users\bslap\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\bslap\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\bslap\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\bslap\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Johannes\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Johannes\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Johannes\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Johannes\AppData\LocalLow\DVDVideoSoftTB
Folder Deleted : C:\Users\Johannes\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\bslap\AppData\Roaming\Desktopicon
Folder Deleted : C:\Users\bslap\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\bslap\AppData\Roaming\Mozilla\Firefox\Profiles\7ns5zi8v.default\extensions\toolbar@ask.com
Folder Deleted : C:\Users\bslap\Documents\Save
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\AutocompletePro
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\ConduitEngine
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
File Deleted : C:\Users\bslap\AppData\Roaming\Microsoft\Windows\Start Menu\eBay.lnk
File Deleted : C:\Users\bslap\AppData\Roaming\Mozilla\Firefox\Profiles\7ns5zi8v.default\searchplugins\Askcom.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml

***** [Registry] *****
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2269050[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2611456[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2776682
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AutocompletePro
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\Iminent
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\APN
Key Deleted : HKLM\SOFTWARE\AskToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\AutocompletePro.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO
Key Deleted : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO.1
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\conduitEngine
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\defdhglnppeioeflggkmglipcecffkhk
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AutocompletePro3_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Value Deleted : HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel [Homepage]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://search.autocompletepro.com/?si=10205&bi=400 --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Search_URL] = hxxp://search.autocompletepro.com/?si=10205&bi=400 --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://search.autocompletepro.com/?si=10205&bi=400 --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Default_Page_URL] = hxxp://search.autocompletepro.com/?si=10205&bi=400 --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://search.autocompletepro.com/?si=10205&bi=400 --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Search Page] = hxxp://search.autocompletepro.com/?si=10205&bi=400 --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=8e97ebda00000000000054ed87e48d15&tlver=1.4.19.19&affID=17162 --> hxxp://www.google.com

-\\ Mozilla Firefox v5.0 (de)

Profile name : default
File : C:\Users\bslap\AppData\Roaming\Mozilla\Firefox\Profiles\7ns5zi8v.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v20.0.1132.57

File : C:\Users\bslap\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted : "scriptable_host": [ "*://*.ask.com/", "*://*.bagsbuy.com/*", "*://*.childrenschorus.[...]
Deleted : "matches": [ "*://*.google.com/*", "*://*.ask.com/", "*://*.bagsbuy.com/*", "*://*[...]
Deleted : "update_url": "hxxp://apnmedia.ask.com/media/toolbar/supertoolbar/chrome/manifest.php[...]

-\\ Opera v12.0.1467.0

File : C:\Users\bslap\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

File : C:\Users\Johannes\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [9906 octets] - [31/07/2012 11:44:48]
AdwCleaner[S1].txt - [10140 octets] - [31/07/2012 13:58:57]

########## EOF - C:\AdwCleaner[S1].txt - [10269 octets] ##########

Gruß Steffen:dankeschoen:

cosinus 31.07.2012 18:51
Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

mobspot 31.07.2012 19:11
Hello Again, war grad auf dem Weg von Bremen nach Aachen, was ein Stress!

Nun zu deinen Fragen:

Windows geht soweit wieder - einige leere Ordner sind tatsächlich da und einige, die zwar einen Inhalt anzeigen, den man aber nicht deinstallieren kann - nur die Verknüpfung löschen kann ich. Was ich nicht machen kann sind manuelle Wiederherstellungspunkte erstellen - was aber vielleicht bei Windows7 gar nicht geht, weiß nicht.

Zur zweiten Frage: Ärgerlich ist, dass etliche bzw. die meisten Ordner jetzt versteckt angezeigt werden, teilweise musste ich mir trotz Adminrechten eine Freigabe erteilen, dass ich überhaupt zugreifen kann. Einige der Ordner hab ich jetzt manuell wieder als nicht versteckt gekennzeichnet.

Gruß Steffen:kaffee:

cosinus 01.08.2012 19:01
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

mobspot 06.08.2012 12:48
Hallo Arne,

"unhide" hat funktioniert, vielen Dank für den Tip.

Da ja jetzt alles wieder soweit funktioniert, bleibt noch die Frage, was mit den Trojanern passiert? Ich hab einen Scan mit Avira gemacht, der hat die nicht gefunden. Ich meine aber, dass die immer noch auf meiner Platte ihr Unwesen treiben.

Macht es Sinn auf Kaspersky umzusteigen?

Freu mich auf Rückmeldung
Gruß Steffen

cosinus 06.08.2012 13:20
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

mobspot 06.08.2012 15:51
Hallo, hier das OTL.txt-file:OTL Logfile:
Code:
OTL logfile created on: 06.08.2012 16:24:56 - Run 4
OTL by OldTimer - Version 3.2.56.0    Folder = C:\Users\bslap\Desktop
 Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,87 Gb Total Physical Memory | 1,60 Gb Available Physical Memory | 55,81% Memory free
5,73 Gb Paging File | 4,03 Gb Available in Paging File | 70,30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 110,55 Gb Total Space | 37,54 Gb Free Space | 33,96% Space Free | Partition Type: NTFS
Drive P: | 84,33 Gb Total Space | 23,23 Gb Free Space | 27,55% Space Free | Partition Type: NTFS
Drive Q: | 93,86 Gb Total Space | 60,02 Gb Free Space | 63,95% Space Free | Partition Type: NTFS
 
Computer Name: BSLAP-PC | User Name: bslap | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\bslap\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Microsoft MapPoint Europe 2011\StreetsOlkShim.exe (Microsoft)
PRC - C:\Programme\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
PRC - C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
PRC - C:\Programme\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe (Deutsche Telekom AG)
PRC - C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Users\bslap\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)
PRC - C:\Programme\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
PRC - C:\Programme\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
PRC - C:\Programme\Dell\DW WLAN Card\WLTRYSVC.EXE (Dell Inc.)
PRC - C:\Programme\Dell\DW WLAN Card\BCMWLTRY.EXE (Dell Inc.)
PRC - C:\Programme\EMC IRM\Common\autoofflineprocess.exe (EMC Corporation)
PRC - C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\stacsv.exe (IDT, Inc.)
PRC - C:\Users\bslap\AppData\Roaming\T-Mobile Internet Manager\ouc.exe (Huawei Technologies Co., Ltd.)
PRC - C:\Programme\CheckPoint\SecuRemote\bin\SR_GUI.exe (Check Point Software Technologies)
PRC - C:\Programme\CheckPoint\SecuRemote\bin\SR_Watchdog.exe (Check Point Software Technologies)
PRC - C:\Programme\CheckPoint\SecuRemote\bin\SR_Service.exe (Check Point Software Technologies)
PRC - C:\Programme\STMicroelectronics\Accelerometer\InstallFilterService.exe ()
PRC - C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Programme\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
PRC - C:\Programme\Nuance\PDF Professional 5\PdfPro5Hook.exe (Nuance Communications, Inc.)
PRC - C:\Programme\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Programme\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
PRC - C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\84fbf353f91385690a3e4e982aa6930e\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll ()
MOD - C:\Programme\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll ()
MOD - C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Programme\Microsoft Office\Office12\ADDINS\ColleagueImport.dll ()
MOD - C:\Programme\Common Files\ScanSoft Shared\PDF5\OutlookAddin.dll ()
MOD - C:\Programme\Common Files\ScanSoft Shared\PDF5\PDFAttachPlugin.api ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (MCSWASVR) -- C:\Programme\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe (Deutsche Telekom AG)
SRV - (MSSQL$SQLEXPRESS) -- C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLWriter) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (SQLAgent$SQLEXPRESS) -- C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation)
SRV - (SQLBrowser) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (BBSvc) -- C:\Programme\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (SearchAnonymizer) -- C:\Users\bslap\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
SRV - (wltrysvc) -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE (Dell Inc.)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\stacsv.exe (IDT, Inc.)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (SR_Watchdog) -- C:\Programme\CheckPoint\SecuRemote\bin\SR_Watchdog.exe (Check Point Software Technologies)
SRV - (SR_Service) -- C:\Programme\CheckPoint\SecuRemote\bin\SR_Service.exe (Check Point Software Technologies)
SRV - (InstallFilterService) -- C:\Programme\STMicroelectronics\Accelerometer\InstallFilterService.exe ()
SRV - (UNS) -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (btwdins) -- c:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (MSSQLServerADHelper100) -- C:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (PDFProFiltSrv) -- C:\Programme\Nuance\PDF Professional 5\PDFProFiltSrv.exe (Nuance Communications, Inc.)
SRV - (MDM) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
SRV - (AVM IGD CTRL Service) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
SRV - (de_serv) -- C:\Programme\Common Files\AVM\De_serv.exe (AVM Berlin)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (RimUsb) -- System32\Drivers\RimUsb.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (RsFx0105) -- C:\Windows\System32\drivers\RsFx0105.sys (Microsoft Corporation)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (BCM42RLY) -- C:\Windows\System32\drivers\bcm42rly.sys (Broadcom Corporation)
DRV - (epmntdrv) -- C:\Windows\System32\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\Windows\System32\EuGdiDrv.sys ()
DRV - (cbfs3) -- C:\Windows\System32\drivers\cbfs3.sys (EldoS Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (IntcDAud) -- C:\Windows\System32\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV - (CP_OMDRV) -- C:\Windows\System32\drivers\omdrv.sys (Check Point Software Technologies)
DRV - (FW1) -- C:\Windows\System32\drivers\fw.sys (Check Point Software Technologies)
DRV - (VNASC) -- C:\Windows\System32\drivers\vnasc.sys (Check Point Software Technologies)
DRV - (VPN-1) -- C:\Windows\System32\drivers\vpn.sys (Check Point Software Technologies)
DRV - (Impcd) -- C:\Windows\System32\drivers\Impcd.sys (Intel Corporation)
DRV - (hwusbdev) -- C:\Windows\System32\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (HECI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (Sentinel) -- C:\Windows\System32\drivers\sentinel.sys (SafeNet, Inc.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (BrSerIb) -- C:\Windows\System32\drivers\BrSerIb.sys (Brother Industries Ltd.)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (WSDScan) -- C:\Windows\System32\drivers\WSDScan.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (BrUsbSIb) -- C:\Windows\System32\drivers\BrUsbSIb.sys (Brother Industries Ltd.)
DRV - (CtClsFlt) -- C:\Windows\System32\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV - (CtAudDrv) -- C:\Windows\System32\drivers\CtAudDrv.sys (Creative Technology Ltd.)
DRV - (BMLoad) -- C:\Windows\System32\drivers\BMLoad.sys (Bytemobile, Inc.)
DRV - (tcpipBM) -- C:\Windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.)
DRV - (pnetmdm) -- C:\Windows\System32\drivers\pnetmdm.sys (June Fabrics Technology)
DRV - (ASPI32) -- C:\Windows\System32\drivers\ASPI32.SYS (Adaptec)
DRV - (ASPI) -- C:\Windows\System32\drivers\ASPI32.SYS (Adaptec)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKLM\..\URLSearchHook: {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Programme\BrotherSoft_Extreme\prxtbBrot.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{F9309114-FB8A-4374-9F17-2182F5D35983}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USSMB/8
IE - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com
IE - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.obt.de/obt/view/index.shtml
IE - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\..\URLSearchHook: {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Programme\BrotherSoft_Extreme\prxtbBrot.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\..\URLSearchHook: {c98be8db-5fd4-4455-9bb2-a3e1ae5a325b} - No CLSID value found
IE - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\..\SearchScopes,DefaultScope = {8CADF081-C10D-47E8-A0E7-20B236C7687E}
IE - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\..\SearchScopes\{0C3B6D3A-4BBE-4974-B956-213E1C9D169E}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=1586a973-5e0f-436e-8798-aa001adf9dcc&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\..\SearchScopes\{58E96FE9-6F43-49AD-BF36-ED4F16C51325}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^DE&apn_uid=ED36A7E0-5C95-4AB8-8C09-627A98C536C5&apn_sauid=7410988B-BF73-4AFF-A876-070C0D8CBA1D
IE - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\..\SearchScopes\{8CADF081-C10D-47E8-A0E7-20B236C7687E}: "URL" = hxxp://www.google.de.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E64652F7365617263683F713D7B7365617263685465726D737D&st={searchTerms}&clid=1586a973-5e0f-436e-8798-aa001adf9dcc&pid=freewarede&k=0
IE - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\..\SearchScopes\{99CAA2E9-BEFC-4BDA-A402-8A681968B26B}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=1586a973-5e0f-436e-8798-aa001adf9dcc&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\..\SearchScopes\{A638CBD1-8BCB-465B-B483-F2FC8195234B}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=181099&p={searchTerms}
IE - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\..\SearchScopes\{AE291BCA-9FD8-4E2E-A180-6911D574E358}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=1586a973-5e0f-436e-8798-aa001adf9dcc&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\..\SearchScopes\{B58D7ED5-C305-412D-AFCE-0495C6BF6F07}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=1586a973-5e0f-436e-8798-aa001adf9dcc&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\..\SearchScopes\{D8B381EF-841B-4827-9618-5AB4BD966BD2}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=1586a973-5e0f-436e-8798-aa001adf9dcc&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\..\SearchScopes\{E024BBBC-5D56-441F-9F10-B4DA528A8C5A}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=1586a973-5e0f-436e-8798-aa001adf9dcc&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.02.23 16:42:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.05.21 13:03:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.02.23 16:42:15 | 000,000,000 | ---D | M]
 
[2011.07.08 18:02:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bslap\AppData\Roaming\mozilla\Extensions
[2012.07.31 13:59:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bslap\AppData\Roaming\mozilla\Firefox\Profiles\7ns5zi8v.default\extensions
[2012.07.23 17:53:51 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\bslap\AppData\Roaming\mozilla\Firefox\Profiles\7ns5zi8v.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.11.21 15:36:30 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.06.16 06:32:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.03.08 18:34:57 | 000,003,189 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\acpro.xml
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Ask Toolbar = C:\Users\bslap\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaaakfopmidbfddimafofbdngbkidf\7.13.0.0_0\
CHR - Extension: YouTube = C:\Users\bslap\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\bslap\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Users\bslap\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google-Suche = C:\Users\bslap\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\bslap\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
CHR - Extension: Google Mail = C:\Users\bslap\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (BrotherSoft Extreme Toolbar) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Programme\BrotherSoft_Extreme\prxtbBrot.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Virtual Storage Mount Notification) - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Programme\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O3 - HKLM\..\Toolbar: (BrotherSoft Extreme Toolbar) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Programme\BrotherSoft_Extreme\prxtbBrot.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Programme\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\..\Toolbar\WebBrowser: (BrotherSoft Extreme Toolbar) - {51A86BB3-6602-4C85-92A5-130EE4864F13} - C:\Programme\BrotherSoft_Extreme\prxtbBrot.dll (Conduit Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programme\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [DataCardMonitor] C:\Programme\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)
O4 - HKLM..\Run: [Ocs_SM] C:\Users\bslap\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4 - HKLM..\Run: [RemoteControl9] c:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKU\S-1-5-21-4018179539-3163974065-579344517-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-4018179539-3163974065-579344517-1003..\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] C:\Program Files\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.)
O4 - HKU\S-1-5-21-4018179539-3163974065-579344517-1003..\Run: [iCloudServices] C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-4018179539-3163974065-579344517-1003..\Run: [MobileDocuments] C:\Programme\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IRM Offline Refresh.lnk = C:\Programme\EMC IRM\Common\autoofflineprocess.exe (EMC Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: An vorhandene PDF-Datei anhängen - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\bslap\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\bslap\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Inhalt der ausgewählten Links an vorhandene PDF-Datei anhängen - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Linkinhalt an vorhandene PDF-Datei anhängen - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Mit Nuance PDF Converter 5.0 öffnen - C:\Program Files\Nuance\PDF Professional 5\cnvres_ger.dll (Nuance Communications, Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: PDF-Datei aus Linkinhalt erstellen - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: PDF-Datei erstellen - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: PDF-Dateien aus den ausgewählten Links erstellen - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{13709972-8B0E-4E3E-8DF9-A937C1F47338}: NameServer = 192.2.200.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B06F1A46-1293-4935-96C3-5D6DCB2A90E1}: DhcpNameServer = 192.168.100.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B5B01265-17CC-411F-993E-B98B3E8FB316}: DhcpNameServer = 10.74.210.210 10.74.210.211
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\tmpx - No CLSID value found
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.10.08 12:36:23 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{18d93536-f729-11df-84da-54ed87e48d15}\Shell - "" = AutoRun
O33 - MountPoints2\{18d93536-f729-11df-84da-54ed87e48d15}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{38cdcb0a-17d3-11e0-9c39-54ed87e48d15}\Shell - "" = AutoRun
O33 - MountPoints2\{38cdcb0a-17d3-11e0-9c39-54ed87e48d15}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{7a3e400b-5898-11e0-a5ed-54ed87e48d15}\Shell - "" = AutoRun
O33 - MountPoints2\{7a3e400b-5898-11e0-a5ed-54ed87e48d15}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{877f37d2-f880-11df-87eb-54ed87e48d15}\Shell - "" = AutoRun
O33 - MountPoints2\{877f37d2-f880-11df-87eb-54ed87e48d15}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{df0945cb-fb37-11df-87c2-54ed87e48d15}\Shell - "" = AutoRun
O33 - MountPoints2\{df0945cb-fb37-11df-87c2-54ed87e48d15}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpFolder: C:^Users^bslap^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Mediencenter Assistent.lnk - C:\Programme\Telekom\Mediencenter\MediencenterSoftware.exe - (Deutsche Telekom AG)
MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig - StartUpReg: Dell Webcam Central - hkey= - key= - C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
MsConfig - StartUpReg: FreeFallProtection - hkey= - key= - C:\Programme\STMicroelectronics\Accelerometer\FF_Protection.exe ()
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Programme\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
MsConfig - StartUpReg: hpqSRMon - hkey= - key= - C:\Programme\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
MsConfig - StartUpReg: HW_OPENEYE_OUC_T-Mobile Internet Manager - hkey= - key= - C:\Program Files\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: NBKeyScan - hkey= - key= - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe (Nero AG)
MsConfig - StartUpReg: Nuance PDF Professional 5-reminder - hkey= - key= - C:\Program Files\Nuance\PDF Professional 5\Ereg\Ereg.exe (Nuance Communications, Inc.)
MsConfig - StartUpReg: Ocs_SM - hkey= - key= - C:\Users\bslap\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
MsConfig - StartUpReg: PDF5 Registry Controller - hkey= - key= - C:\Programme\Nuance\PDF Professional 5\RegistryController.exe (Nuance Communications, Inc.)
MsConfig - StartUpReg: PDFHook - hkey= - key= - C:\Programme\Nuance\PDF Professional 5\PdfPro5Hook.exe (Nuance Communications, Inc.)
MsConfig - StartUpReg: PDVD9LanguageShortcut - hkey= - key= - c:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
MsConfig - StartUpReg: QuickSet - hkey= - key= - C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: To-Do DeskList - hkey= - key= - C:\Programme\To-Do DeskList\To-Do DeskList.exe (Dextronet)
MsConfig - State: "startup" - 2
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
%SYSTEMROOT%\SYSTEM32\*.DLL /LOCKEDFILES CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.06 14:48:32 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\bslap\Desktop\OTL.exe
[2012.08.03 14:32:49 | 000,399,264 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\bslap\Desktop\unhide.exe
[2012.07.31 13:55:20 | 000,000,000 | ---D | C] -- C:\Users\bslap\Desktop\Logfiles
[2012.07.31 13:24:44 | 000,000,000 | ---D | C] -- C:\ProgramData\VS
[2012.07.30 11:42:33 | 000,000,000 | ---D | C] -- C:\Users\bslap\AppData\Roaming\Malwarebytes
[2012.07.30 11:42:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.30 11:42:20 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.30 11:42:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.07.30 08:35:37 | 000,000,000 | ---D | C] -- C:\Users\bslap\AppData\Local\482CD0FC-201D-485F-8987-8B9F43F23531.aplzod
[2012.07.24 12:28:29 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.07.24 12:28:25 | 000,000,000 | ---D | C] -- C:\Windows\AxInstSV
[2012.07.23 17:20:48 | 000,000,000 | ---D | C] -- C:\Users\bslap\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Recovery
[2012.07.23 13:12:25 | 000,000,000 | ---D | C] -- C:\Users\bslap\Documents\FFOutput
[2012.07.23 13:11:42 | 000,000,000 | ---D | C] -- C:\Users\bslap\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
[2012.07.23 13:11:01 | 000,000,000 | ---D | C] -- C:\Program Files\FreeTime
[2012.07.19 18:26:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master 9.1.1 Home Edition
[2012.07.15 05:12:17 | 000,000,000 | ---D | C] -- C:\Users\bslap\AppData\Roaming\Boolat Games
[2012.07.15 01:58:01 | 000,000,000 | ---D | C] -- C:\Users\bslap\AppData\Roaming\BlamGames
[1 C:\Users\bslap\AppData\Local\*.tmp files -> C:\Users\bslap\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.06 16:06:05 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.06 14:48:32 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\bslap\Desktop\OTL.exe
[2012.08.06 11:47:55 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.06 11:47:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.05 22:17:39 | 000,014,256 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.05 22:17:39 | 000,014,256 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.05 22:14:19 | 000,803,652 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.08.05 22:14:19 | 000,746,272 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.08.05 22:14:19 | 000,188,128 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.08.05 22:14:19 | 000,159,684 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.08.05 22:08:54 | 000,000,406 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012.08.05 22:08:29 | 2307,928,064 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.04 12:07:50 | 000,002,291 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.08.03 17:55:36 | 000,185,228 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat
[2012.08.03 14:32:52 | 000,399,264 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\bslap\Desktop\unhide.exe
[2012.08.01 16:27:55 | 001,087,806 | ---- | M] () -- C:\Users\bslap\Desktop\Auftrag Telekom.pdf
[2012.08.01 15:58:48 | 394,068,701 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.07.31 11:54:34 | 000,632,049 | ---- | M] () -- C:\Users\bslap\Documents\adwcleaner.exe
[2012.07.30 11:42:22 | 000,001,072 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.30 11:17:08 | 000,489,640 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.25 00:07:27 | 000,000,000 | ---- | M] () -- C:\Users\bslap\defogger_reenable
[2012.07.23 17:37:33 | 000,000,592 | ---- | M] () -- C:\ProgramData\UVMAhz1x7mghI5
[2012.07.23 17:29:02 | 000,000,072 | ---- | M] () -- C:\ProgramData\-UVMAhz1x7mghI5
[2012.07.23 17:20:49 | 000,000,072 | ---- | M] () -- C:\ProgramData\-UVMAhz1x7mghI5r
[2012.07.18 16:44:09 | 000,000,021 | ---- | M] () -- C:\Users\bslap\AppData\Local\mc.pixel.data
[2012.07.17 14:35:00 | 009,116,780 | ---- | M] () -- C:\Users\bslap\Desktop\Vorschlag 9.PDF
[2012.07.13 17:27:05 | 000,006,884 | ---- | M] () -- C:\Users\bslap\Desktop\Mappe1.pdf
[2012.07.12 17:13:40 | 000,405,144 | ---- | M] (Newtonsoft) -- C:\Windows\System32\Newtonsoft.Json.Net20.dll
[1 C:\Users\bslap\AppData\Local\*.tmp files -> C:\Users\bslap\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.03 17:55:36 | 000,185,228 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2012.08.01 16:27:55 | 001,087,806 | ---- | C] () -- C:\Users\bslap\Desktop\Auftrag Telekom.pdf
[2012.08.01 15:58:48 | 394,068,701 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.07.31 11:54:34 | 000,632,049 | ---- | C] () -- C:\Users\bslap\Documents\adwcleaner.exe
[2012.07.30 11:42:22 | 000,001,072 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.30 11:16:53 | 000,489,640 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.25 00:07:27 | 000,000,000 | ---- | C] () -- C:\Users\bslap\defogger_reenable
[2012.07.23 17:20:49 | 000,000,072 | ---- | C] () -- C:\ProgramData\-UVMAhz1x7mghI5r
[2012.07.23 17:20:49 | 000,000,072 | ---- | C] () -- C:\ProgramData\-UVMAhz1x7mghI5
[2012.07.23 17:20:46 | 000,000,592 | ---- | C] () -- C:\ProgramData\UVMAhz1x7mghI5
[2012.07.17 14:35:00 | 009,116,780 | ---- | C] () -- C:\Users\bslap\Desktop\Vorschlag 9.PDF
[2012.07.13 17:27:05 | 000,006,884 | ---- | C] () -- C:\Users\bslap\Desktop\Mappe1.pdf
[2012.06.15 13:53:21 | 000,012,957 | ---- | C] () -- C:\Users\bslap\AppData\Roaming\Microsoft Excel 97-2003.CAL
[2012.04.07 08:29:39 | 000,000,000 | ---- | C] () -- C:\Users\bslap\AppData\Local\Input.xml
[2012.04.06 18:37:01 | 000,000,000 | ---- | C] () -- C:\Users\bslap\AppData\Local\Settings.xml
[2012.01.17 14:39:28 | 000,000,093 | ---- | C] () -- C:\Users\bslap\AppData\Local\fusioncache.dat
[2012.01.16 17:32:20 | 000,000,264 | ---- | C] () -- C:\Windows\System32\winsusrm.dll
[2012.01.12 17:15:34 | 000,000,000 | ---- | C] () -- C:\ProgramData\fInstall.ix
[2012.01.09 18:40:34 | 000,000,021 | ---- | C] () -- C:\Users\bslap\AppData\Local\mc.pixel.data
[2011.11.17 23:40:42 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011.10.12 13:26:38 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.07.29 13:08:46 | 000,000,144 | ---- | C] () -- C:\Windows\ricdb.ini
[2011.07.28 20:54:43 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2011.07.23 18:55:55 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI
[2011.07.01 11:18:25 | 000,009,339 | ---- | C] () -- C:\Users\bslap\AppData\Roaming\Microsoft Excel 97-2003.EML
[2011.05.30 12:40:07 | 000,007,600 | ---- | C] () -- C:\Users\bslap\AppData\Local\Resmon.ResmonCfg
[2011.05.18 21:50:49 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011.05.12 16:24:26 | 000,000,000 | ---- | C] () -- C:\Users\bslap\AppData\Local\{CA714BD9-5E43-4B4F-89E2-128FB9AAB6C0}
[2011.02.23 17:11:25 | 000,083,496 | ---- | C] () -- C:\Windows\hpqins13.dat
[2011.02.23 16:38:58 | 000,268,134 | ---- | C] () -- C:\Windows\hpwins22.dat
[2011.02.23 16:38:58 | 000,002,940 | ---- | C] () -- C:\Windows\hpwmdl22.dat
[2011.01.28 21:00:57 | 000,000,680 | RHS- | C] () -- C:\Users\bslap\ntuser.pol
[2010.12.16 15:26:46 | 000,000,406 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.12.01 12:29:01 | 000,445,952 | ---- | C] () -- C:\Windows\System32\RepODBC.DLL
[2010.12.01 12:29:01 | 000,059,392 | ---- | C] () -- C:\Windows\System32\RepUtil.DLL
[2010.12.01 12:29:01 | 000,029,184 | ---- | C] () -- C:\Windows\System32\RepRC.DLL
[2010.11.26 15:57:06 | 000,001,355 | ---- | C] () -- C:\Windows\System32\odbcinst.ini
[2010.11.26 15:54:07 | 000,299,008 | ---- | C] () -- C:\Windows\unin0407.exe
[2010.11.22 17:43:26 | 000,044,032 | ---- | C] () -- C:\Users\bslap\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.11.18 10:57:15 | 000,002,516 | ---- | C] () -- C:\Windows\System32\drivers\default.bin
[2010.11.18 10:57:15 | 000,002,516 | ---- | C] () -- C:\Windows\System32\default.bin
[2010.10.20 21:26:42 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin
[2010.10.20 13:46:20 | 000,000,204 | ---- | C] () -- C:\Windows\WININIT.INI
[2010.10.01 11:47:11 | 001,774,720 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2010.10.01 11:47:11 | 000,014,848 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2010.10.01 11:47:10 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2010.10.01 11:47:10 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2010.10.01 11:47:10 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2010.09.04 08:22:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010.09.04 08:22:34 | 000,870,560 | ---- | C] () -- C:\Windows\System32\igkrng575.bin
[2010.09.04 08:22:34 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010.09.04 08:22:34 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010.09.04 08:22:33 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin
[2010.09.04 08:22:33 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010.09.04 08:22:32 | 000,127,868 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin
[2010.09.04 08:22:32 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010.09.04 05:56:59 | 000,000,074 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2010.09.04 05:43:53 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
 
========== LOP Check ==========
 
[2011.09.13 23:45:16 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\A2 Entertainment
[2012.01.29 22:35:10 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Alawar
[2012.07.23 17:46:44 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Alawar Entertainment
[2011.08.20 19:15:08 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Alawar Stargaze
[2010.12.27 01:54:58 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\AlawarSouthpoint
[2012.07.23 17:53:39 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\AlderGames
[2012.07.23 17:46:44 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\aliasworlds
[2011.05.16 06:06:13 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Amaranth Games
[2012.02.04 03:39:30 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Anarchy
[2012.05.06 18:26:56 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\AnvSoft
[2012.02.05 23:48:35 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Artifex Mundi
[2012.02.11 02:04:01 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\AtlanticJourney
[2012.03.08 01:00:36 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Auslogics
[2012.07.23 17:46:44 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Autodesk
[2012.07.23 17:46:46 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Awem
[2012.07.15 01:58:01 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\BlamGames
[2011.05.15 22:51:03 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\blg
[2011.08.04 22:36:15 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Blue Tea Games
[2012.07.15 05:12:17 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Boolat Games
[2011.08.27 22:26:40 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Boomzap
[2012.07.23 17:53:39 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\BowWow
[2012.02.13 03:36:58 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\BrokenHearts
[2012.07.23 17:53:39 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Buhl Data Service
[2012.07.23 17:46:46 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Buhl Data Service GmbH
[2011.03.18 18:12:49 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Bump Technologies, Inc
[2012.06.05 20:28:42 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\calibre
[2012.07.23 17:46:46 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Casual Box
[2011.08.07 12:49:49 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\CattaleGames
[2012.06.18 02:48:41 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\CoronationStreetPC
[2012.07.23 17:53:39 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\CoSoSys
[2011.06.03 00:49:27 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Crown
[2012.03.10 01:57:03 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Daedalic Entertainment
[2012.07.23 17:46:46 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Deep Shadows
[2012.05.20 23:32:07 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\dekovir
[2012.05.17 20:55:50 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Dereza
[2011.05.31 23:05:46 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\DragonsEye Studios
[2012.07.13 16:21:01 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\DVDVideoSoft
[2012.05.15 14:07:16 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.07.23 17:46:46 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\EleFun Games
[2012.07.23 17:46:47 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Elephant Games
[2012.07.23 17:46:47 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\elsterformular
[2012.07.23 17:46:55 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Enki Games
[2012.07.23 17:46:55 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\ERS Game Studios
[2011.05.01 14:10:08 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Farm Mania 2.1
[2010.10.27 12:57:42 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\FileOpen
[2011.08.15 23:52:52 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Floodlight Games
[2012.07.23 17:46:56 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Friday's games
[2010.10.19 10:25:04 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\FRITZ!
[2010.10.18 20:02:39 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\FRITZ!fax für FRITZ!Box
[2011.08.02 21:56:19 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Frogwares
[2011.10.09 22:20:46 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Funswitch
[2011.07.17 20:32:54 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Gaijin Ent
[2012.07.23 17:46:56 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\GameInvest
[2011.05.18 21:50:49 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\GamesCafe
[2012.07.23 17:53:41 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\GetRightToGo
[2012.07.23 17:53:41 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Happy Artist Studio
[2012.01.29 02:08:59 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Happy Chef
[2011.10.13 23:58:45 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Harmonic Flow
[2011.10.03 12:13:01 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\HdO Adventure
[2012.07.23 17:53:41 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Hidden Anthologies Pride and Prejudice
[2012.07.23 17:46:58 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\HipSoft
[2012.07.23 17:53:41 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\ILClient
[2012.02.18 00:41:44 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Independent
[2011.05.29 22:52:47 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\InImages
[2011.04.25 01:20:00 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Intenium
[2012.07.23 17:53:41 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Islands3
[2012.07.23 17:53:41 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Jane s Hotel 3
[2012.07.23 17:46:58 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Jetdogs Studios
[2012.07.23 17:46:58 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\JoyBits
[2011.09.13 02:37:09 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\KeepersOfDryandra
[2011.08.20 00:21:43 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Kutawaves Game
[2011.01.07 23:57:14 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\LaJangada
[2011.08.02 23:38:17 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Lazy Turtle Games
[2011.08.05 01:15:46 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\LestaStudio
[2011.08.13 22:45:08 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\margrave3_full
[2011.09.25 22:02:28 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Mariaglorum
[2012.01.29 00:08:22 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Maximize Games
[2011.07.19 09:15:21 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Mayan Puzzle
[2012.07.23 17:46:59 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\md studio
[2012.02.18 00:59:09 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Mean Hamster
[2011.10.03 03:33:02 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\MediaArt
[2011.09.11 14:37:39 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Meridian93
[2011.07.01 23:23:13 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Merscom
[2011.02.28 19:50:11 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\morty productions
[2012.07.23 17:47:17 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\My Games
[2011.04.24 22:38:06 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\MysteryStudio
[2010.12.28 19:02:47 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\NCH Swift Sound
[2011.06.02 21:28:26 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\NevoSoft
[2012.07.23 17:47:18 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\OCS
[2012.07.23 17:47:20 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Opera
[2011.08.20 23:23:35 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Orneon
[2010.12.12 14:03:59 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\PeaceCraft2
[2011.09.11 05:09:12 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\PeaceCraft3
[2012.02.05 07:55:51 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\PetRush
[2011.04.27 03:25:45 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Ph03nixNewMedia
[2012.02.05 08:03:55 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\PlayFirst
[2012.02.05 21:48:04 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Playrix Entertainment
[2012.05.23 23:12:13 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\PoBros
[2012.05.20 03:11:37 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Sahmon Games
[2012.07.23 17:53:51 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Settlement. Colossus
[2011.07.03 12:49:11 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\ShamanGS
[2011.07.28 20:57:27 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Shape games
[2012.07.23 17:47:21 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Silverback Productions
[2012.07.23 17:47:21 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\SMIGames
[2011.09.25 00:14:53 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Specialbit
[2011.07.01 22:12:39 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Stand O'Food 3
[2012.02.01 01:49:34 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Striped Arts
[2012.07.14 04:51:02 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\SulusGames
[2012.07.23 17:53:51 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Supermarket Mania 2
[2012.07.23 17:53:51 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\T-Mobile
[2012.07.29 18:05:36 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\T-Mobile Internet Manager
[2010.10.04 15:58:08 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Teleca
[2011.05.19 21:58:39 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\thejoyoffarming
[2012.07.23 17:53:51 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\TheKingOfFire
[2012.07.23 17:53:51 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\TLOTGT
[2012.07.23 17:53:51 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\To-Do DeskList
[2011.08.20 19:48:18 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Total Eclipse
[2012.06.18 12:30:58 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\TuneUpMedia
[2012.07.23 17:53:51 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Twilight Games
[2012.07.23 17:53:51 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Val'Gor 2
[2011.08.02 00:58:48 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\ValGor 2
[2011.06.02 23:12:58 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\ValuSoft
[2012.07.23 17:47:25 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\VampireSagaHL
[2012.03.04 03:32:42 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Vast Studios
[2012.07.23 17:47:25 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\VendelGAMES
[2011.08.16 00:42:42 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Vogat Interactive
[2012.05.14 00:20:06 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\WeatherLord
[2011.07.17 01:24:07 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\WendigoStudios
[2010.10.27 12:27:27 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Windows Live Writer
[2011.05.20 07:42:26 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\World-Loom
[2012.07.23 17:47:26 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Xilisoft
[2012.06.27 23:25:54 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\YoudaGames
[2012.02.03 20:31:20 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Z-Software
[2012.07.23 17:47:27 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Zeon
[2011.11.01 10:03:12 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Gaijin Ent
[2011.01.30 18:35:50 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Opera
[2011.01.30 19:01:21 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\PeaceCraft2
[2011.10.23 16:33:56 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Playrix Entertainment
[2012.05.20 19:07:30 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Sahmon Games
[2011.10.23 16:36:17 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\World-LooM
[2012.07.08 11:02:26 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Xilisoft
[2012.02.03 20:36:32 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Z-Software
[2011.01.30 18:36:15 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Zeon
[2012.07.13 09:17:52 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
<  Code: >
 
< --------- >
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. >
 
< %APPDATA%\*.exe /s >
[2012.05.25 20:04:22 | 005,185,496 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\bslap\AppData\Roaming\elsterformular\pluginmanager\tmp\install_dfv10.exe
[2012.05.25 20:05:31 | 005,184,752 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\bslap\AppData\Roaming\elsterformular\pluginmanager\tmp\install_dfv11.exe
[2012.05.25 20:06:45 | 005,189,648 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\bslap\AppData\Roaming\elsterformular\pluginmanager\tmp\install_dfv12.exe
[2012.05.25 20:07:17 | 005,465,744 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\bslap\AppData\Roaming\elsterformular\pluginmanager\tmp\install_eur09.exe
[2012.05.25 20:04:30 | 005,466,864 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\bslap\AppData\Roaming\elsterformular\pluginmanager\tmp\install_eur10.exe
[2012.05.25 20:05:40 | 006,220,536 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\bslap\AppData\Roaming\elsterformular\pluginmanager\tmp\install_eur11.exe
[2012.05.25 20:07:33 | 005,277,800 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\bslap\AppData\Roaming\elsterformular\pluginmanager\tmp\install_gst09.exe
[2012.05.25 20:04:45 | 005,278,368 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\bslap\AppData\Roaming\elsterformular\pluginmanager\tmp\install_gst10.exe
[2012.05.25 20:05:57 | 005,924,512 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\bslap\AppData\Roaming\elsterformular\pluginmanager\tmp\install_gst11.exe
[2012.05.25 20:07:25 | 005,244,984 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\bslap\AppData\Roaming\elsterformular\pluginmanager\tmp\install_gstz09.exe
[2012.05.25 20:04:37 | 005,246,416 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\bslap\AppData\Roaming\elsterformular\pluginmanager\tmp\install_gstz10.exe
[2012.05.25 20:05:48 | 005,858,552 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\bslap\AppData\Roaming\elsterformular\pluginmanager\tmp\install_gstz11.exe
[2012.05.25 20:04:52 | 005,240,448 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\bslap\AppData\Roaming\elsterformular\pluginmanager\tmp\install_lsta10.exe
[2012.05.25 20:06:05 | 005,246,392 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\bslap\AppData\Roaming\elsterformular\pluginmanager\tmp\install_lsta11.exe
[2012.05.25 20:06:53 | 005,256,816 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\bslap\AppData\Roaming\elsterformular\pluginmanager\tmp\install_lsta12.exe
[2012.05.25 20:05:00 | 005,401,776 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\bslap\AppData\Roaming\elsterformular\pluginmanager\tmp\install_lstb10.exe
[2012.05.25 20:06:13 | 005,400,408 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\bslap\AppData\Roaming\elsterformular\pluginmanager\tmp\install_lstb11.exe
[2012.05.25 20:07:01 | 005,421,896 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\bslap\AppData\Roaming\elsterformular\pluginmanager\tmp\install_lstb12.exe
[2012.05.25 20:07:41 | 005,816,512 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\bslap\AppData\Roaming\elsterformular\pluginmanager\tmp\install_par34a09.exe
[2012.05.25 20:05:08 | 005,819,568 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\bslap\AppData\Roaming\elsterformular\pluginmanager\tmp\install_par34a10.exe
[2012.05.25 20:06:21 | 005,828,344 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\bslap\AppData\Roaming\elsterformular\pluginmanager\tmp\install_par34a11.exe
[2012.05.25 20:07:48 | 005,331,960 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\bslap\AppData\Roaming\elsterformular\pluginmanager\tmp\install_ust09.exe
[2012.05.25 20:05:24 | 005,336,560 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\bslap\AppData\Roaming\elsterformular\pluginmanager\tmp\install_ust10.exe
[2012.05.25 20:06:37 | 005,358,992 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\bslap\AppData\Roaming\elsterformular\pluginmanager\tmp\install_ust11.exe
[2012.05.25 20:05:16 | 005,267,192 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\bslap\AppData\Roaming\elsterformular\pluginmanager\tmp\install_ustva10.exe
[2012.05.25 20:06:29 | 005,276,096 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\bslap\AppData\Roaming\elsterformular\pluginmanager\tmp\install_ustva11.exe
[2012.05.25 20:07:09 | 005,266,856 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\bslap\AppData\Roaming\elsterformular\pluginmanager\tmp\install_ustva12.exe
[2012.01.30 16:37:21 | 007,810,912 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\bslap\AppData\Roaming\elsterformular\pluginmanager\tmp\update_est_09_7094_8086.exe
[2012.05.25 20:07:57 | 004,573,816 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\bslap\AppData\Roaming\elsterformular\pluginmanager\tmp\update_est_09_8479_8623.exe
[2012.01.30 16:38:41 | 007,089,424 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\bslap\AppData\Roaming\elsterformular\pluginmanager\tmp\update_est_10_7094_8086.exe
[2012.05.25 20:08:05 | 005,762,152 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\bslap\AppData\Roaming\elsterformular\pluginmanager\tmp\update_est_10_8479_8623.exe
[2012.05.25 20:08:14 | 005,937,224 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\bslap\AppData\Roaming\elsterformular\pluginmanager\tmp\update_est_11_8479_8623.exe
[2012.01.30 16:35:32 | 012,718,200 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\bslap\AppData\Roaming\elsterformular\pluginmanager\tmp\update_pica_0_7094_8086.exe
[2012.05.25 20:04:09 | 005,576,392 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\bslap\AppData\Roaming\elsterformular\pluginmanager\tmp\update_pica_0_8479_8623.exe
[2011.02.02 16:48:31 | 000,348,160 | ---- | M] (Octoshape ApS) -- C:\Users\bslap\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
[2011.06.29 17:22:47 | 000,069,632 | ---- | M] (Acresso Software Inc.) -- C:\Users\bslap\AppData\Roaming\Microsoft\Installer\{06462190-AAB5-4F8E-A867-1BA6B710933D}\NewShortcut60_C6ABA3677F944B9FBB00F060701B0B5A.exe
[2010.10.20 22:27:21 | 000,069,632 | ---- | M] (Acresso Software Inc.) -- C:\Users\bslap\AppData\Roaming\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\DesktopMgr.exe
[2010.10.20 22:27:21 | 000,069,632 | ---- | M] (Acresso Software Inc.) -- C:\Users\bslap\AppData\Roaming\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut12_C6ABA3677F944B9FBB00F060701B0B5A.exe
[2010.10.20 22:27:21 | 000,069,632 | ---- | M] (Acresso Software Inc.) -- C:\Users\bslap\AppData\Roaming\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut3_C6ABA3677F944B9FBB00F060701B0B5A.exe
[2010.10.20 22:27:21 | 000,069,632 | ---- | M] (Acresso Software Inc.) -- C:\Users\bslap\AppData\Roaming\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut4_C6ABA3677F944B9FBB00F060701B0B5A.exe
[2010.10.20 22:27:21 | 000,069,632 | ---- | M] (Acresso Software Inc.) -- C:\Users\bslap\AppData\Roaming\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut5_C6ABA3677F944B9FBB00F060701B0B5A.exe
[2010.10.20 22:27:21 | 000,069,632 | ---- | M] (Acresso Software Inc.) -- C:\Users\bslap\AppData\Roaming\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut600_C6ABA3677F944B9FBB00F060701B0B5A.exe
[2010.10.20 22:27:21 | 000,069,632 | ---- | M] (Acresso Software Inc.) -- C:\Users\bslap\AppData\Roaming\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut6_C6ABA3677F944B9FBB00F060701B0B5A.exe
[2011.03.03 11:31:38 | 000,010,134 | ---- | M] () -- C:\Users\bslap\AppData\Roaming\Microsoft\Installer\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}\ARPPRODUCTICON.exe
[2010.10.27 12:42:46 | 000,014,846 | ---- | M] () -- C:\Users\bslap\AppData\Roaming\Microsoft\Installer\{857CBF4A-192C-44B0-86A5-6281FCEFA1FE}\FileOpenNew.exe
[2010.10.06 13:03:24 | 000,069,632 | ---- | M] (Acresso Software Inc.) -- C:\Users\bslap\AppData\Roaming\Microsoft\Installer\{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}\NewShortcut4_838BDC75346D4F49BD1D5328F986CD86.exe
[2007.08.29 16:36:00 | 000,110,592 | ---- | M] () -- C:\Users\bslap\AppData\Roaming\NCH Software\Components\mp3el\mp3enc.exe
[2011.05.22 18:01:42 | 000,106,496 | ---- | M] (OCS) -- C:\Users\bslap\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
[2011.05.22 18:01:42 | 000,040,960 | ---- | M] () -- C:\Users\bslap\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
[2010.01.07 15:35:18 | 001,007,616 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\bslap\AppData\Roaming\T-Mobile Internet Manager\LiveUpdate.exe
[2009.12.31 15:13:52 | 000,110,592 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\bslap\AppData\Roaming\T-Mobile Internet Manager\ouc.exe
[2012.06.20 16:27:28 | 044,115,322 | ---- | M] () -- C:\Users\bslap\AppData\Roaming\Xilisoft\DVD Creator 6\x-dvd-creator7.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_6acd47459c3a74fb\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.20575_none_dda2ecda9bf2e50d\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2010.03.04 20:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- C:\Drivers\storage\R271949\f6flpy-x86\iaStor.sys
[2010.03.04 20:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- C:\Windows\System32\drivers\iaStor.sys
[2010.03.04 20:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_e8a55be84650e755\iaStor.sys
[2010.03.04 20:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_x86_neutral_c766b54545e4141f\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.09.04 08:28:12 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2010.09.04 08:28:12 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2010.09.04 08:28:12 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< --------- >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 235 bytes -> C:\ProgramData\Temp:1A4BF204
@Alternate Data Stream - 231 bytes -> C:\ProgramData\Temp:CEE4A457
@Alternate Data Stream - 229 bytes -> C:\ProgramData\Temp:8E9C9E8F
@Alternate Data Stream - 225 bytes -> C:\ProgramData\Temp:93B0BB6F
@Alternate Data Stream - 218 bytes -> C:\ProgramData\Temp:3BF63E4A
@Alternate Data Stream - 213 bytes -> C:\ProgramData\Temp:0E22C5DB
@Alternate Data Stream - 210 bytes -> C:\ProgramData\Temp:12EA4DC9
@Alternate Data Stream - 208 bytes -> C:\ProgramData\Temp:BDCD0530
@Alternate Data Stream - 202 bytes -> C:\ProgramData\Temp:8DA9DB01
@Alternate Data Stream - 153 bytes -> C:\ProgramData\Temp:D987CB43
@Alternate Data Stream - 153 bytes -> C:\ProgramData\Temp:07BF512B
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:6A9CA6CB
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:AE9DFC85
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:6757F885
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:3E7C402E
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:10873493
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:E5BA9ADD
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:DB051353
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:639BB5E9
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:5DB36C47
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:5C4A588B
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:51E83E25
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:258D2F8B
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:F3591DDB
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:E153075C
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:CAF8DAC8
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:B6E58523
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:AE289451
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:363E775E
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:D770A15D
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:3A4C8FE7
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:092DD1DD
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:78696BCD
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:5CD70138
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:F35AE645
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:E9900C74
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:BB718C46
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:99AC3203
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:4B70A9FA
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:46283136
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:33A7CC67
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:FD786DCA
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:908A1B53
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:384AA0FD
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:2EB79F01
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:2ABB51D4
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:F98E6C67
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:884C7316
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:6EA64886
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:63C68F03
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:2530BFBE
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:BF640EE5
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:90FA53E2
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:6EE8565A
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:2B9555D8
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:D4558A0B
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:C0A2E219
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:34C443B4
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:2F8138B7
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:2CED8825
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:F89F2593
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:C43C957E
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:7C8AA9A6
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:4EC7F009
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:39EDBD33
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:1234ADAE
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:F13867C6
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:9CF728A6
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:44E16D4A
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:2DC35960
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:1B389835
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:C37283B5
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:A2B3764A
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:1B3549F2
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:18DEBC51
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:16F4BC64
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:0E61938B
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:F67947AF
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:BD8010FE
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:A6B07419
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:4E79C4F8
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:3A4676D7
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:10B970A9
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:06C34166
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:012BC84F
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:CBAF0C30
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:4A906D4A
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:349E5B74
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:274516E7
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:242E63C5
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:0E5CFA74
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:073139EC
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:BA24E689
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:B139DDF3
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:4C49306C
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:4C3D5A8B
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:E6537A16
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:BAFAD1DF
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:8AE92FD3
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:38849DE5
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:87A3A233
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:58EB307C
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:3B07E6F4
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:19636FDD
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:EC0279DC
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:E40D7F76
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:10D45FC3
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:0ACF1AF5
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:04ADB7A6
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:FCBEDCFD
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:EB2D2CC5
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:D999FFD5
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:C458CC0A
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:BC1F7CAE
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:9968F0E2
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:90C320E1
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:5E8C18F1
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:51E66512
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:18A6D2CC
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:E6708F08
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:B285A50E
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:9C2BD975
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:ED0B32CA
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:A9056F42
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:07D9FF25
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:E2B84483
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:3C0887BF
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:28819F45
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:EA7D76BE
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:A1A86E40
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:7E4E56EA
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:7BBC3CCD
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:6DDD2723
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:54F0BBF5
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:217A2A36
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:823606DE
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:7425C891
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:6FD36C4B
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:E894A3ED
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:D576A536
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:BEE39E9B
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:A17CCD03
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:9E05DEB0
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:73B78E79
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:36A39835
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:3571475C
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:2C86E2AD
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:14FA5E46
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:F5FC5DCE
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:F5D01D7C
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:0968E571
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:F1C8B957
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:ED9B661E
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:6423D635
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:57619D72
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:2652902F
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:E32D2701
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:6D5A15BF
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:58481C6F
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:553056F1
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:48862C37
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:A9ABA3FF
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:902C848D
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:07C99568
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:FACB65E7
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:7EBCAF87
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:DEE46C4E
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:831C6B2D
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:7BE5BAAB
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:38D2EA83
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:E3615992
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:88050731
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:6C049F97
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:5A2E8BBF
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:1604D047
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:E0888117
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:DD6F157A
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:00AA4B31
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:35629AE6
@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:43E95997
@Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:723E56EC
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:CC7738DB
@Alternate Data Stream - 102 bytes -> C:\ProgramData\Temp:E9B2C525

< End of report >
--- --- ---

:dankeschoen:

cosinus 06.08.2012 20:51
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)
Code:
:OTL
IE - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\..\URLSearchHook: {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Programme\BrotherSoft_Extreme\prxtbBrot.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\..\URLSearchHook: {c98be8db-5fd4-4455-9bb2-a3e1ae5a325b} - No CLSID value found
IE - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\..\SearchScopes,DefaultScope = {8CADF081-C10D-47E8-A0E7-20B236C7687E}
IE - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\..\SearchScopes\{0C3B6D3A-4BBE-4974-B956-213E1C9D169E}: "URL" = http://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=1586a973-5e0f-436e-8798-aa001adf9dcc&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\..\SearchScopes\{58E96FE9-6F43-49AD-BF36-ED4F16C51325}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^DE&apn_uid=ED36A7E0-5C95-4AB8-8C09-627A98C536C5&apn_sauid=7410988B-BF73-4AFF-A876-070C0D8CBA1D
IE - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\..\SearchScopes\{8CADF081-C10D-47E8-A0E7-20B236C7687E}: "URL" = http://www.google.de.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E64652F7365617263683F713D7B7365617263685465726D737D&st={searchTerms}&clid=1586a973-5e0f-436e-8798-aa001adf9dcc&pid=freewarede&k=0
IE - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\..\SearchScopes\{99CAA2E9-BEFC-4BDA-A402-8A681968B26B}: "URL" = http://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=1586a973-5e0f-436e-8798-aa001adf9dcc&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\..\SearchScopes\{A638CBD1-8BCB-465B-B483-F2FC8195234B}: "URL" = http://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=181099&p={searchTerms}
IE - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\..\SearchScopes\{AE291BCA-9FD8-4E2E-A180-6911D574E358}: "URL" = http://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=1586a973-5e0f-436e-8798-aa001adf9dcc&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\..\SearchScopes\{B58D7ED5-C305-412D-AFCE-0495C6BF6F07}: "URL" = http://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=1586a973-5e0f-436e-8798-aa001adf9dcc&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\..\SearchScopes\{D8B381EF-841B-4827-9618-5AB4BD966BD2}: "URL" = http://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=1586a973-5e0f-436e-8798-aa001adf9dcc&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\..\SearchScopes\{E024BBBC-5D56-441F-9F10-B4DA528A8C5A}: "URL" = http://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=1586a973-5e0f-436e-8798-aa001adf9dcc&pid=freewarede&mode=bounce&k=0
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - user.js - File not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (BrotherSoft Extreme Toolbar) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Programme\BrotherSoft_Extreme\prxtbBrot.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (BrotherSoft Extreme Toolbar) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Programme\BrotherSoft_Extreme\prxtbBrot.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\..\Toolbar\WebBrowser: (BrotherSoft Extreme Toolbar) - {51A86BB3-6602-4C85-92A5-130EE4864F13} - C:\Programme\BrotherSoft_Extreme\prxtbBrot.dll (Conduit Ltd.)
O4 - HKLM..\Run: []  File not found
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.10.08 12:36:23 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{18d93536-f729-11df-84da-54ed87e48d15}\Shell - "" = AutoRun
O33 - MountPoints2\{18d93536-f729-11df-84da-54ed87e48d15}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{38cdcb0a-17d3-11e0-9c39-54ed87e48d15}\Shell - "" = AutoRun
O33 - MountPoints2\{38cdcb0a-17d3-11e0-9c39-54ed87e48d15}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{7a3e400b-5898-11e0-a5ed-54ed87e48d15}\Shell - "" = AutoRun
O33 - MountPoints2\{7a3e400b-5898-11e0-a5ed-54ed87e48d15}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{877f37d2-f880-11df-87eb-54ed87e48d15}\Shell - "" = AutoRun
O33 - MountPoints2\{877f37d2-f880-11df-87eb-54ed87e48d15}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{df0945cb-fb37-11df-87c2-54ed87e48d15}\Shell - "" = AutoRun
O33 - MountPoints2\{df0945cb-fb37-11df-87c2-54ed87e48d15}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
[2012.07.23 17:37:33 | 000,000,592 | ---- | M] () -- C:\ProgramData\UVMAhz1x7mghI5
[2012.07.23 17:29:02 | 000,000,072 | ---- | M] () -- C:\ProgramData\-UVMAhz1x7mghI5
[2012.07.23 17:20:49 | 000,000,072 | ---- | M] () -- C:\ProgramData\-UVMAhz1x7mghI5r
@Alternate Data Stream - 235 bytes -> C:\ProgramData\Temp:1A4BF204
@Alternate Data Stream - 231 bytes -> C:\ProgramData\Temp:CEE4A457
@Alternate Data Stream - 229 bytes -> C:\ProgramData\Temp:8E9C9E8F
@Alternate Data Stream - 225 bytes -> C:\ProgramData\Temp:93B0BB6F
@Alternate Data Stream - 218 bytes -> C:\ProgramData\Temp:3BF63E4A
@Alternate Data Stream - 213 bytes -> C:\ProgramData\Temp:0E22C5DB
@Alternate Data Stream - 210 bytes -> C:\ProgramData\Temp:12EA4DC9
@Alternate Data Stream - 208 bytes -> C:\ProgramData\Temp:BDCD0530
@Alternate Data Stream - 202 bytes -> C:\ProgramData\Temp:8DA9DB01
@Alternate Data Stream - 153 bytes -> C:\ProgramData\Temp:D987CB43
@Alternate Data Stream - 153 bytes -> C:\ProgramData\Temp:07BF512B
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:6A9CA6CB
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:AE9DFC85
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:6757F885
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:3E7C402E
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:10873493
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:E5BA9ADD
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:DB051353
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:639BB5E9
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:5DB36C47
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:5C4A588B
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:51E83E25
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:258D2F8B
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:F3591DDB
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:E153075C
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:CAF8DAC8
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:B6E58523
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:AE289451
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:363E775E
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:D770A15D
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:3A4C8FE7
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:092DD1DD
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:78696BCD
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:5CD70138
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:F35AE645
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:E9900C74
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:BB718C46
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:99AC3203
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:4B70A9FA
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:46283136
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:33A7CC67
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:FD786DCA
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:908A1B53
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:384AA0FD
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:2EB79F01
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:2ABB51D4
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:F98E6C67
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:884C7316
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:6EA64886
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:63C68F03
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:2530BFBE
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:BF640EE5
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:90FA53E2
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:6EE8565A
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:2B9555D8
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:D4558A0B
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:C0A2E219
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:34C443B4
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:2F8138B7
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:2CED8825
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:F89F2593
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:C43C957E
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:7C8AA9A6
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:4EC7F009
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:39EDBD33
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:1234ADAE
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:F13867C6
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:9CF728A6
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:44E16D4A
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:2DC35960
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:1B389835
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:C37283B5
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:A2B3764A
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:1B3549F2
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:18DEBC51
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:16F4BC64
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:0E61938B
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:F67947AF
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:BD8010FE
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:A6B07419
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:4E79C4F8
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:3A4676D7
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:10B970A9
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:06C34166
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:012BC84F
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:CBAF0C30
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:4A906D4A
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:349E5B74
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:274516E7
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:242E63C5
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:0E5CFA74
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:073139EC
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:BA24E689
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:B139DDF3
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:4C49306C
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:4C3D5A8B
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:E6537A16
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:BAFAD1DF
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:8AE92FD3
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:38849DE5
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:87A3A233
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:58EB307C
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:3B07E6F4
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:19636FDD
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:EC0279DC
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:E40D7F76
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:10D45FC3
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:0ACF1AF5
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:04ADB7A6
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:FCBEDCFD
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:EB2D2CC5
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:D999FFD5
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:C458CC0A
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:BC1F7CAE
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:9968F0E2
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:90C320E1
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:5E8C18F1
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:51E66512
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:18A6D2CC
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:E6708F08
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:B285A50E
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:9C2BD975
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:ED0B32CA
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:A9056F42
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:07D9FF25
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:E2B84483
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:3C0887BF
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:28819F45
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:EA7D76BE
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:A1A86E40
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:7E4E56EA
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:7BBC3CCD
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:6DDD2723
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:54F0BBF5
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:217A2A36
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:823606DE
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:7425C891
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:6FD36C4B
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:E894A3ED
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:D576A536
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:BEE39E9B
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:A17CCD03
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:9E05DEB0
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:73B78E79
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:36A39835
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:3571475C
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:2C86E2AD
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:14FA5E46
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:F5FC5DCE
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:F5D01D7C
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:0968E571
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:F1C8B957
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:ED9B661E
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:6423D635
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:57619D72
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:2652902F
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:E32D2701
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:6D5A15BF
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:58481C6F
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:553056F1
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:48862C37
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:A9ABA3FF
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:902C848D
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:07C99568
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:FACB65E7
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:7EBCAF87
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:DEE46C4E
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:831C6B2D
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:7BE5BAAB
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:38D2EA83
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:E3615992
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:88050731
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:6C049F97
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:5A2E8BBF
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:1604D047
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:E0888117
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:DD6F157A
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:00AA4B31
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:35629AE6
@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:43E95997
@Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:723E56EC
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:CC7738DB
@Alternate Data Stream - 102 bytes -> C:\ProgramData\Temp:E9B2C525
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

mobspot 07.08.2012 11:35
Hallo Arne,

hier das file

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-4018179539-3163974065-579344517-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{51a86bb3-6602-4c85-92a5-130ee4864f13} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51a86bb3-6602-4c85-92a5-130ee4864f13}\ deleted successfully.
C:\Programme\BrotherSoft_Extreme\prxtbBrot.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-4018179539-3163974065-579344517-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{c98be8db-5fd4-4455-9bb2-a3e1ae5a325b} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c98be8db-5fd4-4455-9bb2-a3e1ae5a325b}\ not found.
HKEY_USERS\S-1-5-21-4018179539-3163974065-579344517-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-4018179539-3163974065-579344517-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0C3B6D3A-4BBE-4974-B956-213E1C9D169E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0C3B6D3A-4BBE-4974-B956-213E1C9D169E}\ not found.
Registry key HKEY_USERS\S-1-5-21-4018179539-3163974065-579344517-1003\Software\Microsoft\Internet Explorer\SearchScopes\{58E96FE9-6F43-49AD-BF36-ED4F16C51325}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58E96FE9-6F43-49AD-BF36-ED4F16C51325}\ not found.
Registry key HKEY_USERS\S-1-5-21-4018179539-3163974065-579344517-1003\Software\Microsoft\Internet Explorer\SearchScopes\{8CADF081-C10D-47E8-A0E7-20B236C7687E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8CADF081-C10D-47E8-A0E7-20B236C7687E}\ not found.
Registry key HKEY_USERS\S-1-5-21-4018179539-3163974065-579344517-1003\Software\Microsoft\Internet Explorer\SearchScopes\{99CAA2E9-BEFC-4BDA-A402-8A681968B26B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99CAA2E9-BEFC-4BDA-A402-8A681968B26B}\ not found.
Registry key HKEY_USERS\S-1-5-21-4018179539-3163974065-579344517-1003\Software\Microsoft\Internet Explorer\SearchScopes\{A638CBD1-8BCB-465B-B483-F2FC8195234B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A638CBD1-8BCB-465B-B483-F2FC8195234B}\ not found.
Registry key HKEY_USERS\S-1-5-21-4018179539-3163974065-579344517-1003\Software\Microsoft\Internet Explorer\SearchScopes\{AE291BCA-9FD8-4E2E-A180-6911D574E358}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE291BCA-9FD8-4E2E-A180-6911D574E358}\ not found.
Registry key HKEY_USERS\S-1-5-21-4018179539-3163974065-579344517-1003\Software\Microsoft\Internet Explorer\SearchScopes\{B58D7ED5-C305-412D-AFCE-0495C6BF6F07}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B58D7ED5-C305-412D-AFCE-0495C6BF6F07}\ not found.
Registry key HKEY_USERS\S-1-5-21-4018179539-3163974065-579344517-1003\Software\Microsoft\Internet Explorer\SearchScopes\{D8B381EF-841B-4827-9618-5AB4BD966BD2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D8B381EF-841B-4827-9618-5AB4BD966BD2}\ not found.
Registry key HKEY_USERS\S-1-5-21-4018179539-3163974065-579344517-1003\Software\Microsoft\Internet Explorer\SearchScopes\{E024BBBC-5D56-441F-9F10-B4DA528A8C5A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E024BBBC-5D56-441F-9F10-B4DA528A8C5A}\ not found.
Prefs.js: "" removed from browser.startup.homepage
Prefs.js: "" removed from browser.startup.homepage
Prefs.js: "" removed from browser.search.selectedEngine
Prefs.js: "" removed from browser.search.defaultenginename
Prefs.js: "" removed from browser.startup.homepage
Prefs.js: "" removed from browser.search.selectedEngine
Prefs.js: "" removed from browser.search.defaultenginename
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51a86bb3-6602-4c85-92a5-130ee4864f13}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51a86bb3-6602-4c85-92a5-130ee4864f13}\ not found.
File C:\Programme\BrotherSoft_Extreme\prxtbBrot.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{51a86bb3-6602-4c85-92a5-130ee4864f13} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51a86bb3-6602-4c85-92a5-130ee4864f13}\ not found.
File C:\Programme\BrotherSoft_Extreme\prxtbBrot.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-4018179539-3163974065-579344517-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-21-4018179539-3163974065-579344517-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{51A86BB3-6602-4C85-92A5-130EE4864F13} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51A86BB3-6602-4C85-92A5-130EE4864F13}\ not found.
File C:\Programme\BrotherSoft_Extreme\prxtbBrot.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\LogonHoursAction deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DontDisplayLogonHoursWarnings deleted successfully.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\LogonHoursAction not found.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DontDisplayLogonHoursWarnings not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-21-4018179539-3163974065-579344517-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-4018179539-3163974065-579344517-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-4018179539-3163974065-579344517-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\LogonHoursAction deleted successfully.
Registry value HKEY_USERS\S-1-5-21-4018179539-3163974065-579344517-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DontDisplayLogonHoursWarnings deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File not found.
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{18d93536-f729-11df-84da-54ed87e48d15}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18d93536-f729-11df-84da-54ed87e48d15}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{18d93536-f729-11df-84da-54ed87e48d15}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18d93536-f729-11df-84da-54ed87e48d15}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{38cdcb0a-17d3-11e0-9c39-54ed87e48d15}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{38cdcb0a-17d3-11e0-9c39-54ed87e48d15}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{38cdcb0a-17d3-11e0-9c39-54ed87e48d15}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{38cdcb0a-17d3-11e0-9c39-54ed87e48d15}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a3e400b-5898-11e0-a5ed-54ed87e48d15}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7a3e400b-5898-11e0-a5ed-54ed87e48d15}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a3e400b-5898-11e0-a5ed-54ed87e48d15}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7a3e400b-5898-11e0-a5ed-54ed87e48d15}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{877f37d2-f880-11df-87eb-54ed87e48d15}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{877f37d2-f880-11df-87eb-54ed87e48d15}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{877f37d2-f880-11df-87eb-54ed87e48d15}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{877f37d2-f880-11df-87eb-54ed87e48d15}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{df0945cb-fb37-11df-87c2-54ed87e48d15}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{df0945cb-fb37-11df-87c2-54ed87e48d15}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{df0945cb-fb37-11df-87c2-54ed87e48d15}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{df0945cb-fb37-11df-87c2-54ed87e48d15}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
File E:\AutoRun.exe not found.
C:\ProgramData\UVMAhz1x7mghI5 moved successfully.
C:\ProgramData\-UVMAhz1x7mghI5 moved successfully.
C:\ProgramData\-UVMAhz1x7mghI5r moved successfully.
ADS C:\ProgramData\Temp:1A4BF204 deleted successfully.
ADS C:\ProgramData\Temp:CEE4A457 deleted successfully.
ADS C:\ProgramData\Temp:8E9C9E8F deleted successfully.
ADS C:\ProgramData\Temp:93B0BB6F deleted successfully.
ADS C:\ProgramData\Temp:3BF63E4A deleted successfully.
ADS C:\ProgramData\Temp:0E22C5DB deleted successfully.
ADS C:\ProgramData\Temp:12EA4DC9 deleted successfully.
ADS C:\ProgramData\Temp:BDCD0530 deleted successfully.
ADS C:\ProgramData\Temp:8DA9DB01 deleted successfully.
ADS C:\ProgramData\Temp:D987CB43 deleted successfully.
ADS C:\ProgramData\Temp:07BF512B deleted successfully.
ADS C:\ProgramData\Temp:6A9CA6CB deleted successfully.
ADS C:\ProgramData\Temp:AE9DFC85 deleted successfully.
ADS C:\ProgramData\Temp:6757F885 deleted successfully.
ADS C:\ProgramData\Temp:3E7C402E deleted successfully.
ADS C:\ProgramData\Temp:10873493 deleted successfully.
ADS C:\ProgramData\Temp:E5BA9ADD deleted successfully.
ADS C:\ProgramData\Temp:DB051353 deleted successfully.
ADS C:\ProgramData\Temp:639BB5E9 deleted successfully.
ADS C:\ProgramData\Temp:5DB36C47 deleted successfully.
ADS C:\ProgramData\Temp:5C4A588B deleted successfully.
ADS C:\ProgramData\Temp:51E83E25 deleted successfully.
ADS C:\ProgramData\Temp:258D2F8B deleted successfully.
ADS C:\ProgramData\Temp:F3591DDB deleted successfully.
ADS C:\ProgramData\Temp:E153075C deleted successfully.
ADS C:\ProgramData\Temp:CAF8DAC8 deleted successfully.
ADS C:\ProgramData\Temp:B6E58523 deleted successfully.
ADS C:\ProgramData\Temp:AE289451 deleted successfully.
ADS C:\ProgramData\Temp:363E775E deleted successfully.
ADS C:\ProgramData\Temp:D770A15D deleted successfully.
ADS C:\ProgramData\Temp:3A4C8FE7 deleted successfully.
ADS C:\ProgramData\Temp:092DD1DD deleted successfully.
ADS C:\ProgramData\Temp:78696BCD deleted successfully.
ADS C:\ProgramData\Temp:5CD70138 deleted successfully.
ADS C:\ProgramData\Temp:F35AE645 deleted successfully.
ADS C:\ProgramData\Temp:E9900C74 deleted successfully.
ADS C:\ProgramData\Temp:BB718C46 deleted successfully.
ADS C:\ProgramData\Temp:99AC3203 deleted successfully.
ADS C:\ProgramData\Temp:4B70A9FA deleted successfully.
ADS C:\ProgramData\Temp:46283136 deleted successfully.
ADS C:\ProgramData\Temp:33A7CC67 deleted successfully.
ADS C:\ProgramData\Temp:FD786DCA deleted successfully.
ADS C:\ProgramData\Temp:908A1B53 deleted successfully.
ADS C:\ProgramData\Temp:384AA0FD deleted successfully.
ADS C:\ProgramData\Temp:2EB79F01 deleted successfully.
ADS C:\ProgramData\Temp:2ABB51D4 deleted successfully.
ADS C:\ProgramData\Temp:F98E6C67 deleted successfully.
ADS C:\ProgramData\Temp:884C7316 deleted successfully.
ADS C:\ProgramData\Temp:6EA64886 deleted successfully.
ADS C:\ProgramData\Temp:63C68F03 deleted successfully.
ADS C:\ProgramData\Temp:2530BFBE deleted successfully.
ADS C:\ProgramData\Temp:BF640EE5 deleted successfully.
ADS C:\ProgramData\Temp:90FA53E2 deleted successfully.
ADS C:\ProgramData\Temp:6EE8565A deleted successfully.
ADS C:\ProgramData\Temp:2B9555D8 deleted successfully.
ADS C:\ProgramData\Temp:D4558A0B deleted successfully.
ADS C:\ProgramData\Temp:C0A2E219 deleted successfully.
ADS C:\ProgramData\Temp:34C443B4 deleted successfully.
ADS C:\ProgramData\Temp:2F8138B7 deleted successfully.
ADS C:\ProgramData\Temp:2CED8825 deleted successfully.
ADS C:\ProgramData\Temp:F89F2593 deleted successfully.
ADS C:\ProgramData\Temp:C43C957E deleted successfully.
ADS C:\ProgramData\Temp:7C8AA9A6 deleted successfully.
ADS C:\ProgramData\Temp:4EC7F009 deleted successfully.
ADS C:\ProgramData\Temp:39EDBD33 deleted successfully.
ADS C:\ProgramData\Temp:1234ADAE deleted successfully.
ADS C:\ProgramData\Temp:F13867C6 deleted successfully.
ADS C:\ProgramData\Temp:9CF728A6 deleted successfully.
ADS C:\ProgramData\Temp:44E16D4A deleted successfully.
ADS C:\ProgramData\Temp:2DC35960 deleted successfully.
ADS C:\ProgramData\Temp:1B389835 deleted successfully.
ADS C:\ProgramData\Temp:C37283B5 deleted successfully.
ADS C:\ProgramData\Temp:A2B3764A deleted successfully.
ADS C:\ProgramData\Temp:1B3549F2 deleted successfully.
ADS C:\ProgramData\Temp:18DEBC51 deleted successfully.
ADS C:\ProgramData\Temp:16F4BC64 deleted successfully.
ADS C:\ProgramData\Temp:0E61938B deleted successfully.
ADS C:\ProgramData\Temp:F67947AF deleted successfully.
ADS C:\ProgramData\Temp:BD8010FE deleted successfully.
ADS C:\ProgramData\Temp:A6B07419 deleted successfully.
ADS C:\ProgramData\Temp:4E79C4F8 deleted successfully.
ADS C:\ProgramData\Temp:3A4676D7 deleted successfully.
ADS C:\ProgramData\Temp:10B970A9 deleted successfully.
ADS C:\ProgramData\Temp:06C34166 deleted successfully.
ADS C:\ProgramData\Temp:012BC84F deleted successfully.
ADS C:\ProgramData\Temp:CBAF0C30 deleted successfully.
ADS C:\ProgramData\Temp:4A906D4A deleted successfully.
ADS C:\ProgramData\Temp:349E5B74 deleted successfully.
ADS C:\ProgramData\Temp:274516E7 deleted successfully.
ADS C:\ProgramData\Temp:242E63C5 deleted successfully.
ADS C:\ProgramData\Temp:0E5CFA74 deleted successfully.
ADS C:\ProgramData\Temp:073139EC deleted successfully.
ADS C:\ProgramData\Temp:BA24E689 deleted successfully.
ADS C:\ProgramData\Temp:B139DDF3 deleted successfully.
ADS C:\ProgramData\Temp:4C49306C deleted successfully.
ADS C:\ProgramData\Temp:4C3D5A8B deleted successfully.
ADS C:\ProgramData\Temp:E6537A16 deleted successfully.
ADS C:\ProgramData\Temp:BAFAD1DF deleted successfully.
ADS C:\ProgramData\Temp:8AE92FD3 deleted successfully.
ADS C:\ProgramData\Temp:38849DE5 deleted successfully.
ADS C:\ProgramData\Temp:87A3A233 deleted successfully.
ADS C:\ProgramData\Temp:58EB307C deleted successfully.
ADS C:\ProgramData\Temp:3B07E6F4 deleted successfully.
ADS C:\ProgramData\Temp:19636FDD deleted successfully.
ADS C:\ProgramData\Temp:EC0279DC deleted successfully.
ADS C:\ProgramData\Temp:E40D7F76 deleted successfully.
ADS C:\ProgramData\Temp:10D45FC3 deleted successfully.
ADS C:\ProgramData\Temp:0ACF1AF5 deleted successfully.
ADS C:\ProgramData\Temp:04ADB7A6 deleted successfully.
ADS C:\ProgramData\Temp:FCBEDCFD deleted successfully.
ADS C:\ProgramData\Temp:EB2D2CC5 deleted successfully.
ADS C:\ProgramData\Temp:D999FFD5 deleted successfully.
ADS C:\ProgramData\Temp:C458CC0A deleted successfully.
ADS C:\ProgramData\Temp:BC1F7CAE deleted successfully.
ADS C:\ProgramData\Temp:9968F0E2 deleted successfully.
ADS C:\ProgramData\Temp:90C320E1 deleted successfully.
ADS C:\ProgramData\Temp:5E8C18F1 deleted successfully.
ADS C:\ProgramData\Temp:51E66512 deleted successfully.
ADS C:\ProgramData\Temp:18A6D2CC deleted successfully.
ADS C:\ProgramData\Temp:E6708F08 deleted successfully.
ADS C:\ProgramData\Temp:B285A50E deleted successfully.
ADS C:\ProgramData\Temp:9C2BD975 deleted successfully.
ADS C:\ProgramData\Temp:ED0B32CA deleted successfully.
ADS C:\ProgramData\Temp:A9056F42 deleted successfully.
ADS C:\ProgramData\Temp:07D9FF25 deleted successfully.
ADS C:\ProgramData\Temp:E2B84483 deleted successfully.
ADS C:\ProgramData\Temp:3C0887BF deleted successfully.
ADS C:\ProgramData\Temp:28819F45 deleted successfully.
ADS C:\ProgramData\Temp:EA7D76BE deleted successfully.
ADS C:\ProgramData\Temp:A1A86E40 deleted successfully.
ADS C:\ProgramData\Temp:7E4E56EA deleted successfully.
ADS C:\ProgramData\Temp:7BBC3CCD deleted successfully.
ADS C:\ProgramData\Temp:6DDD2723 deleted successfully.
ADS C:\ProgramData\Temp:54F0BBF5 deleted successfully.
ADS C:\ProgramData\Temp:217A2A36 deleted successfully.
ADS C:\ProgramData\Temp:823606DE deleted successfully.
ADS C:\ProgramData\Temp:7425C891 deleted successfully.
ADS C:\ProgramData\Temp:6FD36C4B deleted successfully.
ADS C:\ProgramData\Temp:E894A3ED deleted successfully.
ADS C:\ProgramData\Temp:D576A536 deleted successfully.
ADS C:\ProgramData\Temp:BEE39E9B deleted successfully.
ADS C:\ProgramData\Temp:A17CCD03 deleted successfully.
ADS C:\ProgramData\Temp:9E05DEB0 deleted successfully.
ADS C:\ProgramData\Temp:73B78E79 deleted successfully.
ADS C:\ProgramData\Temp:36A39835 deleted successfully.
ADS C:\ProgramData\Temp:3571475C deleted successfully.
ADS C:\ProgramData\Temp:2C86E2AD deleted successfully.
ADS C:\ProgramData\Temp:14FA5E46 deleted successfully.
ADS C:\ProgramData\Temp:F5FC5DCE deleted successfully.
ADS C:\ProgramData\Temp:F5D01D7C deleted successfully.
ADS C:\ProgramData\Temp:0968E571 deleted successfully.
ADS C:\ProgramData\Temp:F1C8B957 deleted successfully.
ADS C:\ProgramData\Temp:ED9B661E deleted successfully.
ADS C:\ProgramData\Temp:6423D635 deleted successfully.
ADS C:\ProgramData\Temp:57619D72 deleted successfully.
ADS C:\ProgramData\Temp:2652902F deleted successfully.
ADS C:\ProgramData\Temp:E32D2701 deleted successfully.
ADS C:\ProgramData\Temp:6D5A15BF deleted successfully.
ADS C:\ProgramData\Temp:58481C6F deleted successfully.
ADS C:\ProgramData\Temp:553056F1 deleted successfully.
ADS C:\ProgramData\Temp:48862C37 deleted successfully.
ADS C:\ProgramData\Temp:A9ABA3FF deleted successfully.
ADS C:\ProgramData\Temp:902C848D deleted successfully.
ADS C:\ProgramData\Temp:07C99568 deleted successfully.
ADS C:\ProgramData\Temp:FACB65E7 deleted successfully.
ADS C:\ProgramData\Temp:7EBCAF87 deleted successfully.
ADS C:\ProgramData\Temp:DEE46C4E deleted successfully.
ADS C:\ProgramData\Temp:831C6B2D deleted successfully.
ADS C:\ProgramData\Temp:7BE5BAAB deleted successfully.
ADS C:\ProgramData\Temp:38D2EA83 deleted successfully.
ADS C:\ProgramData\Temp:E3615992 deleted successfully.
ADS C:\ProgramData\Temp:88050731 deleted successfully.
ADS C:\ProgramData\Temp:6C049F97 deleted successfully.
ADS C:\ProgramData\Temp:5A2E8BBF deleted successfully.
ADS C:\ProgramData\Temp:1604D047 deleted successfully.
ADS C:\ProgramData\Temp:E0888117 deleted successfully.
ADS C:\ProgramData\Temp:DD6F157A deleted successfully.
ADS C:\ProgramData\Temp:00AA4B31 deleted successfully.
ADS C:\ProgramData\Temp:35629AE6 deleted successfully.
ADS C:\ProgramData\Temp:43E95997 deleted successfully.
ADS C:\ProgramData\Temp:723E56EC deleted successfully.
ADS C:\ProgramData\Temp:CC7738DB deleted successfully.
ADS C:\ProgramData\Temp:E9B2C525 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: bslap
->Temp folder emptied: 375941889 bytes
->Temporary Internet Files folder emptied: 109460627 bytes
->Java cache emptied: 41259153 bytes
->FireFox cache emptied: 17451877 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 32890880 bytes
->Opera cache emptied: 21375444 bytes
->Flash cache emptied: 1068493 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Johannes
->Temp folder emptied: 322280901 bytes
->Temporary Internet Files folder emptied: 429567190 bytes
->Java cache emptied: 772293 bytes
->Opera cache emptied: 17331620 bytes
->Flash cache emptied: 304300 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 502530513 bytes
RecycleBin emptied: 3179214351 bytes

Total Files Cleaned = 4.817,00 mb


[EMPTYFLASH]

User: All Users

User: bslap
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Johannes
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.56.0 log created on 08072012_121919

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


:dankeschoen:

cosinus 08.08.2012 15:09
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

mobspot 08.08.2012 19:29
Hi Arne,

hier nun das TDSS-File.

20:23:35.0521 0540 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
20:23:35.0537 0540 ============================================================
20:23:35.0537 0540 Current date / time: 2012/08/08 20:23:35.0537
20:23:35.0537 0540 SystemInfo:
20:23:35.0537 0540
20:23:35.0537 0540 OS Version: 6.1.7600 ServicePack: 0.0
20:23:35.0537 0540 Product type: Workstation
20:23:35.0537 0540 ComputerName: BSLAP-PC
20:23:35.0537 0540 UserName: bslap
20:23:35.0537 0540 Windows directory: C:\Windows
20:23:35.0537 0540 System windows directory: C:\Windows
20:23:35.0537 0540 Processor architecture: Intel x86
20:23:35.0537 0540 Number of processors: 4
20:23:35.0537 0540 Page size: 0x1000
20:23:35.0537 0540 Boot type: Normal boot
20:23:35.0537 0540 ============================================================
20:23:38.0267 0540 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:23:38.0282 0540 ============================================================
20:23:38.0282 0540 \Device\Harddisk0\DR0:
20:23:38.0298 0540 MBR partitions:
20:23:38.0298 0540 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x12A3000
20:23:38.0298 0540 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x12B7000, BlocksNum 0xDD19EE5
20:23:38.0313 0540 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xEFD0F24, BlocksNum 0xA8A6AC1
20:23:38.0345 0540 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x19877A24, BlocksNum 0xBBB5C9D
20:23:38.0345 0540 ============================================================
20:23:38.0454 0540 Q: <-> \Device\Harddisk0\DR0\Partition3
20:23:38.0533 0540 C: <-> \Device\Harddisk0\DR0\Partition1
20:23:38.0626 0540 P: <-> \Device\Harddisk0\DR0\Partition2
20:23:38.0626 0540 ============================================================
20:23:38.0626 0540 Initialize success
20:23:38.0626 0540 ============================================================
20:24:18.0484 3888 ============================================================
20:24:18.0484 3888 Scan started
20:24:18.0484 3888 Mode: Manual; SigCheck; TDLFS;
20:24:18.0484 3888 ============================================================
20:24:19.0186 3888 1394ohci (bf02f806c873abb04b197161e8e5a316) C:\Windows\system32\DRIVERS\1394ohci.sys
20:24:19.0264 3888 1394ohci - ok
20:24:19.0296 3888 Acceler (3c189400c996a4301c3f1bd93c9c1a17) C:\Windows\system32\DRIVERS\Acceler.sys
20:24:19.0311 3888 Acceler - ok
20:24:19.0342 3888 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
20:24:19.0358 3888 ACPI - ok
20:24:19.0374 3888 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
20:24:19.0436 3888 AcpiPmi - ok
20:24:19.0498 3888 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
20:24:19.0514 3888 adp94xx - ok
20:24:19.0530 3888 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
20:24:19.0561 3888 adpahci - ok
20:24:19.0576 3888 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
20:24:19.0576 3888 adpu320 - ok
20:24:19.0623 3888 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
20:24:19.0654 3888 AeLookupSvc - ok
20:24:19.0748 3888 AESTFilters (827dbc22c96eecf6d36a13162fabafd3) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\aestsrv.exe
20:24:19.0795 3888 AESTFilters - ok
20:24:19.0888 3888 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
20:24:19.0935 3888 AFD - ok
20:24:19.0966 3888 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
20:24:19.0982 3888 agp440 - ok
20:24:20.0029 3888 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
20:24:20.0044 3888 aic78xx - ok
20:24:20.0076 3888 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
20:24:20.0107 3888 ALG - ok
20:24:20.0138 3888 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
20:24:20.0154 3888 aliide - ok
20:24:20.0154 3888 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
20:24:20.0169 3888 amdagp - ok
20:24:20.0169 3888 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
20:24:20.0185 3888 amdide - ok
20:24:20.0200 3888 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
20:24:20.0232 3888 AmdK8 - ok
20:24:20.0247 3888 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
20:24:20.0263 3888 AmdPPM - ok
20:24:20.0310 3888 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
20:24:20.0325 3888 amdsata - ok
20:24:20.0356 3888 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
20:24:20.0372 3888 amdsbs - ok
20:24:20.0403 3888 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
20:24:20.0403 3888 amdxata - ok
20:24:20.0559 3888 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe
20:24:20.0575 3888 AntiVirSchedulerService - ok
20:24:20.0622 3888 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
20:24:20.0637 3888 AntiVirService - ok
20:24:20.0715 3888 AppHostSvc (ba494509ccd115197450f3ce5b76d7cc) C:\Windows\system32\inetsrv\apphostsvc.dll
20:24:20.0762 3888 AppHostSvc - ok
20:24:20.0778 3888 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
20:24:20.0840 3888 AppID - ok
20:24:20.0887 3888 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
20:24:20.0996 3888 AppIDSvc - ok
20:24:21.0012 3888 Appinfo (7dead9e3f65dcb2794f2711003bbf650) C:\Windows\System32\appinfo.dll
20:24:21.0043 3888 Appinfo - ok
20:24:21.0199 3888 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:24:21.0214 3888 Apple Mobile Device - ok
20:24:21.0246 3888 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
20:24:21.0261 3888 AppMgmt - ok
20:24:21.0292 3888 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
20:24:21.0308 3888 arc - ok
20:24:21.0324 3888 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
20:24:21.0339 3888 arcsas - ok
20:24:21.0433 3888 ASPI (e54e27976e2c5a6465d44c10b1d87ac0) C:\Windows\System32\DRIVERS\ASPI32.sys
20:24:21.0448 3888 ASPI ( UnsignedFile.Multi.Generic ) - warning
20:24:21.0448 3888 ASPI - detected UnsignedFile.Multi.Generic (1)
20:24:21.0464 3888 ASPI32 (e54e27976e2c5a6465d44c10b1d87ac0) C:\Windows\system32\drivers\ASPI32.sys
20:24:21.0464 3888 ASPI32 ( UnsignedFile.Multi.Generic ) - warning
20:24:21.0464 3888 ASPI32 - detected UnsignedFile.Multi.Generic (1)
20:24:21.0558 3888 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
20:24:21.0636 3888 aspnet_state - ok
20:24:21.0667 3888 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
20:24:21.0714 3888 AsyncMac - ok
20:24:21.0760 3888 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
20:24:21.0776 3888 atapi - ok
20:24:21.0823 3888 AudioEndpointBuilder (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
20:24:21.0885 3888 AudioEndpointBuilder - ok
20:24:21.0885 3888 Audiosrv (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
20:24:21.0932 3888 Audiosrv - ok
20:24:22.0010 3888 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
20:24:22.0026 3888 avgntflt - ok
20:24:22.0088 3888 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
20:24:22.0104 3888 avipbb - ok
20:24:22.0135 3888 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
20:24:22.0150 3888 avkmgr - ok
20:24:22.0244 3888 AVM IGD CTRL Service (6345d23c4e69e35f3d70169153b5d048) C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
20:24:22.0275 3888 AVM IGD CTRL Service ( UnsignedFile.Multi.Generic ) - warning
20:24:22.0275 3888 AVM IGD CTRL Service - detected UnsignedFile.Multi.Generic (1)
20:24:22.0322 3888 AxInstSV (dd6a431b43e34b91a767d1ce33728175) C:\Windows\System32\AxInstSV.dll
20:24:22.0369 3888 AxInstSV - ok
20:24:22.0416 3888 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
20:24:22.0462 3888 b06bdrv - ok
20:24:22.0494 3888 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
20:24:22.0525 3888 b57nd60x - ok
20:24:22.0618 3888 BBSvc (2ed050291bc1d7f9e322e328db3aaecf) C:\Program Files\Microsoft\BingBar\BBSvc.EXE
20:24:22.0634 3888 BBSvc - ok
20:24:22.0665 3888 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
20:24:22.0681 3888 BBUpdate - ok
20:24:22.0712 3888 BCM42RLY (94f2dc372163d520d7b1dad78ae40b5e) C:\Windows\system32\drivers\BCM42RLY.sys
20:24:22.0728 3888 BCM42RLY - ok
20:24:22.0868 3888 BCM43XX (f689c5965cefad780a2948546703bd5d) C:\Windows\system32\DRIVERS\bcmwl6.sys
20:24:22.0915 3888 BCM43XX - ok
20:24:23.0055 3888 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
20:24:23.0071 3888 BDESVC - ok
20:24:23.0118 3888 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
20:24:23.0164 3888 Beep - ok
20:24:23.0211 3888 BFE (85ac71c045ceb054ed48a7841aae0c11) C:\Windows\System32\bfe.dll
20:24:23.0274 3888 BFE - ok
20:24:23.0320 3888 BITS (53f476476f55a27f580661bde09c4ec4) C:\Windows\System32\qmgr.dll
20:24:23.0383 3888 BITS - ok
20:24:23.0414 3888 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
20:24:23.0430 3888 blbdrive - ok
20:24:23.0508 3888 BMLoad (d002033c1a37f6af51b5f0ba6d0211bc) C:\Windows\system32\drivers\BMLoad.sys
20:24:23.0508 3888 BMLoad ( UnsignedFile.Multi.Generic ) - warning
20:24:23.0508 3888 BMLoad - detected UnsignedFile.Multi.Generic (1)
20:24:23.0648 3888 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
20:24:23.0664 3888 Bonjour Service - ok
20:24:23.0710 3888 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
20:24:23.0742 3888 bowser - ok
20:24:23.0757 3888 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:24:23.0804 3888 BrFiltLo - ok
20:24:23.0820 3888 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:24:23.0851 3888 BrFiltUp - ok
20:24:23.0898 3888 Browser (598e1280e7ff3744f4b8329366cc5635) C:\Windows\System32\browser.dll
20:24:23.0929 3888 Browser - ok
20:24:23.0976 3888 BrSerIb (08c7e41ff10f56e83b4f10b5e8b1e8b6) C:\Windows\system32\DRIVERS\BrSerIb.sys
20:24:24.0022 3888 BrSerIb - ok
20:24:24.0038 3888 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
20:24:24.0085 3888 Brserid - ok
20:24:24.0100 3888 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
20:24:24.0132 3888 BrSerWdm - ok
20:24:24.0147 3888 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:24:24.0178 3888 BrUsbMdm - ok
20:24:24.0210 3888 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
20:24:24.0241 3888 BrUsbSer - ok
20:24:24.0256 3888 BrUsbSIb (2132a117160f2a96a13c044ae9bced91) C:\Windows\system32\DRIVERS\BrUsbSIb.sys
20:24:24.0272 3888 BrUsbSIb - ok
20:24:24.0303 3888 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
20:24:24.0350 3888 BthEnum - ok
20:24:24.0366 3888 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
20:24:24.0397 3888 BTHMODEM - ok
20:24:24.0412 3888 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
20:24:24.0444 3888 BthPan - ok
20:24:24.0475 3888 BTHPORT (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys
20:24:24.0506 3888 BTHPORT - ok
20:24:24.0537 3888 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
20:24:24.0568 3888 bthserv - ok
20:24:24.0568 3888 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys
20:24:24.0600 3888 BTHUSB - ok
20:24:24.0631 3888 btwaudio (7e826be3b3558208d5c9b00034e51be5) C:\Windows\system32\drivers\btwaudio.sys
20:24:24.0646 3888 btwaudio - ok
20:24:24.0662 3888 btwavdt (af9148c3e844131ac954cb53ff43d971) C:\Windows\system32\DRIVERS\btwavdt.sys
20:24:24.0662 3888 btwavdt - ok
20:24:24.0787 3888 btwdins (45f36763576b8ae91e809337dc7ce4e6) c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
20:24:24.0802 3888 btwdins - ok
20:24:24.0818 3888 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\Windows\system32\DRIVERS\btwl2cap.sys
20:24:24.0818 3888 btwl2cap - ok
20:24:24.0834 3888 btwrchid (480b3d195854b2e55299cddddc50bcf9) C:\Windows\system32\DRIVERS\btwrchid.sys
20:24:24.0849 3888 btwrchid - ok
20:24:24.0912 3888 cbfs3 (afab1d4cab04218cbab0ae69625d0d65) C:\Windows\system32\drivers\cbfs3.sys
20:24:24.0927 3888 cbfs3 - ok
20:24:24.0974 3888 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
20:24:25.0021 3888 cdfs - ok
20:24:25.0052 3888 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
20:24:25.0068 3888 cdrom - ok
20:24:25.0114 3888 CertPropSvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
20:24:25.0146 3888 CertPropSvc - ok
20:24:25.0177 3888 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
20:24:25.0192 3888 circlass - ok
20:24:25.0224 3888 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
20:24:25.0239 3888 CLFS - ok
20:24:25.0317 3888 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:24:25.0317 3888 clr_optimization_v2.0.50727_32 - ok
20:24:25.0395 3888 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:24:25.0473 3888 clr_optimization_v4.0.30319_32 - ok
20:24:25.0520 3888 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
20:24:25.0536 3888 CmBatt - ok
20:24:25.0536 3888 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
20:24:25.0551 3888 cmdide - ok
20:24:25.0598 3888 CNG (db5e008b3744dd60c8498cbbf2a1cfa6) C:\Windows\system32\Drivers\cng.sys
20:24:25.0645 3888 CNG - ok
20:24:25.0660 3888 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
20:24:25.0660 3888 Compbatt - ok
20:24:25.0707 3888 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
20:24:25.0723 3888 CompositeBus - ok
20:24:25.0738 3888 COMSysApp - ok
20:24:25.0785 3888 CP_OMDRV (a690ebaffffb0d46e2a39f105b61e92f) C:\Windows\system32\drivers\omdrv.sys
20:24:25.0801 3888 CP_OMDRV ( UnsignedFile.Multi.Generic ) - warning
20:24:25.0801 3888 CP_OMDRV - detected UnsignedFile.Multi.Generic (1)
20:24:25.0832 3888 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
20:24:25.0848 3888 crcdisk - ok
20:24:25.0894 3888 CryptSvc (520a108a2657f4bca7fced9ca7d885de) C:\Windows\system32\cryptsvc.dll
20:24:25.0926 3888 CryptSvc - ok
20:24:25.0972 3888 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
20:24:26.0019 3888 CSC - ok
20:24:26.0050 3888 CscService (56fb5f222ea30d3d3fc459879772cb73) C:\Windows\System32\cscsvc.dll
20:24:26.0082 3888 CscService - ok
20:24:26.0113 3888 CtAudDrv (0f538df1673e5216f3baacb6911d9d0f) C:\Windows\system32\Drivers\CtAudDrv.sys
20:24:26.0160 3888 CtAudDrv - ok
20:24:26.0191 3888 CtClsFlt (9a6ca307151505730dbfc91d97f01c7e) C:\Windows\system32\DRIVERS\CtClsFlt.sys
20:24:26.0206 3888 CtClsFlt - ok
20:24:26.0269 3888 DcomLaunch (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
20:24:26.0316 3888 DcomLaunch - ok
20:24:26.0347 3888 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
20:24:26.0394 3888 defragsvc - ok
20:24:26.0503 3888 de_serv (3946a70bd9d2c758bbea429c7d0f7ca0) C:\Program Files\Common Files\AVM\de_serv.exe
20:24:26.0534 3888 de_serv ( UnsignedFile.Multi.Generic ) - warning
20:24:26.0534 3888 de_serv - detected UnsignedFile.Multi.Generic (1)
20:24:26.0581 3888 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
20:24:26.0628 3888 DfsC - ok
20:24:26.0674 3888 Dhcp (c56495fbd770712367cad35e5de72da6) C:\Windows\system32\dhcpcore.dll
20:24:26.0706 3888 Dhcp - ok
20:24:26.0737 3888 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
20:24:26.0784 3888 discache - ok
20:24:26.0815 3888 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
20:24:26.0830 3888 Disk - ok
20:24:26.0862 3888 Dnscache (b15be77a2bacf9c3177d27518afe26a9) C:\Windows\System32\dnsrslvr.dll
20:24:26.0893 3888 Dnscache - ok
20:24:26.0908 3888 dot3svc (4408c85c21eea48eb0ce486baeef0502) C:\Windows\System32\dot3svc.dll
20:24:26.0955 3888 dot3svc - ok
20:24:27.0049 3888 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
20:24:27.0064 3888 Dot4 - ok
20:24:27.0096 3888 Dot4Print (c25fea07a8e7767e8b89ab96a3b96519) C:\Windows\system32\DRIVERS\Dot4Prt.sys
20:24:27.0127 3888 Dot4Print - ok
20:24:27.0142 3888 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
20:24:27.0174 3888 dot4usb - ok
20:24:27.0205 3888 DPS (7fa81c6e11caa594adb52084da73a1e5) C:\Windows\system32\dps.dll
20:24:27.0252 3888 DPS - ok
20:24:27.0298 3888 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
20:24:27.0330 3888 drmkaud - ok
20:24:27.0376 3888 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
20:24:27.0408 3888 DXGKrnl - ok
20:24:27.0439 3888 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
20:24:27.0470 3888 EapHost - ok
20:24:27.0642 3888 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
20:24:27.0704 3888 ebdrv - ok
20:24:27.0813 3888 EFS (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\System32\lsass.exe
20:24:27.0860 3888 EFS - ok
20:24:27.0954 3888 ehRecvr (1697c39978cd69f6fbc15302edcece1f) C:\Windows\ehome\ehRecvr.exe
20:24:28.0000 3888 ehRecvr - ok
20:24:28.0032 3888 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
20:24:28.0078 3888 ehSched - ok
20:24:28.0156 3888 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
20:24:28.0172 3888 elxstor - ok
20:24:28.0203 3888 epmntdrv (539ca34fbc74ec366a0d751028c32a08) C:\Windows\system32\epmntdrv.sys
20:24:28.0234 3888 epmntdrv ( UnsignedFile.Multi.Generic ) - warning
20:24:28.0234 3888 epmntdrv - detected UnsignedFile.Multi.Generic (1)
20:24:28.0250 3888 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
20:24:28.0281 3888 ErrDev - ok
20:24:28.0312 3888 EuGdiDrv (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\Windows\system32\EuGdiDrv.sys
20:24:28.0328 3888 EuGdiDrv ( UnsignedFile.Multi.Generic ) - warning
20:24:28.0328 3888 EuGdiDrv - detected UnsignedFile.Multi.Generic (1)
20:24:28.0375 3888 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
20:24:28.0406 3888 EventSystem - ok
20:24:28.0453 3888 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
20:24:28.0484 3888 exfat - ok
20:24:28.0500 3888 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
20:24:28.0531 3888 fastfat - ok
20:24:28.0578 3888 Fax (f7ea23cc5e6bf2181f3f399d54f6efc1) C:\Windows\system32\fxssvc.exe
20:24:28.0624 3888 Fax - ok
20:24:28.0640 3888 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
20:24:28.0671 3888 fdc - ok
20:24:28.0687 3888 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
20:24:28.0734 3888 fdPHost - ok
20:24:28.0749 3888 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
20:24:28.0780 3888 FDResPub - ok
20:24:28.0780 3888 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
20:24:28.0796 3888 FileInfo - ok
20:24:28.0812 3888 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
20:24:28.0843 3888 Filetrace - ok
20:24:28.0843 3888 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
20:24:28.0874 3888 flpydisk - ok
20:24:28.0921 3888 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
20:24:28.0936 3888 FltMgr - ok
20:24:28.0999 3888 FontCache (151258fc2ec8c48bdf8a53350ae0a676) C:\Windows\system32\FntCache.dll
20:24:29.0046 3888 FontCache - ok
20:24:29.0139 3888 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:24:29.0139 3888 FontCache3.0.0.0 - ok
20:24:29.0170 3888 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
20:24:29.0170 3888 FsDepends - ok
20:24:29.0202 3888 Fs_Rec (500a9814fd9446a8126858a5a7f7d273) C:\Windows\system32\drivers\Fs_Rec.sys
20:24:29.0217 3888 Fs_Rec - ok
20:24:29.0233 3888 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
20:24:29.0264 3888 fvevol - ok
20:24:29.0404 3888 FW1 (6c55e8e5ee49c504da31df7652a70375) C:\Windows\system32\DRIVERS\fw.sys
20:24:29.0451 3888 FW1 - ok
20:24:29.0560 3888 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:24:29.0576 3888 gagp30kx - ok
20:24:29.0623 3888 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:24:29.0638 3888 GEARAspiWDM - ok
20:24:29.0685 3888 gpsvc (8ba3c04702bf8f927ab36ae8313ca4ee) C:\Windows\System32\gpsvc.dll
20:24:29.0732 3888 gpsvc - ok
20:24:29.0857 3888 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
20:24:29.0857 3888 gupdate - ok
20:24:29.0872 3888 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
20:24:29.0888 3888 gupdatem - ok
20:24:29.0919 3888 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
20:24:29.0950 3888 hcw85cir - ok
20:24:29.0982 3888 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:24:29.0997 3888 HDAudBus - ok
20:24:30.0028 3888 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\Windows\system32\DRIVERS\HECI.sys
20:24:30.0106 3888 HECI - ok
20:24:30.0106 3888 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
20:24:30.0138 3888 HidBatt - ok
20:24:30.0169 3888 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
20:24:30.0200 3888 HidBth - ok
20:24:30.0216 3888 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
20:24:30.0247 3888 HidIr - ok
20:24:30.0294 3888 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
20:24:30.0325 3888 hidserv - ok
20:24:30.0372 3888 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
20:24:30.0387 3888 HidUsb - ok
20:24:30.0403 3888 hkmsvc (741c2a45ca8407e374aaba3e330b7872) C:\Windows\system32\kmsvc.dll
20:24:30.0434 3888 hkmsvc - ok
20:24:30.0465 3888 HomeGroupListener (a768ca158bb06782a2835b907f4873c3) C:\Windows\system32\ListSvc.dll
20:24:30.0496 3888 HomeGroupListener - ok
20:24:30.0528 3888 HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) C:\Windows\system32\provsvc.dll
20:24:30.0559 3888 HomeGroupProvider - ok
20:24:30.0684 3888 hpqcxs08 (08457d8f8149757c70cea59c71ec5d27) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
20:24:30.0699 3888 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
20:24:30.0699 3888 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
20:24:30.0730 3888 hpqddsvc (75cc8c5146a3fb76221a7606628778d5) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
20:24:30.0730 3888 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
20:24:30.0730 3888 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
20:24:30.0980 3888 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
20:24:30.0996 3888 HpSAMD - ok
20:24:32.0322 3888 HPSLPSVC (83db5dd8be71cba5447fbd7a48fdbeda) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
20:24:32.0400 3888 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
20:24:32.0400 3888 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
20:24:32.0509 3888 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
20:24:32.0571 3888 HTTP - ok
20:24:32.0712 3888 hwdatacard (988c0a49f09d75d3341cb419141793c1) C:\Windows\system32\DRIVERS\ewusbmdm.sys
20:24:32.0727 3888 hwdatacard - ok
20:24:32.0743 3888 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
20:24:32.0758 3888 hwpolicy - ok
20:24:32.0821 3888 hwusbdev (a259d3619aa23d4562581067f85e2006) C:\Windows\system32\DRIVERS\ewusbdev.sys
20:24:32.0868 3888 hwusbdev - ok
20:24:32.0977 3888 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
20:24:33.0024 3888 i8042prt - ok
20:24:33.0086 3888 iaStor (26541a068572f650a2fa490726fe81be) C:\Windows\system32\DRIVERS\iaStor.sys
20:24:33.0102 3888 iaStor - ok
20:24:33.0180 3888 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
20:24:33.0195 3888 iaStorV - ok
20:24:33.0304 3888 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
20:24:33.0336 3888 IDriverT ( UnsignedFile.Multi.Generic ) - warning
20:24:33.0336 3888 IDriverT - detected UnsignedFile.Multi.Generic (1)
20:24:33.0476 3888 idsvc (5af815eb5bc9802e5a064e2ba62bfc0c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:24:33.0492 3888 idsvc - ok
20:24:34.0038 3888 igfx (59fa038451070172e47d0cd347f32bc4) C:\Windows\system32\DRIVERS\igdkmd32.sys
20:24:34.0272 3888 igfx - ok
20:24:34.0412 3888 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
20:24:34.0428 3888 iirsp - ok
20:24:34.0474 3888 IKEEXT (fac0ee6562b121b1399d6e855583f7a5) C:\Windows\System32\ikeext.dll
20:24:34.0521 3888 IKEEXT - ok
20:24:34.0599 3888 Impcd (2db41ba61d5e44d0667cf126d35dcf34) C:\Windows\system32\DRIVERS\Impcd.sys
20:24:34.0615 3888 Impcd - ok
20:24:34.0755 3888 InstallFilterService (36944f997af08dd85985acbd17e8eda5) C:\Program Files\STMicroelectronics\Accelerometer\InstallFilterService.exe
20:24:34.0771 3888 InstallFilterService ( UnsignedFile.Multi.Generic ) - warning
20:24:34.0771 3888 InstallFilterService - detected UnsignedFile.Multi.Generic (1)
20:24:34.0864 3888 IntcDAud (bf31740828a26ab451803e3b35432651) C:\Windows\system32\DRIVERS\IntcDAud.sys
20:24:34.0927 3888 IntcDAud - ok
20:24:34.0974 3888 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
20:24:34.0989 3888 intelide - ok
20:24:35.0052 3888 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
20:24:35.0098 3888 intelppm - ok
20:24:35.0145 3888 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
20:24:35.0208 3888 IPBusEnum - ok
20:24:35.0239 3888 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:24:35.0270 3888 IpFilterDriver - ok
20:24:35.0317 3888 iphlpsvc (477397b432a256a50ee7e4339eb9ea14) C:\Windows\System32\iphlpsvc.dll
20:24:35.0364 3888 iphlpsvc - ok
20:24:35.0379 3888 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
20:24:35.0395 3888 IPMIDRV - ok
20:24:35.0426 3888 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
20:24:35.0473 3888 IPNAT - ok
20:24:35.0629 3888 iPod Service (e6be7a41a28d8f2db174957454d32448) C:\Program Files\iPod\bin\iPodService.exe
20:24:35.0644 3888 iPod Service - ok
20:24:35.0676 3888 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
20:24:35.0691 3888 IRENUM - ok
20:24:35.0691 3888 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
20:24:35.0707 3888 isapnp - ok
20:24:35.0722 3888 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
20:24:35.0738 3888 iScsiPrt - ok
20:24:35.0785 3888 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
20:24:35.0800 3888 kbdclass - ok
20:24:35.0816 3888 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
20:24:35.0847 3888 kbdhid - ok
20:24:35.0878 3888 KeyIso (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
20:24:35.0894 3888 KeyIso - ok
20:24:35.0925 3888 KSecDD (52fc17c8589f11747d01d3cf592673d0) C:\Windows\system32\Drivers\ksecdd.sys
20:24:35.0941 3888 KSecDD - ok
20:24:35.0956 3888 KSecPkg (3e5474b03568cfab834da3c38e8c9efa) C:\Windows\system32\Drivers\ksecpkg.sys
20:24:35.0972 3888 KSecPkg - ok
20:24:36.0003 3888 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
20:24:36.0050 3888 KtmRm - ok
20:24:36.0081 3888 LanmanServer (8f6bf790d3168224c16f2af68a84438c) C:\Windows\system32\srvsvc.dll
20:24:36.0112 3888 LanmanServer - ok
20:24:36.0144 3888 LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) C:\Windows\System32\wkssvc.dll
20:24:36.0175 3888 LanmanWorkstation - ok
20:24:36.0222 3888 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
20:24:36.0268 3888 lltdio - ok
20:24:36.0300 3888 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
20:24:36.0331 3888 lltdsvc - ok
20:24:36.0346 3888 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
20:24:36.0393 3888 lmhosts - ok
20:24:36.0518 3888 LMS (5460828f8951d310b42b442877603b8d) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
20:24:36.0534 3888 LMS - ok
20:24:36.0565 3888 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:24:36.0596 3888 LSI_FC - ok
20:24:36.0643 3888 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:24:36.0658 3888 LSI_SAS - ok
20:24:36.0674 3888 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:24:36.0690 3888 LSI_SAS2 - ok
20:24:36.0705 3888 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:24:36.0721 3888 LSI_SCSI - ok
20:24:36.0736 3888 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
20:24:36.0768 3888 luafv - ok
20:24:36.0846 3888 MCSWASVR (92063c0ac741ad5da57ce564e5913bf5) C:\Program Files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe
20:24:36.0861 3888 MCSWASVR ( UnsignedFile.Multi.Generic ) - warning
20:24:36.0861 3888 MCSWASVR - detected UnsignedFile.Multi.Generic (1)
20:24:36.0877 3888 Mcx2Svc (e2b0887816ed336685954e3d8fdaa51d) C:\Windows\system32\Mcx2Svc.dll
20:24:36.0892 3888 Mcx2Svc - ok
20:24:37.0017 3888 MDM (7cf1b716372b89568ae4c0fe769f5869) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
20:24:37.0033 3888 MDM ( UnsignedFile.Multi.Generic ) - warning
20:24:37.0033 3888 MDM - detected UnsignedFile.Multi.Generic (1)
20:24:37.0064 3888 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
20:24:37.0064 3888 megasas - ok
20:24:37.0111 3888 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
20:24:37.0126 3888 MegaSR - ok
20:24:37.0142 3888 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
20:24:37.0173 3888 MMCSS - ok
20:24:37.0189 3888 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
20:24:37.0220 3888 Modem - ok
20:24:37.0251 3888 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
20:24:37.0282 3888 monitor - ok
20:24:37.0298 3888 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
20:24:37.0314 3888 mouclass - ok
20:24:37.0314 3888 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
20:24:37.0329 3888 mouhid - ok
20:24:37.0345 3888 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
20:24:37.0360 3888 mountmgr - ok
20:24:37.0376 3888 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
20:24:37.0392 3888 mpio - ok
20:24:37.0407 3888 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
20:24:37.0438 3888 mpsdrv - ok
20:24:37.0485 3888 MpsSvc (5cd996cecf45cbc3e8d109c86b82d69e) C:\Windows\system32\mpssvc.dll
20:24:37.0532 3888 MpsSvc - ok
20:24:37.0548 3888 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
20:24:37.0563 3888 MRxDAV - ok
20:24:37.0626 3888 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:24:37.0672 3888 mrxsmb - ok
20:24:37.0704 3888 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:24:37.0750 3888 mrxsmb10 - ok
20:24:37.0766 3888 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:24:37.0782 3888 mrxsmb20 - ok
20:24:37.0797 3888 msahci (cb5d37e91135b0f15cee64d1f1ba5de5) C:\Windows\system32\DRIVERS\msahci.sys
20:24:37.0813 3888 msahci - ok
20:24:37.0828 3888 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
20:24:37.0844 3888 msdsm - ok
20:24:37.0875 3888 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
20:24:37.0906 3888 MSDTC - ok
20:24:37.0938 3888 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
20:24:37.0969 3888 Msfs - ok
20:24:37.0984 3888 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
20:24:38.0016 3888 mshidkmdf - ok
20:24:38.0047 3888 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
20:24:38.0047 3888 msisadrv - ok
20:24:38.0094 3888 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
20:24:38.0125 3888 MSiSCSI - ok
20:24:38.0125 3888 msiserver - ok
20:24:38.0140 3888 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
20:24:38.0187 3888 MSKSSRV - ok
20:24:38.0203 3888 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
20:24:38.0250 3888 MSPCLOCK - ok
20:24:38.0250 3888 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
20:24:38.0281 3888 MSPQM - ok
20:24:38.0296 3888 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
20:24:38.0312 3888 MsRPC - ok
20:24:38.0328 3888 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
20:24:38.0343 3888 mssmbios - ok
20:24:38.0468 3888 MSSQL$SQLEXPRESS - ok
20:24:38.0562 3888 MSSQLServerADHelper100 (f1761c8fb2b25a32c6d63e36bb88c3ae) C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
20:24:38.0577 3888 MSSQLServerADHelper100 - ok
20:24:38.0608 3888 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
20:24:38.0624 3888 MSTEE - ok
20:24:38.0655 3888 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
20:24:38.0686 3888 MTConfig - ok
20:24:38.0702 3888 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
20:24:38.0718 3888 Mup - ok
20:24:38.0749 3888 napagent (80284f1985c70c86f0b5f86da2dfe1df) C:\Windows\system32\qagentRT.dll
20:24:38.0796 3888 napagent - ok
20:24:38.0827 3888 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
20:24:38.0858 3888 NativeWifiP - ok
20:24:38.0967 3888 NBService (8baa0e43bc0267a462068fb3b3388da0) C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
20:24:38.0998 3888 NBService - ok
20:24:39.0045 3888 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
20:24:39.0076 3888 NDIS - ok
20:24:39.0076 3888 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
20:24:39.0123 3888 NdisCap - ok
20:24:39.0139 3888 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
20:24:39.0186 3888 NdisTapi - ok
20:24:39.0217 3888 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
20:24:39.0248 3888 Ndisuio - ok
20:24:39.0264 3888 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
20:24:39.0295 3888 NdisWan - ok
20:24:39.0310 3888 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
20:24:39.0342 3888 NDProxy - ok
20:24:39.0404 3888 Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\Windows\system32\HPZinw12.dll
20:24:39.0404 3888 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
20:24:39.0404 3888 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
20:24:39.0466 3888 Netaapl (1352e1648213551923a0a822e441553c) C:\Windows\system32\DRIVERS\netaapl.sys
20:24:39.0498 3888 Netaapl - ok
20:24:39.0529 3888 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
20:24:39.0576 3888 NetBIOS - ok
20:24:39.0622 3888 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
20:24:39.0654 3888 NetBT - ok
20:24:39.0685 3888 Netlogon (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
20:24:39.0700 3888 Netlogon - ok
20:24:39.0747 3888 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
20:24:39.0810 3888 Netman - ok
20:24:39.0919 3888 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:24:39.0950 3888 NetMsmqActivator - ok
20:24:39.0966 3888 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:24:39.0966 3888 NetPipeActivator - ok
20:24:39.0997 3888 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
20:24:40.0044 3888 netprofm - ok
20:24:40.0075 3888 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:24:40.0090 3888 NetTcpActivator - ok
20:24:40.0090 3888 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:24:40.0090 3888 NetTcpPortSharing - ok
20:24:40.0122 3888 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
20:24:40.0137 3888 nfrd960 - ok
20:24:40.0184 3888 NlaSvc (2226496e34bd40734946a054b1cd657f) C:\Windows\System32\nlasvc.dll
20:24:40.0215 3888 NlaSvc - ok
20:24:40.0356 3888 NMIndexingService (0b77d0d881931da8a067b3214384d0ca) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
20:24:40.0356 3888 NMIndexingService - ok
20:24:40.0387 3888 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
20:24:40.0434 3888 Npfs - ok
20:24:40.0434 3888 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
20:24:40.0465 3888 nsi - ok
20:24:40.0480 3888 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
20:24:40.0512 3888 nsiproxy - ok
20:24:40.0590 3888 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
20:24:40.0621 3888 Ntfs - ok
20:24:40.0746 3888 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
20:24:40.0792 3888 Null - ok
20:24:40.0808 3888 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
20:24:40.0824 3888 nvraid - ok
20:24:40.0855 3888 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
20:24:40.0855 3888 nvstor - ok
20:24:40.0870 3888 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
20:24:40.0886 3888 nv_agp - ok
20:24:41.0011 3888 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:24:41.0042 3888 odserv - ok
20:24:41.0058 3888 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
20:24:41.0104 3888 ohci1394 - ok
20:24:41.0151 3888 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:24:41.0167 3888 ose - ok
20:24:41.0198 3888 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
20:24:41.0229 3888 p2pimsvc - ok
20:24:41.0260 3888 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
20:24:41.0292 3888 p2psvc - ok
20:24:41.0307 3888 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
20:24:41.0338 3888 Parport - ok
20:24:41.0354 3888 partmgr (66d3415c159741ade7038a277efff99f) C:\Windows\system32\drivers\partmgr.sys
20:24:41.0370 3888 partmgr - ok
20:24:41.0401 3888 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
20:24:41.0432 3888 Parvdm - ok
20:24:41.0448 3888 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
20:24:41.0463 3888 PcaSvc - ok
20:24:41.0494 3888 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
20:24:41.0510 3888 pci - ok
20:24:41.0526 3888 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
20:24:41.0541 3888 pciide - ok
20:24:41.0557 3888 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
20:24:41.0572 3888 pcmcia - ok
20:24:41.0588 3888 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
20:24:41.0604 3888 pcw - ok
20:24:41.0728 3888 PDFProFiltSrv (abb10afe110b413cfbcc35fbd3970989) C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe
20:24:41.0744 3888 PDFProFiltSrv - ok
20:24:41.0791 3888 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
20:24:41.0853 3888 PEAUTH - ok
20:24:41.0916 3888 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
20:24:41.0947 3888 PeerDistSvc - ok
20:24:42.0040 3888 pla (9c1bff7910c89a1d12e57343475840cb) C:\Windows\system32\pla.dll
20:24:42.0118 3888 pla - ok
20:24:42.0259 3888 PLFlash DeviceIoControl Service (d597e8d5c35cc41d76de5dd6eda2afa1) C:\Windows\system32\IoctlSvc.exe
20:24:42.0259 3888 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
20:24:42.0259 3888 PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
20:24:42.0321 3888 PlugPlay (71def5ec79774c798342d0ea16e41780) C:\Windows\system32\umpnpmgr.dll
20:24:42.0352 3888 PlugPlay - ok
20:24:42.0415 3888 Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\Windows\system32\HPZipm12.dll
20:24:42.0430 3888 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
20:24:42.0430 3888 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
20:24:42.0508 3888 pnetmdm (da19e3401f39c10df193be029c7e7bba) C:\Windows\system32\DRIVERS\pnetmdm.sys
20:24:42.0524 3888 pnetmdm ( UnsignedFile.Multi.Generic ) - warning
20:24:42.0524 3888 pnetmdm - detected UnsignedFile.Multi.Generic (1)
20:24:42.0602 3888 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
20:24:42.0618 3888 PNRPAutoReg - ok
20:24:42.0649 3888 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
20:24:42.0664 3888 PNRPsvc - ok
20:24:42.0711 3888 PolicyAgent (48e1b75c6dc0232fd92baae4bd344721) C:\Windows\System32\ipsecsvc.dll
20:24:42.0758 3888 PolicyAgent - ok
20:24:42.0789 3888 Power (dbff83f709a91049621c1d35dd45c92c) C:\Windows\system32\umpo.dll
20:24:42.0820 3888 Power - ok
20:24:42.0852 3888 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
20:24:42.0883 3888 PptpMiniport - ok
20:24:42.0898 3888 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
20:24:42.0914 3888 Processor - ok
20:24:42.0976 3888 ProfSvc (aea3bdbdba667aa6f678cb38907e4f5e) C:\Windows\system32\profsvc.dll
20:24:43.0008 3888 ProfSvc - ok
20:24:43.0039 3888 ProtectedStorage (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
20:24:43.0054 3888 ProtectedStorage - ok
20:24:43.0086 3888 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
20:24:43.0117 3888 Psched - ok
20:24:43.0179 3888 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
20:24:43.0226 3888 ql2300 - ok
20:24:43.0335 3888 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
20:24:43.0351 3888 ql40xx - ok
20:24:43.0382 3888 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
20:24:43.0413 3888 QWAVE - ok
20:24:43.0444 3888 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
20:24:43.0460 3888 QWAVEdrv - ok
20:24:43.0460 3888 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
20:24:43.0522 3888 RasAcd - ok
20:24:43.0538 3888 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:24:43.0585 3888 RasAgileVpn - ok
20:24:43.0600 3888 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
20:24:43.0632 3888 RasAuto - ok
20:24:43.0647 3888 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:24:43.0694 3888 Rasl2tp - ok
20:24:43.0741 3888 RasMan (0ce66ec736b7fc526d78f7624c7d2a94) C:\Windows\System32\rasmans.dll
20:24:43.0772 3888 RasMan - ok
20:24:43.0788 3888 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
20:24:43.0819 3888 RasPppoe - ok
20:24:43.0834 3888 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
20:24:43.0866 3888 RasSstp - ok
20:24:43.0881 3888 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
20:24:43.0944 3888 rdbss - ok
20:24:43.0959 3888 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
20:24:43.0975 3888 rdpbus - ok
20:24:44.0006 3888 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:24:44.0022 3888 RDPCDD - ok
20:24:44.0053 3888 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
20:24:44.0100 3888 RDPDR - ok
20:24:44.0115 3888 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
20:24:44.0146 3888 RDPENCDD - ok
20:24:44.0162 3888 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
20:24:44.0178 3888 RDPREFMP - ok
20:24:44.0240 3888 RDPWD (c5b8d47a4688de9d335204ea757c2240) C:\Windows\system32\drivers\RDPWD.sys
20:24:44.0271 3888 RDPWD - ok
20:24:44.0302 3888 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
20:24:44.0318 3888 rdyboost - ok
20:24:44.0349 3888 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
20:24:44.0396 3888 RemoteAccess - ok
20:24:44.0427 3888 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
20:24:44.0458 3888 RemoteRegistry - ok
20:24:44.0490 3888 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
20:24:44.0521 3888 RFCOMM - ok
20:24:44.0536 3888 RimUsb - ok
20:24:44.0583 3888 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
20:24:44.0599 3888 RimVSerPort - ok
20:24:44.0614 3888 ROOTMODEM (564297827d213f52c7a3a2ff749568ca) C:\Windows\system32\Drivers\RootMdm.sys
20:24:44.0646 3888 ROOTMODEM - ok
20:24:44.0677 3888 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
20:24:44.0708 3888 RpcEptMapper - ok
20:24:44.0724 3888 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
20:24:44.0755 3888 RpcLocator - ok
20:24:44.0802 3888 RpcSs (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
20:24:44.0833 3888 RpcSs - ok
20:24:44.0895 3888 RsFx0105 (6a7360e36cbd636972aeef0dd292a946) C:\Windows\system32\DRIVERS\RsFx0105.sys
20:24:44.0911 3888 RsFx0105 - ok
20:24:44.0926 3888 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
20:24:44.0973 3888 rspndr - ok
20:24:45.0020 3888 RSUSBSTOR (31d45eca63884ff5f7aecc50f7d1bae0) C:\Windows\system32\Drivers\RtsUStor.sys
20:24:45.0036 3888 RSUSBSTOR - ok
20:24:45.0067 3888 RTL8167 (80b66a4181f782884a815e69d0afa743) C:\Windows\system32\DRIVERS\Rt86win7.sys
20:24:45.0082 3888 RTL8167 - ok
20:24:45.0098 3888 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
20:24:45.0114 3888 s3cap - ok
20:24:45.0145 3888 SamSs (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
20:24:45.0160 3888 SamSs - ok
20:24:45.0192 3888 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
20:24:45.0207 3888 sbp2port - ok
20:24:45.0238 3888 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
20:24:45.0285 3888 SCardSvr - ok
20:24:45.0301 3888 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
20:24:45.0332 3888 scfilter - ok
20:24:45.0441 3888 Schedule (df1e5c82e4d09cf8105cc644980c4803) C:\Windows\system32\schedsvc.dll
20:24:45.0504 3888 Schedule - ok
20:24:45.0535 3888 SCPolicySvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
20:24:45.0566 3888 SCPolicySvc - ok
20:24:45.0628 3888 SDRSVC (5fd90abdbfaee85986802622cbb03446) C:\Windows\System32\SDRSVC.dll
20:24:45.0660 3888 SDRSVC - ok
20:24:45.0816 3888 SearchAnonymizer (0f4a80438e7286a0e623582f5f2395bd) C:\Users\bslap\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
20:24:45.0816 3888 SearchAnonymizer ( UnsignedFile.Multi.Generic ) - warning
20:24:45.0816 3888 SearchAnonymizer - detected UnsignedFile.Multi.Generic (1)
20:24:45.0847 3888 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
20:24:45.0894 3888 secdrv - ok
20:24:45.0925 3888 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
20:24:45.0972 3888 seclogon - ok
20:24:46.0003 3888 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
20:24:46.0050 3888 SENS - ok
20:24:46.0065 3888 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
20:24:46.0112 3888 SensrSvc - ok
20:24:46.0159 3888 Sentinel (a2cc81c30bef6ac9f27055490eef6de3) C:\Windows\System32\Drivers\SENTINEL.SYS
20:24:46.0174 3888 Sentinel - ok
20:24:46.0190 3888 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
20:24:46.0206 3888 Serenum - ok
20:24:46.0221 3888 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
20:24:46.0252 3888 Serial - ok
20:24:46.0284 3888 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
20:24:46.0284 3888 sermouse - ok
20:24:46.0315 3888 SessionEnv (8f55ce568c543d5adf45c409d16718fc) C:\Windows\system32\sessenv.dll
20:24:46.0346 3888 SessionEnv - ok
20:24:46.0362 3888 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
20:24:46.0408 3888 sffdisk - ok
20:24:46.0424 3888 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
20:24:46.0455 3888 sffp_mmc - ok
20:24:46.0455 3888 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
20:24:46.0486 3888 sffp_sd - ok
20:24:46.0486 3888 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
20:24:46.0502 3888 sfloppy - ok
20:24:46.0549 3888 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
20:24:46.0596 3888 SharedAccess - ok
20:24:46.0627 3888 ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) C:\Windows\System32\shsvcs.dll
20:24:46.0658 3888 ShellHWDetection - ok
20:24:46.0674 3888 simptcp (f5aaa8cdda25b6387af590d676d25bad) C:\Windows\System32\tcpsvcs.exe
20:24:46.0674 3888 simptcp - ok
20:24:46.0705 3888 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
20:24:46.0705 3888 sisagp - ok
20:24:46.0720 3888 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:24:46.0736 3888 SiSRaid2 - ok
20:24:46.0752 3888 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
20:24:46.0767 3888 SiSRaid4 - ok
20:24:46.0783 3888 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
20:24:46.0845 3888 Smb - ok
20:24:46.0876 3888 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
20:24:46.0908 3888 SNMPTRAP - ok
20:24:46.0923 3888 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
20:24:46.0923 3888 spldr - ok
20:24:47.0001 3888 Spooler (d1bb750eb51694de183e08b9c33be5b2) C:\Windows\System32\spoolsv.exe
20:24:47.0017 3888 Spooler - ok
20:24:47.0173 3888 sppsvc (4c287f9069fedbd791178876ee9de536) C:\Windows\system32\sppsvc.exe
20:24:47.0235 3888 sppsvc - ok
20:24:47.0360 3888 sppuinotify (d8e3e19eebdab49dd4a8d3062ead4ec7) C:\Windows\system32\sppuinotify.dll
20:24:47.0391 3888 sppuinotify - ok
20:24:47.0547 3888 SQLAgent$SQLEXPRESS (a892134c28777978ecde8283dc57ac0f) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
20:24:47.0578 3888 SQLAgent$SQLEXPRESS - ok
20:24:47.0625 3888 SQLBrowser (10d936dced9eacd1a1b3fcdda6d7a4eb) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
20:24:47.0641 3888 SQLBrowser - ok
20:24:47.0672 3888 SQLWriter (135cdccc167ef0c250125bbd3abe18d5) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
20:24:47.0688 3888 SQLWriter - ok
20:24:47.0766 3888 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
20:24:47.0797 3888 srv - ok
20:24:47.0844 3888 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
20:24:47.0875 3888 srv2 - ok
20:24:47.0890 3888 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
20:24:47.0922 3888 srvnet - ok
20:24:48.0031 3888 SR_Service (5e8fb8c98d47979f2c87bf424b1a9664) C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
20:24:48.0031 3888 SR_Service - ok
20:24:48.0078 3888 SR_Watchdog (45093a44ca49dc73c414aeffe42fb8a1) C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
20:24:48.0078 3888 SR_Watchdog - ok
20:24:48.0109 3888 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
20:24:48.0156 3888 SSDPSRV - ok
20:24:48.0218 3888 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
20:24:48.0218 3888 ssmdrv - ok
20:24:48.0234 3888 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
20:24:48.0265 3888 SstpSvc - ok
20:24:48.0358 3888 STacSV (fbaa145c28074c853529050914d405c6) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\STacSV.exe
20:24:48.0374 3888 STacSV - ok
20:24:48.0405 3888 stdflt (972f577308b006070de8d09573dbae53) C:\Windows\system32\DRIVERS\stdflt.sys
20:24:48.0421 3888 stdflt - ok
20:24:48.0436 3888 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
20:24:48.0452 3888 stexstor - ok
20:24:48.0483 3888 STHDA (06cbb271f42ef70fb6ef372c491ba9aa) C:\Windows\system32\DRIVERS\stwrt.sys
20:24:48.0514 3888 STHDA - ok
20:24:48.0546 3888 StillCam (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
20:24:48.0577 3888 StillCam - ok
20:24:48.0624 3888 StiSvc (a22825e7bb7018e8af3e229a5af17221) C:\Windows\System32\wiaservc.dll
20:24:48.0670 3888 StiSvc - ok
20:24:48.0686 3888 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
20:24:48.0702 3888 storflt - ok
20:24:48.0717 3888 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
20:24:48.0733 3888 StorSvc - ok
20:24:48.0748 3888 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
20:24:48.0764 3888 storvsc - ok
20:24:48.0780 3888 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
20:24:48.0780 3888 swenum - ok
20:24:48.0811 3888 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
20:24:48.0873 3888 swprv - ok
20:24:48.0920 3888 SynTP (cf196a45fd61118c95585489fad5b2aa) C:\Windows\system32\DRIVERS\SynTP.sys
20:24:48.0982 3888 SynTP - ok
20:24:49.0903 3888 SysMain (04105c8da62353589c29bdaeb8d88bd8) C:\Windows\system32\sysmain.dll
20:24:50.0028 3888 SysMain - ok
20:24:50.0121 3888 TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) C:\Windows\System32\TabSvc.dll
20:24:50.0152 3888 TabletInputService - ok
20:24:50.0168 3888 TapiSrv (2f46b0c70a4adc8c90cf825da3b4feaf) C:\Windows\System32\tapisrv.dll
20:24:50.0199 3888 TapiSrv - ok
20:24:50.0230 3888 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
20:24:50.0277 3888 TBS - ok
20:24:50.0402 3888 Tcpip (55e9965552741f3850cb22cbba9671ed) C:\Windows\system32\drivers\tcpip.sys
20:24:50.0433 3888 Tcpip - ok
20:24:50.0620 3888 TCPIP6 (55e9965552741f3850cb22cbba9671ed) C:\Windows\system32\DRIVERS\tcpip.sys
20:24:50.0652 3888 TCPIP6 - ok
20:24:50.0854 3888 tcpipBM (dcfeb82ca988598ceb8f83148616038e) C:\Windows\system32\drivers\tcpipBM.sys
20:24:50.0854 3888 tcpipBM ( UnsignedFile.Multi.Generic ) - warning
20:24:50.0854 3888 tcpipBM - detected UnsignedFile.Multi.Generic (1)
20:24:50.0886 3888 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
20:24:50.0964 3888 tcpipreg - ok
20:24:50.0979 3888 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
20:24:51.0026 3888 TDPIPE - ok
20:24:51.0073 3888 TDTCP (7156308896d34ea75a582f9a09e50c17) C:\Windows\system32\drivers\tdtcp.sys
20:24:51.0104 3888 TDTCP - ok
20:24:51.0120 3888 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
20:24:51.0151 3888 tdx - ok
20:24:51.0166 3888 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
20:24:51.0182 3888 TermDD - ok
20:24:51.0229 3888 TermService (a01e50a04d7b1960b33e92b9080e6a94) C:\Windows\System32\termsrv.dll
20:24:51.0260 3888 TermService - ok
20:24:51.0276 3888 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
20:24:51.0291 3888 Themes - ok
20:24:51.0322 3888 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
20:24:51.0354 3888 THREADORDER - ok
20:24:51.0385 3888 TlntSvr (ce92b84ed806f1c5c340a51dfd3e49bc) C:\Windows\System32\tlntsvr.exe
20:24:51.0400 3888 TlntSvr - ok
20:24:51.0447 3888 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
20:24:51.0494 3888 TrkWks - ok
20:24:51.0619 3888 TrustedInstaller (41a4c781d2286208d397d72099304133) C:\Windows\servicing\TrustedInstaller.exe
20:24:51.0634 3888 TrustedInstaller - ok
20:24:51.0634 3888 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:24:51.0681 3888 tssecsrv - ok
20:24:51.0728 3888 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
20:24:51.0759 3888 tunnel - ok
20:24:51.0884 3888 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
20:24:51.0900 3888 uagp35 - ok
20:24:52.0227 3888 udfs (eb0a7bd4d471ac3ce55564a4c55b9d8e) C:\Windows\system32\DRIVERS\udfs.sys
20:24:52.0305 3888 udfs - ok
20:24:52.0336 3888 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
20:24:52.0352 3888 UI0Detect - ok
20:24:52.0414 3888 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
20:24:52.0430 3888 uliagpkx - ok
20:24:52.0524 3888 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
20:24:52.0570 3888 umbus - ok
20:24:52.0602 3888 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
20:24:52.0617 3888 UmPass - ok
20:24:52.0695 3888 UmRdpService (8ecaca5454844f66386f7be4ae0d7cd1) C:\Windows\System32\umrdp.dll
20:24:52.0726 3888 UmRdpService - ok
20:24:53.0007 3888 UNS (9e89c2d6945389270de067ce51ff7425) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
20:24:53.0085 3888 UNS - ok
20:24:53.0304 3888 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
20:24:53.0350 3888 upnphost - ok
20:24:53.0428 3888 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
20:24:53.0475 3888 USBAAPL - ok
20:24:53.0506 3888 usbccgp (5c233aefb566ee78c1efbc0493fb066a) C:\Windows\system32\DRIVERS\usbccgp.sys
20:24:53.0522 3888 usbccgp - ok
20:24:53.0709 3888 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
20:24:53.0756 3888 usbcir - ok
20:24:53.0834 3888 usbehci (5b71019a6aca0116fd21b368f19c0b91) C:\Windows\system32\drivers\usbehci.sys
20:24:53.0850 3888 usbehci - ok
20:24:54.0661 3888 usbhub (5823d3965c2a4f6f785ed1a3b403f3b8) C:\Windows\system32\DRIVERS\usbhub.sys
20:24:54.0770 3888 usbhub - ok
20:24:54.0848 3888 usbohci (e753ed6c49da13967ebabf9ea616454a) C:\Windows\system32\drivers\usbohci.sys
20:24:54.0848 3888 usbohci - ok
20:24:54.0879 3888 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
20:24:54.0926 3888 usbprint - ok
20:24:54.0973 3888 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
20:24:54.0988 3888 usbscan - ok
20:24:55.0004 3888 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:24:55.0035 3888 USBSTOR - ok
20:24:55.0051 3888 usbuhci (6a30928a469ce802600e1ea8c0f2f53f) C:\Windows\system32\drivers\usbuhci.sys
20:24:55.0066 3888 usbuhci - ok
20:24:55.0129 3888 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\system32\Drivers\usbvideo.sys
20:24:55.0176 3888 usbvideo - ok
20:24:55.0191 3888 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows\system32\DRIVERS\usb8023x.sys
20:24:55.0207 3888 usb_rndisx - ok
20:24:55.0238 3888 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
20:24:55.0269 3888 UxSms - ok
20:24:55.0332 3888 VaultSvc (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
20:24:55.0347 3888 VaultSvc - ok
20:24:55.0363 3888 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
20:24:55.0378 3888 vdrvroot - ok
20:24:55.0425 3888 vds (8c4e7c49d3641bc9e299e466a7f8867d) C:\Windows\System32\vds.exe
20:24:55.0488 3888 vds - ok
20:24:55.0519 3888 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
20:24:55.0534 3888 vga - ok
20:24:55.0566 3888 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
20:24:55.0597 3888 VgaSave - ok
20:24:55.0722 3888 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
20:24:55.0737 3888 vhdmp - ok
20:24:55.0815 3888 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
20:24:55.0831 3888 viaagp - ok
20:24:55.0909 3888 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
20:24:55.0940 3888 ViaC7 - ok
20:24:55.0987 3888 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
20:24:55.0987 3888 viaide - ok
20:24:56.0112 3888 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
20:24:56.0143 3888 vmbus - ok
20:24:56.0143 3888 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
20:24:56.0158 3888 VMBusHID - ok
20:24:56.0205 3888 VNASC (405df0b2f8d0616353ecc829622d77ac) C:\Windows\system32\DRIVERS\vnasc.sys
20:24:56.0221 3888 VNASC - ok
20:24:56.0268 3888 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
20:24:56.0283 3888 volmgr - ok
20:24:56.0299 3888 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
20:24:56.0330 3888 volmgrx - ok
20:24:56.0346 3888 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
20:24:56.0361 3888 volsnap - ok
20:24:56.0439 3888 VPN-1 (002014fc59eee5e11bf7d6a555b11227) C:\Windows\System32\drivers\vpn.sys
20:24:56.0455 3888 VPN-1 - ok
20:24:56.0486 3888 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
20:24:56.0502 3888 vsmraid - ok
20:24:56.0782 3888 VSS (7ea2bcd94d9cfaf4c556f5cc94532a6c) C:\Windows\system32\vssvc.exe
20:24:56.0829 3888 VSS - ok
20:24:56.0954 3888 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
20:24:57.0016 3888 vwifibus - ok
20:24:57.0048 3888 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
20:24:57.0094 3888 vwififlt - ok
20:24:57.0172 3888 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
20:24:57.0204 3888 vwifimp - ok
20:24:57.0328 3888 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
20:24:57.0360 3888 W32Time - ok
20:24:57.0406 3888 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
20:24:57.0422 3888 WacomPen - ok
20:24:57.0469 3888 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
20:24:57.0500 3888 WANARP - ok
20:24:57.0500 3888 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
20:24:57.0531 3888 Wanarpv6 - ok
20:24:57.0656 3888 WAS (a5ea12d6020709b1e7db7d5f00c46a86) C:\Windows\system32\inetsrv\iisw3adm.dll
20:24:57.0672 3888 WAS - ok
20:24:57.0937 3888 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
20:24:58.0015 3888 WatAdminSvc - ok
20:24:58.0592 3888 wbengine (7790b77fe1e5ee47dcc66247095bb4c9) C:\Windows\system32\wbengine.exe
20:24:58.0717 3888 wbengine - ok
20:24:58.0732 3888 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
20:24:58.0748 3888 WbioSrvc - ok
20:24:58.0826 3888 wcncsvc (6d9b75275c3e3a5f51aef81affadb2b6) C:\Windows\System32\wcncsvc.dll
20:24:58.0857 3888 wcncsvc - ok
20:24:58.0904 3888 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
20:24:58.0966 3888 WcsPlugInService - ok
20:24:59.0044 3888 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
20:24:59.0060 3888 Wd - ok
20:24:59.0091 3888 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
20:24:59.0122 3888 Wdf01000 - ok
20:24:59.0138 3888 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
20:24:59.0154 3888 WdiServiceHost - ok
20:24:59.0169 3888 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
20:24:59.0185 3888 WdiSystemHost - ok
20:24:59.0294 3888 WebClient (bb5ec38f8d4600119b4720bc5d4211f1) C:\Windows\System32\webclnt.dll
20:24:59.0341 3888 WebClient - ok
20:24:59.0372 3888 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
20:24:59.0403 3888 Wecsvc - ok
20:24:59.0419 3888 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
20:24:59.0450 3888 wercplsupport - ok
20:24:59.0481 3888 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
20:24:59.0512 3888 WerSvc - ok
20:24:59.0544 3888 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
20:24:59.0575 3888 WfpLwf - ok
20:24:59.0606 3888 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
20:24:59.0622 3888 WIMMount - ok
20:24:59.0715 3888 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
20:24:59.0731 3888 WinDefend - ok
20:24:59.0746 3888 WinHttpAutoProxySvc - ok
20:24:59.0824 3888 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
20:24:59.0856 3888 Winmgmt - ok
20:24:59.0934 3888 WinRM (c4f5d3901d1b41d602ddc196e0b95b51) C:\Windows\system32\WsmSvc.dll
20:24:59.0996 3888 WinRM - ok
20:25:00.0058 3888 WinUsb (b5ba3cc19d00f2eba92f1cfbebb5d650) C:\Windows\system32\DRIVERS\WinUsb.sys
20:25:00.0074 3888 WinUsb - ok
20:25:00.0136 3888 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
20:25:00.0183 3888 Wlansvc - ok
20:25:00.0261 3888 wltrysvc (7fff34ae69dfb80f7b190aba31e00610) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
20:25:00.0277 3888 wltrysvc ( UnsignedFile.Multi.Generic ) - warning
20:25:00.0277 3888 wltrysvc - detected UnsignedFile.Multi.Generic (1)
20:25:00.0308 3888 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
20:25:00.0324 3888 WmiAcpi - ok
20:25:00.0386 3888 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
20:25:00.0402 3888 wmiApSrv - ok
20:25:00.0495 3888 WMPNetworkSvc (77fbd400984cf72ba0fc4b3489d65f74) C:\Program Files\Windows Media Player\wmpnetwk.exe
20:25:00.0542 3888 WMPNetworkSvc - ok
20:25:00.0682 3888 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
20:25:00.0729 3888 WPCSvc - ok
20:25:00.0745 3888 WPDBusEnum (b7f658a2ebc07129538ad9ab35212637) C:\Windows\system32\wpdbusenum.dll
20:25:00.0745 3888 WPDBusEnum - ok
20:25:00.0854 3888 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
20:25:00.0901 3888 ws2ifsl - ok
20:25:00.0932 3888 wscsvc (a661a76333057b383a06e65f0073222f) C:\Windows\System32\wscsvc.dll
20:25:00.0948 3888 wscsvc - ok
20:25:01.0010 3888 WSDPrintDevice (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys
20:25:01.0026 3888 WSDPrintDevice - ok
20:25:01.0057 3888 WSDScan (7dc0270cfd4a05b4112e3ebbf083b595) C:\Windows\system32\DRIVERS\WSDScan.sys
20:25:01.0088 3888 WSDScan - ok
20:25:01.0104 3888 WSearch - ok
20:25:01.0213 3888 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
20:25:01.0260 3888 wuauserv - ok
20:25:02.0086 3888 WudfPf (a52494b107afc92ddca21f0b64f83376) C:\Windows\system32\drivers\WudfPf.sys
20:25:02.0133 3888 WudfPf - ok
20:25:02.0476 3888 WUDFRd (90a541c607da0025ae75f0f3673945fe) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:25:02.0508 3888 WUDFRd - ok
20:25:02.0648 3888 wudfsvc (f1fcb56102a8373ed86b6ff08fb17d67) C:\Windows\System32\WUDFSvc.dll
20:25:02.0726 3888 wudfsvc - ok
20:25:03.0022 3888 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
20:25:03.0085 3888 WwanSvc - ok
20:25:03.0241 3888 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
20:25:05.0050 3888 \Device\Harddisk0\DR0 - ok
20:25:05.0128 3888 Boot (0x1200) (e6f3f13999f4be88efba1d93b874507b) \Device\Harddisk0\DR0\Partition0
20:25:05.0128 3888 \Device\Harddisk0\DR0\Partition0 - ok
20:25:05.0160 3888 Boot (0x1200) (007dced352129e778a49d2aad7ee9167) \Device\Harddisk0\DR0\Partition1
20:25:05.0160 3888 \Device\Harddisk0\DR0\Partition1 - ok
20:25:05.0160 3888 Boot (0x1200) (fe239bcf2fb282cc1ec90bb216ec87f2) \Device\Harddisk0\DR0\Partition2
20:25:05.0160 3888 \Device\Harddisk0\DR0\Partition2 - ok
20:25:05.0191 3888 Boot (0x1200) (56fd26809b43cfedecce0a5a43006905) \Device\Harddisk0\DR0\Partition3
20:25:05.0222 3888 \Device\Harddisk0\DR0\Partition3 - ok
20:25:05.0222 3888 ============================================================
20:25:05.0222 3888 Scan finished
20:25:05.0222 3888 ============================================================
20:25:05.0222 3552 Detected object count: 22
20:25:05.0222 3552 Actual detected object count: 22
20:25:33.0053 3552 ASPI ( UnsignedFile.Multi.Generic ) - skipped by user
20:25:33.0053 3552 ASPI ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:25:33.0053 3552 ASPI32 ( UnsignedFile.Multi.Generic ) - skipped by user
20:25:33.0053 3552 ASPI32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:25:33.0053 3552 AVM IGD CTRL Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:25:33.0053 3552 AVM IGD CTRL Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:25:33.0053 3552 BMLoad ( UnsignedFile.Multi.Generic ) - skipped by user
20:25:33.0053 3552 BMLoad ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:25:33.0053 3552 CP_OMDRV ( UnsignedFile.Multi.Generic ) - skipped by user
20:25:33.0053 3552 CP_OMDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:25:33.0053 3552 de_serv ( UnsignedFile.Multi.Generic ) - skipped by user
20:25:33.0053 3552 de_serv ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:25:33.0053 3552 epmntdrv ( UnsignedFile.Multi.Generic ) - skipped by user
20:25:33.0053 3552 epmntdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:25:33.0053 3552 EuGdiDrv ( UnsignedFile.Multi.Generic ) - skipped by user
20:25:33.0053 3552 EuGdiDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:25:33.0053 3552 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
20:25:33.0053 3552 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:25:33.0053 3552 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
20:25:33.0053 3552 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:25:33.0053 3552 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
20:25:33.0053 3552 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:25:33.0068 3552 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
20:25:33.0068 3552 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:25:33.0068 3552 InstallFilterService ( UnsignedFile.Multi.Generic ) - skipped by user
20:25:33.0068 3552 InstallFilterService ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:25:33.0068 3552 MCSWASVR ( UnsignedFile.Multi.Generic ) - skipped by user
20:25:33.0068 3552 MCSWASVR ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:25:33.0068 3552 MDM ( UnsignedFile.Multi.Generic ) - skipped by user
20:25:33.0068 3552 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:25:33.0068 3552 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
20:25:33.0068 3552 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:25:33.0068 3552 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:25:33.0068 3552 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:25:33.0068 3552 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
20:25:33.0068 3552 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:25:33.0068 3552 pnetmdm ( UnsignedFile.Multi.Generic ) - skipped by user
20:25:33.0068 3552 pnetmdm ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:25:33.0068 3552 SearchAnonymizer ( UnsignedFile.Multi.Generic ) - skipped by user
20:25:33.0068 3552 SearchAnonymizer ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:25:33.0068 3552 tcpipBM ( UnsignedFile.Multi.Generic ) - skipped by user
20:25:33.0068 3552 tcpipBM ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:25:33.0068 3552 wltrysvc ( UnsignedFile.Multi.Generic ) - skipped by user
20:25:33.0068 3552 wltrysvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

Danke und bis denn:daumenhoc
:pfui:

cosinus 09.08.2012 15:25
Bitte die Logs in CODE-Tags posten!!

mobspot 09.08.2012 16:26
Sorry:sleepy:

Code:
20:23:35.0521 0540        TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
20:23:35.0537 0540        ============================================================
20:23:35.0537 0540        Current date / time: 2012/08/08 20:23:35.0537
20:23:35.0537 0540        SystemInfo:
20:23:35.0537 0540       
20:23:35.0537 0540        OS Version: 6.1.7600 ServicePack: 0.0
20:23:35.0537 0540        Product type: Workstation
20:23:35.0537 0540        ComputerName: BSLAP-PC
20:23:35.0537 0540        UserName: bslap
20:23:35.0537 0540        Windows directory: C:\Windows
20:23:35.0537 0540        System windows directory: C:\Windows
20:23:35.0537 0540        Processor architecture: Intel x86
20:23:35.0537 0540        Number of processors: 4
20:23:35.0537 0540        Page size: 0x1000
20:23:35.0537 0540        Boot type: Normal boot
20:23:35.0537 0540        ============================================================
20:23:38.0267 0540        Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:23:38.0282 0540        ============================================================
20:23:38.0282 0540        \Device\Harddisk0\DR0:
20:23:38.0298 0540        MBR partitions:
20:23:38.0298 0540        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x12A3000
20:23:38.0298 0540        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x12B7000, BlocksNum 0xDD19EE5
20:23:38.0313 0540        \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xEFD0F24, BlocksNum 0xA8A6AC1
20:23:38.0345 0540        \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x19877A24, BlocksNum 0xBBB5C9D
20:23:38.0345 0540        ============================================================
20:23:38.0454 0540        Q: <-> \Device\Harddisk0\DR0\Partition3
20:23:38.0533 0540        C: <-> \Device\Harddisk0\DR0\Partition1
20:23:38.0626 0540        P: <-> \Device\Harddisk0\DR0\Partition2
20:23:38.0626 0540        ============================================================
20:23:38.0626 0540        Initialize success
20:23:38.0626 0540        ============================================================
20:24:18.0484 3888        ============================================================
20:24:18.0484 3888        Scan started
20:24:18.0484 3888        Mode: Manual; SigCheck; TDLFS;
20:24:18.0484 3888        ============================================================
20:24:19.0186 3888        1394ohci        (bf02f806c873abb04b197161e8e5a316) C:\Windows\system32\DRIVERS\1394ohci.sys
20:24:19.0264 3888        1394ohci - ok
20:24:19.0296 3888        Acceler        (3c189400c996a4301c3f1bd93c9c1a17) C:\Windows\system32\DRIVERS\Acceler.sys
20:24:19.0311 3888        Acceler - ok
20:24:19.0342 3888        ACPI            (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
20:24:19.0358 3888        ACPI - ok
20:24:19.0374 3888        AcpiPmi        (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
20:24:19.0436 3888        AcpiPmi - ok
20:24:19.0498 3888        adp94xx        (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
20:24:19.0514 3888        adp94xx - ok
20:24:19.0530 3888        adpahci        (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
20:24:19.0561 3888        adpahci - ok
20:24:19.0576 3888        adpu320        (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
20:24:19.0576 3888        adpu320 - ok
20:24:19.0623 3888        AeLookupSvc    (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
20:24:19.0654 3888        AeLookupSvc - ok
20:24:19.0748 3888        AESTFilters    (827dbc22c96eecf6d36a13162fabafd3) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\aestsrv.exe
20:24:19.0795 3888        AESTFilters - ok
20:24:19.0888 3888        AFD            (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
20:24:19.0935 3888        AFD - ok
20:24:19.0966 3888        agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
20:24:19.0982 3888        agp440 - ok
20:24:20.0029 3888        aic78xx        (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
20:24:20.0044 3888        aic78xx - ok
20:24:20.0076 3888        ALG            (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
20:24:20.0107 3888        ALG - ok
20:24:20.0138 3888        aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
20:24:20.0154 3888        aliide - ok
20:24:20.0154 3888        amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
20:24:20.0169 3888        amdagp - ok
20:24:20.0169 3888        amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
20:24:20.0185 3888        amdide - ok
20:24:20.0200 3888        AmdK8          (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
20:24:20.0232 3888        AmdK8 - ok
20:24:20.0247 3888        AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
20:24:20.0263 3888        AmdPPM - ok
20:24:20.0310 3888        amdsata        (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
20:24:20.0325 3888        amdsata - ok
20:24:20.0356 3888        amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
20:24:20.0372 3888        amdsbs - ok
20:24:20.0403 3888        amdxata        (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
20:24:20.0403 3888        amdxata - ok
20:24:20.0559 3888        AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe
20:24:20.0575 3888        AntiVirSchedulerService - ok
20:24:20.0622 3888        AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
20:24:20.0637 3888        AntiVirService - ok
20:24:20.0715 3888        AppHostSvc      (ba494509ccd115197450f3ce5b76d7cc) C:\Windows\system32\inetsrv\apphostsvc.dll
20:24:20.0762 3888        AppHostSvc - ok
20:24:20.0778 3888        AppID          (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
20:24:20.0840 3888        AppID - ok
20:24:20.0887 3888        AppIDSvc        (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
20:24:20.0996 3888        AppIDSvc - ok
20:24:21.0012 3888        Appinfo        (7dead9e3f65dcb2794f2711003bbf650) C:\Windows\System32\appinfo.dll
20:24:21.0043 3888        Appinfo - ok
20:24:21.0199 3888        Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:24:21.0214 3888        Apple Mobile Device - ok
20:24:21.0246 3888        AppMgmt        (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
20:24:21.0261 3888        AppMgmt - ok
20:24:21.0292 3888        arc            (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
20:24:21.0308 3888        arc - ok
20:24:21.0324 3888        arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
20:24:21.0339 3888        arcsas - ok
20:24:21.0433 3888        ASPI            (e54e27976e2c5a6465d44c10b1d87ac0) C:\Windows\System32\DRIVERS\ASPI32.sys
20:24:21.0448 3888        ASPI ( UnsignedFile.Multi.Generic ) - warning
20:24:21.0448 3888        ASPI - detected UnsignedFile.Multi.Generic (1)
20:24:21.0464 3888        ASPI32          (e54e27976e2c5a6465d44c10b1d87ac0) C:\Windows\system32\drivers\ASPI32.sys
20:24:21.0464 3888        ASPI32 ( UnsignedFile.Multi.Generic ) - warning
20:24:21.0464 3888        ASPI32 - detected UnsignedFile.Multi.Generic (1)
20:24:21.0558 3888        aspnet_state    (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
20:24:21.0636 3888        aspnet_state - ok
20:24:21.0667 3888        AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
20:24:21.0714 3888        AsyncMac - ok
20:24:21.0760 3888        atapi          (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
20:24:21.0776 3888        atapi - ok
20:24:21.0823 3888        AudioEndpointBuilder (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
20:24:21.0885 3888        AudioEndpointBuilder - ok
20:24:21.0885 3888        Audiosrv        (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
20:24:21.0932 3888        Audiosrv - ok
20:24:22.0010 3888        avgntflt        (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
20:24:22.0026 3888        avgntflt - ok
20:24:22.0088 3888        avipbb          (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
20:24:22.0104 3888        avipbb - ok
20:24:22.0135 3888        avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
20:24:22.0150 3888        avkmgr - ok
20:24:22.0244 3888        AVM IGD CTRL Service (6345d23c4e69e35f3d70169153b5d048) C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
20:24:22.0275 3888        AVM IGD CTRL Service ( UnsignedFile.Multi.Generic ) - warning
20:24:22.0275 3888        AVM IGD CTRL Service - detected UnsignedFile.Multi.Generic (1)
20:24:22.0322 3888        AxInstSV        (dd6a431b43e34b91a767d1ce33728175) C:\Windows\System32\AxInstSV.dll
20:24:22.0369 3888        AxInstSV - ok
20:24:22.0416 3888        b06bdrv        (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
20:24:22.0462 3888        b06bdrv - ok
20:24:22.0494 3888        b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
20:24:22.0525 3888        b57nd60x - ok
20:24:22.0618 3888        BBSvc          (2ed050291bc1d7f9e322e328db3aaecf) C:\Program Files\Microsoft\BingBar\BBSvc.EXE
20:24:22.0634 3888        BBSvc - ok
20:24:22.0665 3888        BBUpdate        (785de7abda13309d6065305542829e76) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
20:24:22.0681 3888        BBUpdate - ok
20:24:22.0712 3888        BCM42RLY        (94f2dc372163d520d7b1dad78ae40b5e) C:\Windows\system32\drivers\BCM42RLY.sys
20:24:22.0728 3888        BCM42RLY - ok
20:24:22.0868 3888        BCM43XX        (f689c5965cefad780a2948546703bd5d) C:\Windows\system32\DRIVERS\bcmwl6.sys
20:24:22.0915 3888        BCM43XX - ok
20:24:23.0055 3888        BDESVC          (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
20:24:23.0071 3888        BDESVC - ok
20:24:23.0118 3888        Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
20:24:23.0164 3888        Beep - ok
20:24:23.0211 3888        BFE            (85ac71c045ceb054ed48a7841aae0c11) C:\Windows\System32\bfe.dll
20:24:23.0274 3888        BFE - ok
20:24:23.0320 3888        BITS            (53f476476f55a27f580661bde09c4ec4) C:\Windows\System32\qmgr.dll
20:24:23.0383 3888        BITS - ok
20:24:23.0414 3888        blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
20:24:23.0430 3888        blbdrive - ok
20:24:23.0508 3888        BMLoad          (d002033c1a37f6af51b5f0ba6d0211bc) C:\Windows\system32\drivers\BMLoad.sys
20:24:23.0508 3888        BMLoad ( UnsignedFile.Multi.Generic ) - warning
20:24:23.0508 3888        BMLoad - detected UnsignedFile.Multi.Generic (1)
20:24:23.0648 3888        Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
20:24:23.0664 3888        Bonjour Service - ok
20:24:23.0710 3888        bowser          (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
20:24:23.0742 3888        bowser - ok
20:24:23.0757 3888        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:24:23.0804 3888        BrFiltLo - ok
20:24:23.0820 3888        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:24:23.0851 3888        BrFiltUp - ok
20:24:23.0898 3888        Browser        (598e1280e7ff3744f4b8329366cc5635) C:\Windows\System32\browser.dll
20:24:23.0929 3888        Browser - ok
20:24:23.0976 3888        BrSerIb        (08c7e41ff10f56e83b4f10b5e8b1e8b6) C:\Windows\system32\DRIVERS\BrSerIb.sys
20:24:24.0022 3888        BrSerIb - ok
20:24:24.0038 3888        Brserid        (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
20:24:24.0085 3888        Brserid - ok
20:24:24.0100 3888        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
20:24:24.0132 3888        BrSerWdm - ok
20:24:24.0147 3888        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:24:24.0178 3888        BrUsbMdm - ok
20:24:24.0210 3888        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
20:24:24.0241 3888        BrUsbSer - ok
20:24:24.0256 3888        BrUsbSIb        (2132a117160f2a96a13c044ae9bced91) C:\Windows\system32\DRIVERS\BrUsbSIb.sys
20:24:24.0272 3888        BrUsbSIb - ok
20:24:24.0303 3888        BthEnum        (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
20:24:24.0350 3888        BthEnum - ok
20:24:24.0366 3888        BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
20:24:24.0397 3888        BTHMODEM - ok
20:24:24.0412 3888        BthPan          (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
20:24:24.0444 3888        BthPan - ok
20:24:24.0475 3888        BTHPORT        (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys
20:24:24.0506 3888        BTHPORT - ok
20:24:24.0537 3888        bthserv        (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
20:24:24.0568 3888        bthserv - ok
20:24:24.0568 3888        BTHUSB          (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys
20:24:24.0600 3888        BTHUSB - ok
20:24:24.0631 3888        btwaudio        (7e826be3b3558208d5c9b00034e51be5) C:\Windows\system32\drivers\btwaudio.sys
20:24:24.0646 3888        btwaudio - ok
20:24:24.0662 3888        btwavdt        (af9148c3e844131ac954cb53ff43d971) C:\Windows\system32\DRIVERS\btwavdt.sys
20:24:24.0662 3888        btwavdt - ok
20:24:24.0787 3888        btwdins        (45f36763576b8ae91e809337dc7ce4e6) c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
20:24:24.0802 3888        btwdins - ok
20:24:24.0818 3888        btwl2cap        (aafd7cb76ba61fbb08e302da208c974a) C:\Windows\system32\DRIVERS\btwl2cap.sys
20:24:24.0818 3888        btwl2cap - ok
20:24:24.0834 3888        btwrchid        (480b3d195854b2e55299cddddc50bcf9) C:\Windows\system32\DRIVERS\btwrchid.sys
20:24:24.0849 3888        btwrchid - ok
20:24:24.0912 3888        cbfs3          (afab1d4cab04218cbab0ae69625d0d65) C:\Windows\system32\drivers\cbfs3.sys
20:24:24.0927 3888        cbfs3 - ok
20:24:24.0974 3888        cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
20:24:25.0021 3888        cdfs - ok
20:24:25.0052 3888        cdrom          (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
20:24:25.0068 3888        cdrom - ok
20:24:25.0114 3888        CertPropSvc    (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
20:24:25.0146 3888        CertPropSvc - ok
20:24:25.0177 3888        circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
20:24:25.0192 3888        circlass - ok
20:24:25.0224 3888        CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
20:24:25.0239 3888        CLFS - ok
20:24:25.0317 3888        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:24:25.0317 3888        clr_optimization_v2.0.50727_32 - ok
20:24:25.0395 3888        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:24:25.0473 3888        clr_optimization_v4.0.30319_32 - ok
20:24:25.0520 3888        CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
20:24:25.0536 3888        CmBatt - ok
20:24:25.0536 3888        cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
20:24:25.0551 3888        cmdide - ok
20:24:25.0598 3888        CNG            (db5e008b3744dd60c8498cbbf2a1cfa6) C:\Windows\system32\Drivers\cng.sys
20:24:25.0645 3888        CNG - ok
20:24:25.0660 3888        Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
20:24:25.0660 3888        Compbatt - ok
20:24:25.0707 3888        CompositeBus    (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
20:24:25.0723 3888        CompositeBus - ok
20:24:25.0738 3888        COMSysApp - ok
20:24:25.0785 3888        CP_OMDRV        (a690ebaffffb0d46e2a39f105b61e92f) C:\Windows\system32\drivers\omdrv.sys
20:24:25.0801 3888        CP_OMDRV ( UnsignedFile.Multi.Generic ) - warning
20:24:25.0801 3888        CP_OMDRV - detected UnsignedFile.Multi.Generic (1)
20:24:25.0832 3888        crcdisk        (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
20:24:25.0848 3888        crcdisk - ok
20:24:25.0894 3888        CryptSvc        (520a108a2657f4bca7fced9ca7d885de) C:\Windows\system32\cryptsvc.dll
20:24:25.0926 3888        CryptSvc - ok
20:24:25.0972 3888        CSC            (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
20:24:26.0019 3888        CSC - ok
20:24:26.0050 3888        CscService      (56fb5f222ea30d3d3fc459879772cb73) C:\Windows\System32\cscsvc.dll
20:24:26.0082 3888        CscService - ok
20:24:26.0113 3888        CtAudDrv        (0f538df1673e5216f3baacb6911d9d0f) C:\Windows\system32\Drivers\CtAudDrv.sys
20:24:26.0160 3888        CtAudDrv - ok
20:24:26.0191 3888        CtClsFlt        (9a6ca307151505730dbfc91d97f01c7e) C:\Windows\system32\DRIVERS\CtClsFlt.sys
20:24:26.0206 3888        CtClsFlt - ok
20:24:26.0269 3888        DcomLaunch      (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
20:24:26.0316 3888        DcomLaunch - ok
20:24:26.0347 3888        defragsvc      (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
20:24:26.0394 3888        defragsvc - ok
20:24:26.0503 3888        de_serv        (3946a70bd9d2c758bbea429c7d0f7ca0) C:\Program Files\Common Files\AVM\de_serv.exe
20:24:26.0534 3888        de_serv ( UnsignedFile.Multi.Generic ) - warning
20:24:26.0534 3888        de_serv - detected UnsignedFile.Multi.Generic (1)
20:24:26.0581 3888        DfsC            (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
20:24:26.0628 3888        DfsC - ok
20:24:26.0674 3888        Dhcp            (c56495fbd770712367cad35e5de72da6) C:\Windows\system32\dhcpcore.dll
20:24:26.0706 3888        Dhcp - ok
20:24:26.0737 3888        discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
20:24:26.0784 3888        discache - ok
20:24:26.0815 3888        Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
20:24:26.0830 3888        Disk - ok
20:24:26.0862 3888        Dnscache        (b15be77a2bacf9c3177d27518afe26a9) C:\Windows\System32\dnsrslvr.dll
20:24:26.0893 3888        Dnscache - ok
20:24:26.0908 3888        dot3svc        (4408c85c21eea48eb0ce486baeef0502) C:\Windows\System32\dot3svc.dll
20:24:26.0955 3888        dot3svc - ok
20:24:27.0049 3888        Dot4            (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
20:24:27.0064 3888        Dot4 - ok
20:24:27.0096 3888        Dot4Print      (c25fea07a8e7767e8b89ab96a3b96519) C:\Windows\system32\DRIVERS\Dot4Prt.sys
20:24:27.0127 3888        Dot4Print - ok
20:24:27.0142 3888        dot4usb        (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
20:24:27.0174 3888        dot4usb - ok
20:24:27.0205 3888        DPS            (7fa81c6e11caa594adb52084da73a1e5) C:\Windows\system32\dps.dll
20:24:27.0252 3888        DPS - ok
20:24:27.0298 3888        drmkaud        (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
20:24:27.0330 3888        drmkaud - ok
20:24:27.0376 3888        DXGKrnl        (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
20:24:27.0408 3888        DXGKrnl - ok
20:24:27.0439 3888        EapHost        (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
20:24:27.0470 3888        EapHost - ok
20:24:27.0642 3888        ebdrv          (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
20:24:27.0704 3888        ebdrv - ok
20:24:27.0813 3888        EFS            (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\System32\lsass.exe
20:24:27.0860 3888        EFS - ok
20:24:27.0954 3888        ehRecvr        (1697c39978cd69f6fbc15302edcece1f) C:\Windows\ehome\ehRecvr.exe
20:24:28.0000 3888        ehRecvr - ok
20:24:28.0032 3888        ehSched        (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
20:24:28.0078 3888        ehSched - ok
20:24:28.0156 3888        elxstor        (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
20:24:28.0172 3888        elxstor - ok
20:24:28.0203 3888        epmntdrv        (539ca34fbc74ec366a0d751028c32a08) C:\Windows\system32\epmntdrv.sys
20:24:28.0234 3888        epmntdrv ( UnsignedFile.Multi.Generic ) - warning
20:24:28.0234 3888        epmntdrv - detected UnsignedFile.Multi.Generic (1)
20:24:28.0250 3888        ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
20:24:28.0281 3888        ErrDev - ok
20:24:28.0312 3888        EuGdiDrv        (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\Windows\system32\EuGdiDrv.sys
20:24:28.0328 3888        EuGdiDrv ( UnsignedFile.Multi.Generic ) - warning
20:24:28.0328 3888        EuGdiDrv - detected UnsignedFile.Multi.Generic (1)
20:24:28.0375 3888        EventSystem    (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
20:24:28.0406 3888        EventSystem - ok
20:24:28.0453 3888        exfat          (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
20:24:28.0484 3888        exfat - ok
20:24:28.0500 3888        fastfat        (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
20:24:28.0531 3888        fastfat - ok
20:24:28.0578 3888        Fax            (f7ea23cc5e6bf2181f3f399d54f6efc1) C:\Windows\system32\fxssvc.exe
20:24:28.0624 3888        Fax - ok
20:24:28.0640 3888        fdc            (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
20:24:28.0671 3888        fdc - ok
20:24:28.0687 3888        fdPHost        (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
20:24:28.0734 3888        fdPHost - ok
20:24:28.0749 3888        FDResPub        (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
20:24:28.0780 3888        FDResPub - ok
20:24:28.0780 3888        FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
20:24:28.0796 3888        FileInfo - ok
20:24:28.0812 3888        Filetrace      (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
20:24:28.0843 3888        Filetrace - ok
20:24:28.0843 3888        flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
20:24:28.0874 3888        flpydisk - ok
20:24:28.0921 3888        FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
20:24:28.0936 3888        FltMgr - ok
20:24:28.0999 3888        FontCache      (151258fc2ec8c48bdf8a53350ae0a676) C:\Windows\system32\FntCache.dll
20:24:29.0046 3888        FontCache - ok
20:24:29.0139 3888        FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:24:29.0139 3888        FontCache3.0.0.0 - ok
20:24:29.0170 3888        FsDepends      (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
20:24:29.0170 3888        FsDepends - ok
20:24:29.0202 3888        Fs_Rec          (500a9814fd9446a8126858a5a7f7d273) C:\Windows\system32\drivers\Fs_Rec.sys
20:24:29.0217 3888        Fs_Rec - ok
20:24:29.0233 3888        fvevol          (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
20:24:29.0264 3888        fvevol - ok
20:24:29.0404 3888        FW1            (6c55e8e5ee49c504da31df7652a70375) C:\Windows\system32\DRIVERS\fw.sys
20:24:29.0451 3888        FW1 - ok
20:24:29.0560 3888        gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:24:29.0576 3888        gagp30kx - ok
20:24:29.0623 3888        GEARAspiWDM    (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:24:29.0638 3888        GEARAspiWDM - ok
20:24:29.0685 3888        gpsvc          (8ba3c04702bf8f927ab36ae8313ca4ee) C:\Windows\System32\gpsvc.dll
20:24:29.0732 3888        gpsvc - ok
20:24:29.0857 3888        gupdate        (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
20:24:29.0857 3888        gupdate - ok
20:24:29.0872 3888        gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
20:24:29.0888 3888        gupdatem - ok
20:24:29.0919 3888        hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
20:24:29.0950 3888        hcw85cir - ok
20:24:29.0982 3888        HDAudBus        (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:24:29.0997 3888        HDAudBus - ok
20:24:30.0028 3888        HECI            (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\Windows\system32\DRIVERS\HECI.sys
20:24:30.0106 3888        HECI - ok
20:24:30.0106 3888        HidBatt        (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
20:24:30.0138 3888        HidBatt - ok
20:24:30.0169 3888        HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
20:24:30.0200 3888        HidBth - ok
20:24:30.0216 3888        HidIr          (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
20:24:30.0247 3888        HidIr - ok
20:24:30.0294 3888        hidserv        (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
20:24:30.0325 3888        hidserv - ok
20:24:30.0372 3888        HidUsb          (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
20:24:30.0387 3888        HidUsb - ok
20:24:30.0403 3888        hkmsvc          (741c2a45ca8407e374aaba3e330b7872) C:\Windows\system32\kmsvc.dll
20:24:30.0434 3888        hkmsvc - ok
20:24:30.0465 3888        HomeGroupListener (a768ca158bb06782a2835b907f4873c3) C:\Windows\system32\ListSvc.dll
20:24:30.0496 3888        HomeGroupListener - ok
20:24:30.0528 3888        HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) C:\Windows\system32\provsvc.dll
20:24:30.0559 3888        HomeGroupProvider - ok
20:24:30.0684 3888        hpqcxs08        (08457d8f8149757c70cea59c71ec5d27) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
20:24:30.0699 3888        hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
20:24:30.0699 3888        hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
20:24:30.0730 3888        hpqddsvc        (75cc8c5146a3fb76221a7606628778d5) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
20:24:30.0730 3888        hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
20:24:30.0730 3888        hpqddsvc - detected UnsignedFile.Multi.Generic (1)
20:24:30.0980 3888        HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
20:24:30.0996 3888        HpSAMD - ok
20:24:32.0322 3888        HPSLPSVC        (83db5dd8be71cba5447fbd7a48fdbeda) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
20:24:32.0400 3888        HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
20:24:32.0400 3888        HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
20:24:32.0509 3888        HTTP            (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
20:24:32.0571 3888        HTTP - ok
20:24:32.0712 3888        hwdatacard      (988c0a49f09d75d3341cb419141793c1) C:\Windows\system32\DRIVERS\ewusbmdm.sys
20:24:32.0727 3888        hwdatacard - ok
20:24:32.0743 3888        hwpolicy        (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
20:24:32.0758 3888        hwpolicy - ok
20:24:32.0821 3888        hwusbdev        (a259d3619aa23d4562581067f85e2006) C:\Windows\system32\DRIVERS\ewusbdev.sys
20:24:32.0868 3888        hwusbdev - ok
20:24:32.0977 3888        i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
20:24:33.0024 3888        i8042prt - ok
20:24:33.0086 3888        iaStor          (26541a068572f650a2fa490726fe81be) C:\Windows\system32\DRIVERS\iaStor.sys
20:24:33.0102 3888        iaStor - ok
20:24:33.0180 3888        iaStorV        (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
20:24:33.0195 3888        iaStorV - ok
20:24:33.0304 3888        IDriverT        (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
20:24:33.0336 3888        IDriverT ( UnsignedFile.Multi.Generic ) - warning
20:24:33.0336 3888        IDriverT - detected UnsignedFile.Multi.Generic (1)
20:24:33.0476 3888        idsvc          (5af815eb5bc9802e5a064e2ba62bfc0c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:24:33.0492 3888        idsvc - ok
20:24:34.0038 3888        igfx            (59fa038451070172e47d0cd347f32bc4) C:\Windows\system32\DRIVERS\igdkmd32.sys
20:24:34.0272 3888        igfx - ok
20:24:34.0412 3888        iirsp          (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
20:24:34.0428 3888        iirsp - ok
20:24:34.0474 3888        IKEEXT          (fac0ee6562b121b1399d6e855583f7a5) C:\Windows\System32\ikeext.dll
20:24:34.0521 3888        IKEEXT - ok
20:24:34.0599 3888        Impcd          (2db41ba61d5e44d0667cf126d35dcf34) C:\Windows\system32\DRIVERS\Impcd.sys
20:24:34.0615 3888        Impcd - ok
20:24:34.0755 3888        InstallFilterService (36944f997af08dd85985acbd17e8eda5) C:\Program Files\STMicroelectronics\Accelerometer\InstallFilterService.exe
20:24:34.0771 3888        InstallFilterService ( UnsignedFile.Multi.Generic ) - warning
20:24:34.0771 3888        InstallFilterService - detected UnsignedFile.Multi.Generic (1)
20:24:34.0864 3888        IntcDAud        (bf31740828a26ab451803e3b35432651) C:\Windows\system32\DRIVERS\IntcDAud.sys
20:24:34.0927 3888        IntcDAud - ok
20:24:34.0974 3888        intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
20:24:34.0989 3888        intelide - ok
20:24:35.0052 3888        intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
20:24:35.0098 3888        intelppm - ok
20:24:35.0145 3888        IPBusEnum      (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
20:24:35.0208 3888        IPBusEnum - ok
20:24:35.0239 3888        IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:24:35.0270 3888        IpFilterDriver - ok
20:24:35.0317 3888        iphlpsvc        (477397b432a256a50ee7e4339eb9ea14) C:\Windows\System32\iphlpsvc.dll
20:24:35.0364 3888        iphlpsvc - ok
20:24:35.0379 3888        IPMIDRV        (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
20:24:35.0395 3888        IPMIDRV - ok
20:24:35.0426 3888        IPNAT          (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
20:24:35.0473 3888        IPNAT - ok
20:24:35.0629 3888        iPod Service    (e6be7a41a28d8f2db174957454d32448) C:\Program Files\iPod\bin\iPodService.exe
20:24:35.0644 3888        iPod Service - ok
20:24:35.0676 3888        IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
20:24:35.0691 3888        IRENUM - ok
20:24:35.0691 3888        isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
20:24:35.0707 3888        isapnp - ok
20:24:35.0722 3888        iScsiPrt        (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
20:24:35.0738 3888        iScsiPrt - ok
20:24:35.0785 3888        kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
20:24:35.0800 3888        kbdclass - ok
20:24:35.0816 3888        kbdhid          (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
20:24:35.0847 3888        kbdhid - ok
20:24:35.0878 3888        KeyIso          (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
20:24:35.0894 3888        KeyIso - ok
20:24:35.0925 3888        KSecDD          (52fc17c8589f11747d01d3cf592673d0) C:\Windows\system32\Drivers\ksecdd.sys
20:24:35.0941 3888        KSecDD - ok
20:24:35.0956 3888        KSecPkg        (3e5474b03568cfab834da3c38e8c9efa) C:\Windows\system32\Drivers\ksecpkg.sys
20:24:35.0972 3888        KSecPkg - ok
20:24:36.0003 3888        KtmRm          (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
20:24:36.0050 3888        KtmRm - ok
20:24:36.0081 3888        LanmanServer    (8f6bf790d3168224c16f2af68a84438c) C:\Windows\system32\srvsvc.dll
20:24:36.0112 3888        LanmanServer - ok
20:24:36.0144 3888        LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) C:\Windows\System32\wkssvc.dll
20:24:36.0175 3888        LanmanWorkstation - ok
20:24:36.0222 3888        lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
20:24:36.0268 3888        lltdio - ok
20:24:36.0300 3888        lltdsvc        (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
20:24:36.0331 3888        lltdsvc - ok
20:24:36.0346 3888        lmhosts        (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
20:24:36.0393 3888        lmhosts - ok
20:24:36.0518 3888        LMS            (5460828f8951d310b42b442877603b8d) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
20:24:36.0534 3888        LMS - ok
20:24:36.0565 3888        LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:24:36.0596 3888        LSI_FC - ok
20:24:36.0643 3888        LSI_SAS        (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:24:36.0658 3888        LSI_SAS - ok
20:24:36.0674 3888        LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:24:36.0690 3888        LSI_SAS2 - ok
20:24:36.0705 3888        LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:24:36.0721 3888        LSI_SCSI - ok
20:24:36.0736 3888        luafv          (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
20:24:36.0768 3888        luafv - ok
20:24:36.0846 3888        MCSWASVR        (92063c0ac741ad5da57ce564e5913bf5) C:\Program Files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe
20:24:36.0861 3888        MCSWASVR ( UnsignedFile.Multi.Generic ) - warning
20:24:36.0861 3888        MCSWASVR - detected UnsignedFile.Multi.Generic (1)
20:24:36.0877 3888        Mcx2Svc        (e2b0887816ed336685954e3d8fdaa51d) C:\Windows\system32\Mcx2Svc.dll
20:24:36.0892 3888        Mcx2Svc - ok
20:24:37.0017 3888        MDM            (7cf1b716372b89568ae4c0fe769f5869) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
20:24:37.0033 3888        MDM ( UnsignedFile.Multi.Generic ) - warning
20:24:37.0033 3888        MDM - detected UnsignedFile.Multi.Generic (1)
20:24:37.0064 3888        megasas        (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
20:24:37.0064 3888        megasas - ok
20:24:37.0111 3888        MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
20:24:37.0126 3888        MegaSR - ok
20:24:37.0142 3888        MMCSS          (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
20:24:37.0173 3888        MMCSS - ok
20:24:37.0189 3888        Modem          (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
20:24:37.0220 3888        Modem - ok
20:24:37.0251 3888        monitor        (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
20:24:37.0282 3888        monitor - ok
20:24:37.0298 3888        mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
20:24:37.0314 3888        mouclass - ok
20:24:37.0314 3888        mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
20:24:37.0329 3888        mouhid - ok
20:24:37.0345 3888        mountmgr        (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
20:24:37.0360 3888        mountmgr - ok
20:24:37.0376 3888        mpio            (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
20:24:37.0392 3888        mpio - ok
20:24:37.0407 3888        mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
20:24:37.0438 3888        mpsdrv - ok
20:24:37.0485 3888        MpsSvc          (5cd996cecf45cbc3e8d109c86b82d69e) C:\Windows\system32\mpssvc.dll
20:24:37.0532 3888        MpsSvc - ok
20:24:37.0548 3888        MRxDAV          (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
20:24:37.0563 3888        MRxDAV - ok
20:24:37.0626 3888        mrxsmb          (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:24:37.0672 3888        mrxsmb - ok
20:24:37.0704 3888        mrxsmb10        (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:24:37.0750 3888        mrxsmb10 - ok
20:24:37.0766 3888        mrxsmb20        (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:24:37.0782 3888        mrxsmb20 - ok
20:24:37.0797 3888        msahci          (cb5d37e91135b0f15cee64d1f1ba5de5) C:\Windows\system32\DRIVERS\msahci.sys
20:24:37.0813 3888        msahci - ok
20:24:37.0828 3888        msdsm          (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
20:24:37.0844 3888        msdsm - ok
20:24:37.0875 3888        MSDTC          (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
20:24:37.0906 3888        MSDTC - ok
20:24:37.0938 3888        Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
20:24:37.0969 3888        Msfs - ok
20:24:37.0984 3888        mshidkmdf      (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
20:24:38.0016 3888        mshidkmdf - ok
20:24:38.0047 3888        msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
20:24:38.0047 3888        msisadrv - ok
20:24:38.0094 3888        MSiSCSI        (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
20:24:38.0125 3888        MSiSCSI - ok
20:24:38.0125 3888        msiserver - ok
20:24:38.0140 3888        MSKSSRV        (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
20:24:38.0187 3888        MSKSSRV - ok
20:24:38.0203 3888        MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
20:24:38.0250 3888        MSPCLOCK - ok
20:24:38.0250 3888        MSPQM          (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
20:24:38.0281 3888        MSPQM - ok
20:24:38.0296 3888        MsRPC          (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
20:24:38.0312 3888        MsRPC - ok
20:24:38.0328 3888        mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
20:24:38.0343 3888        mssmbios - ok
20:24:38.0468 3888        MSSQL$SQLEXPRESS - ok
20:24:38.0562 3888        MSSQLServerADHelper100 (f1761c8fb2b25a32c6d63e36bb88c3ae) C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
20:24:38.0577 3888        MSSQLServerADHelper100 - ok
20:24:38.0608 3888        MSTEE          (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
20:24:38.0624 3888        MSTEE - ok
20:24:38.0655 3888        MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
20:24:38.0686 3888        MTConfig - ok
20:24:38.0702 3888        Mup            (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
20:24:38.0718 3888        Mup - ok
20:24:38.0749 3888        napagent        (80284f1985c70c86f0b5f86da2dfe1df) C:\Windows\system32\qagentRT.dll
20:24:38.0796 3888        napagent - ok
20:24:38.0827 3888        NativeWifiP    (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
20:24:38.0858 3888        NativeWifiP - ok
20:24:38.0967 3888        NBService      (8baa0e43bc0267a462068fb3b3388da0) C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
20:24:38.0998 3888        NBService - ok
20:24:39.0045 3888        NDIS            (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
20:24:39.0076 3888        NDIS - ok
20:24:39.0076 3888        NdisCap        (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
20:24:39.0123 3888        NdisCap - ok
20:24:39.0139 3888        NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
20:24:39.0186 3888        NdisTapi - ok
20:24:39.0217 3888        Ndisuio        (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
20:24:39.0248 3888        Ndisuio - ok
20:24:39.0264 3888        NdisWan        (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
20:24:39.0295 3888        NdisWan - ok
20:24:39.0310 3888        NDProxy        (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
20:24:39.0342 3888        NDProxy - ok
20:24:39.0404 3888        Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\Windows\system32\HPZinw12.dll
20:24:39.0404 3888        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
20:24:39.0404 3888        Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
20:24:39.0466 3888        Netaapl        (1352e1648213551923a0a822e441553c) C:\Windows\system32\DRIVERS\netaapl.sys
20:24:39.0498 3888        Netaapl - ok
20:24:39.0529 3888        NetBIOS        (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
20:24:39.0576 3888        NetBIOS - ok
20:24:39.0622 3888        NetBT          (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
20:24:39.0654 3888        NetBT - ok
20:24:39.0685 3888        Netlogon        (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
20:24:39.0700 3888        Netlogon - ok
20:24:39.0747 3888        Netman          (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
20:24:39.0810 3888        Netman - ok
20:24:39.0919 3888        NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:24:39.0950 3888        NetMsmqActivator - ok
20:24:39.0966 3888        NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:24:39.0966 3888        NetPipeActivator - ok
20:24:39.0997 3888        netprofm        (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
20:24:40.0044 3888        netprofm - ok
20:24:40.0075 3888        NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:24:40.0090 3888        NetTcpActivator - ok
20:24:40.0090 3888        NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:24:40.0090 3888        NetTcpPortSharing - ok
20:24:40.0122 3888        nfrd960        (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
20:24:40.0137 3888        nfrd960 - ok
20:24:40.0184 3888        NlaSvc          (2226496e34bd40734946a054b1cd657f) C:\Windows\System32\nlasvc.dll
20:24:40.0215 3888        NlaSvc - ok
20:24:40.0356 3888        NMIndexingService (0b77d0d881931da8a067b3214384d0ca) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
20:24:40.0356 3888        NMIndexingService - ok
20:24:40.0387 3888        Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
20:24:40.0434 3888        Npfs - ok
20:24:40.0434 3888        nsi            (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
20:24:40.0465 3888        nsi - ok
20:24:40.0480 3888        nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
20:24:40.0512 3888        nsiproxy - ok
20:24:40.0590 3888        Ntfs            (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
20:24:40.0621 3888        Ntfs - ok
20:24:40.0746 3888        Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
20:24:40.0792 3888        Null - ok
20:24:40.0808 3888        nvraid          (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
20:24:40.0824 3888        nvraid - ok
20:24:40.0855 3888        nvstor          (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
20:24:40.0855 3888        nvstor - ok
20:24:40.0870 3888        nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
20:24:40.0886 3888        nv_agp - ok
20:24:41.0011 3888        odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:24:41.0042 3888        odserv - ok
20:24:41.0058 3888        ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
20:24:41.0104 3888        ohci1394 - ok
20:24:41.0151 3888        ose            (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:24:41.0167 3888        ose - ok
20:24:41.0198 3888        p2pimsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
20:24:41.0229 3888        p2pimsvc - ok
20:24:41.0260 3888        p2psvc          (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
20:24:41.0292 3888        p2psvc - ok
20:24:41.0307 3888        Parport        (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
20:24:41.0338 3888        Parport - ok
20:24:41.0354 3888        partmgr        (66d3415c159741ade7038a277efff99f) C:\Windows\system32\drivers\partmgr.sys
20:24:41.0370 3888        partmgr - ok
20:24:41.0401 3888        Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
20:24:41.0432 3888        Parvdm - ok
20:24:41.0448 3888        PcaSvc          (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
20:24:41.0463 3888        PcaSvc - ok
20:24:41.0494 3888        pci            (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
20:24:41.0510 3888        pci - ok
20:24:41.0526 3888        pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
20:24:41.0541 3888        pciide - ok
20:24:41.0557 3888        pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
20:24:41.0572 3888        pcmcia - ok
20:24:41.0588 3888        pcw            (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
20:24:41.0604 3888        pcw - ok
20:24:41.0728 3888        PDFProFiltSrv  (abb10afe110b413cfbcc35fbd3970989) C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe
20:24:41.0744 3888        PDFProFiltSrv - ok
20:24:41.0791 3888        PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
20:24:41.0853 3888        PEAUTH - ok
20:24:41.0916 3888        PeerDistSvc    (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
20:24:41.0947 3888        PeerDistSvc - ok
20:24:42.0040 3888        pla            (9c1bff7910c89a1d12e57343475840cb) C:\Windows\system32\pla.dll
20:24:42.0118 3888        pla - ok
20:24:42.0259 3888        PLFlash DeviceIoControl Service (d597e8d5c35cc41d76de5dd6eda2afa1) C:\Windows\system32\IoctlSvc.exe
20:24:42.0259 3888        PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
20:24:42.0259 3888        PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
20:24:42.0321 3888        PlugPlay        (71def5ec79774c798342d0ea16e41780) C:\Windows\system32\umpnpmgr.dll
20:24:42.0352 3888        PlugPlay - ok
20:24:42.0415 3888        Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\Windows\system32\HPZipm12.dll
20:24:42.0430 3888        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
20:24:42.0430 3888        Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
20:24:42.0508 3888        pnetmdm        (da19e3401f39c10df193be029c7e7bba) C:\Windows\system32\DRIVERS\pnetmdm.sys
20:24:42.0524 3888        pnetmdm ( UnsignedFile.Multi.Generic ) - warning
20:24:42.0524 3888        pnetmdm - detected UnsignedFile.Multi.Generic (1)
20:24:42.0602 3888        PNRPAutoReg    (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
20:24:42.0618 3888        PNRPAutoReg - ok
20:24:42.0649 3888        PNRPsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
20:24:42.0664 3888        PNRPsvc - ok
20:24:42.0711 3888        PolicyAgent    (48e1b75c6dc0232fd92baae4bd344721) C:\Windows\System32\ipsecsvc.dll
20:24:42.0758 3888        PolicyAgent - ok
20:24:42.0789 3888        Power          (dbff83f709a91049621c1d35dd45c92c) C:\Windows\system32\umpo.dll
20:24:42.0820 3888        Power - ok
20:24:42.0852 3888        PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
20:24:42.0883 3888        PptpMiniport - ok
20:24:42.0898 3888        Processor      (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
20:24:42.0914 3888        Processor - ok
20:24:42.0976 3888        ProfSvc        (aea3bdbdba667aa6f678cb38907e4f5e) C:\Windows\system32\profsvc.dll
20:24:43.0008 3888        ProfSvc - ok
20:24:43.0039 3888        ProtectedStorage (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
20:24:43.0054 3888        ProtectedStorage - ok
20:24:43.0086 3888        Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
20:24:43.0117 3888        Psched - ok
20:24:43.0179 3888        ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
20:24:43.0226 3888        ql2300 - ok
20:24:43.0335 3888        ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
20:24:43.0351 3888        ql40xx - ok
20:24:43.0382 3888        QWAVE          (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
20:24:43.0413 3888        QWAVE - ok
20:24:43.0444 3888        QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
20:24:43.0460 3888        QWAVEdrv - ok
20:24:43.0460 3888        RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
20:24:43.0522 3888        RasAcd - ok
20:24:43.0538 3888        RasAgileVpn    (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:24:43.0585 3888        RasAgileVpn - ok
20:24:43.0600 3888        RasAuto        (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
20:24:43.0632 3888        RasAuto - ok
20:24:43.0647 3888        Rasl2tp        (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:24:43.0694 3888        Rasl2tp - ok
20:24:43.0741 3888        RasMan          (0ce66ec736b7fc526d78f7624c7d2a94) C:\Windows\System32\rasmans.dll
20:24:43.0772 3888        RasMan - ok
20:24:43.0788 3888        RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
20:24:43.0819 3888        RasPppoe - ok
20:24:43.0834 3888        RasSstp        (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
20:24:43.0866 3888        RasSstp - ok
20:24:43.0881 3888        rdbss          (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
20:24:43.0944 3888        rdbss - ok
20:24:43.0959 3888        rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
20:24:43.0975 3888        rdpbus - ok
20:24:44.0006 3888        RDPCDD          (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:24:44.0022 3888        RDPCDD - ok
20:24:44.0053 3888        RDPDR          (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
20:24:44.0100 3888        RDPDR - ok
20:24:44.0115 3888        RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
20:24:44.0146 3888        RDPENCDD - ok
20:24:44.0162 3888        RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
20:24:44.0178 3888        RDPREFMP - ok
20:24:44.0240 3888        RDPWD          (c5b8d47a4688de9d335204ea757c2240) C:\Windows\system32\drivers\RDPWD.sys
20:24:44.0271 3888        RDPWD - ok
20:24:44.0302 3888        rdyboost        (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
20:24:44.0318 3888        rdyboost - ok
20:24:44.0349 3888        RemoteAccess    (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
20:24:44.0396 3888        RemoteAccess - ok
20:24:44.0427 3888        RemoteRegistry  (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
20:24:44.0458 3888        RemoteRegistry - ok
20:24:44.0490 3888        RFCOMM          (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
20:24:44.0521 3888        RFCOMM - ok
20:24:44.0536 3888        RimUsb - ok
20:24:44.0583 3888        RimVSerPort    (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
20:24:44.0599 3888        RimVSerPort - ok
20:24:44.0614 3888        ROOTMODEM      (564297827d213f52c7a3a2ff749568ca) C:\Windows\system32\Drivers\RootMdm.sys
20:24:44.0646 3888        ROOTMODEM - ok
20:24:44.0677 3888        RpcEptMapper    (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
20:24:44.0708 3888        RpcEptMapper - ok
20:24:44.0724 3888        RpcLocator      (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
20:24:44.0755 3888        RpcLocator - ok
20:24:44.0802 3888        RpcSs          (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
20:24:44.0833 3888        RpcSs - ok
20:24:44.0895 3888        RsFx0105        (6a7360e36cbd636972aeef0dd292a946) C:\Windows\system32\DRIVERS\RsFx0105.sys
20:24:44.0911 3888        RsFx0105 - ok
20:24:44.0926 3888        rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
20:24:44.0973 3888        rspndr - ok
20:24:45.0020 3888        RSUSBSTOR      (31d45eca63884ff5f7aecc50f7d1bae0) C:\Windows\system32\Drivers\RtsUStor.sys
20:24:45.0036 3888        RSUSBSTOR - ok
20:24:45.0067 3888        RTL8167        (80b66a4181f782884a815e69d0afa743) C:\Windows\system32\DRIVERS\Rt86win7.sys
20:24:45.0082 3888        RTL8167 - ok
20:24:45.0098 3888        s3cap          (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
20:24:45.0114 3888        s3cap - ok
20:24:45.0145 3888        SamSs          (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
20:24:45.0160 3888        SamSs - ok
20:24:45.0192 3888        sbp2port        (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
20:24:45.0207 3888        sbp2port - ok
20:24:45.0238 3888        SCardSvr        (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
20:24:45.0285 3888        SCardSvr - ok
20:24:45.0301 3888        scfilter        (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
20:24:45.0332 3888        scfilter - ok
20:24:45.0441 3888        Schedule        (df1e5c82e4d09cf8105cc644980c4803) C:\Windows\system32\schedsvc.dll
20:24:45.0504 3888        Schedule - ok
20:24:45.0535 3888        SCPolicySvc    (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
20:24:45.0566 3888        SCPolicySvc - ok
20:24:45.0628 3888        SDRSVC          (5fd90abdbfaee85986802622cbb03446) C:\Windows\System32\SDRSVC.dll
20:24:45.0660 3888        SDRSVC - ok
20:24:45.0816 3888        SearchAnonymizer (0f4a80438e7286a0e623582f5f2395bd) C:\Users\bslap\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
20:24:45.0816 3888        SearchAnonymizer ( UnsignedFile.Multi.Generic ) - warning
20:24:45.0816 3888        SearchAnonymizer - detected UnsignedFile.Multi.Generic (1)
20:24:45.0847 3888        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
20:24:45.0894 3888        secdrv - ok
20:24:45.0925 3888        seclogon        (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
20:24:45.0972 3888        seclogon - ok
20:24:46.0003 3888        SENS            (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
20:24:46.0050 3888        SENS - ok
20:24:46.0065 3888        SensrSvc        (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
20:24:46.0112 3888        SensrSvc - ok
20:24:46.0159 3888        Sentinel        (a2cc81c30bef6ac9f27055490eef6de3) C:\Windows\System32\Drivers\SENTINEL.SYS
20:24:46.0174 3888        Sentinel - ok
20:24:46.0190 3888        Serenum        (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
20:24:46.0206 3888        Serenum - ok
20:24:46.0221 3888        Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
20:24:46.0252 3888        Serial - ok
20:24:46.0284 3888        sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
20:24:46.0284 3888        sermouse - ok
20:24:46.0315 3888        SessionEnv      (8f55ce568c543d5adf45c409d16718fc) C:\Windows\system32\sessenv.dll
20:24:46.0346 3888        SessionEnv - ok
20:24:46.0362 3888        sffdisk        (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
20:24:46.0408 3888        sffdisk - ok
20:24:46.0424 3888        sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
20:24:46.0455 3888        sffp_mmc - ok
20:24:46.0455 3888        sffp_sd        (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
20:24:46.0486 3888        sffp_sd - ok
20:24:46.0486 3888        sfloppy        (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
20:24:46.0502 3888        sfloppy - ok
20:24:46.0549 3888        SharedAccess    (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
20:24:46.0596 3888        SharedAccess - ok
20:24:46.0627 3888        ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) C:\Windows\System32\shsvcs.dll
20:24:46.0658 3888        ShellHWDetection - ok
20:24:46.0674 3888        simptcp        (f5aaa8cdda25b6387af590d676d25bad) C:\Windows\System32\tcpsvcs.exe
20:24:46.0674 3888        simptcp - ok
20:24:46.0705 3888        sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
20:24:46.0705 3888        sisagp - ok
20:24:46.0720 3888        SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:24:46.0736 3888        SiSRaid2 - ok
20:24:46.0752 3888        SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
20:24:46.0767 3888        SiSRaid4 - ok
20:24:46.0783 3888        Smb            (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
20:24:46.0845 3888        Smb - ok
20:24:46.0876 3888        SNMPTRAP        (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
20:24:46.0908 3888        SNMPTRAP - ok
20:24:46.0923 3888        spldr          (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
20:24:46.0923 3888        spldr - ok
20:24:47.0001 3888        Spooler        (d1bb750eb51694de183e08b9c33be5b2) C:\Windows\System32\spoolsv.exe
20:24:47.0017 3888        Spooler - ok
20:24:47.0173 3888        sppsvc          (4c287f9069fedbd791178876ee9de536) C:\Windows\system32\sppsvc.exe
20:24:47.0235 3888        sppsvc - ok
20:24:47.0360 3888        sppuinotify    (d8e3e19eebdab49dd4a8d3062ead4ec7) C:\Windows\system32\sppuinotify.dll
20:24:47.0391 3888        sppuinotify - ok
20:24:47.0547 3888        SQLAgent$SQLEXPRESS (a892134c28777978ecde8283dc57ac0f) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
20:24:47.0578 3888        SQLAgent$SQLEXPRESS - ok
20:24:47.0625 3888        SQLBrowser      (10d936dced9eacd1a1b3fcdda6d7a4eb) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
20:24:47.0641 3888        SQLBrowser - ok
20:24:47.0672 3888        SQLWriter      (135cdccc167ef0c250125bbd3abe18d5) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
20:24:47.0688 3888        SQLWriter - ok
20:24:47.0766 3888        srv            (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
20:24:47.0797 3888        srv - ok
20:24:47.0844 3888        srv2            (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
20:24:47.0875 3888        srv2 - ok
20:24:47.0890 3888        srvnet          (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
20:24:47.0922 3888        srvnet - ok
20:24:48.0031 3888        SR_Service      (5e8fb8c98d47979f2c87bf424b1a9664) C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
20:24:48.0031 3888        SR_Service - ok
20:24:48.0078 3888        SR_Watchdog    (45093a44ca49dc73c414aeffe42fb8a1) C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
20:24:48.0078 3888        SR_Watchdog - ok
20:24:48.0109 3888        SSDPSRV        (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
20:24:48.0156 3888        SSDPSRV - ok
20:24:48.0218 3888        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
20:24:48.0218 3888        ssmdrv - ok
20:24:48.0234 3888        SstpSvc        (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
20:24:48.0265 3888        SstpSvc - ok
20:24:48.0358 3888        STacSV          (fbaa145c28074c853529050914d405c6) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\STacSV.exe
20:24:48.0374 3888        STacSV - ok
20:24:48.0405 3888        stdflt          (972f577308b006070de8d09573dbae53) C:\Windows\system32\DRIVERS\stdflt.sys
20:24:48.0421 3888        stdflt - ok
20:24:48.0436 3888        stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
20:24:48.0452 3888        stexstor - ok
20:24:48.0483 3888        STHDA          (06cbb271f42ef70fb6ef372c491ba9aa) C:\Windows\system32\DRIVERS\stwrt.sys
20:24:48.0514 3888        STHDA - ok
20:24:48.0546 3888        StillCam        (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
20:24:48.0577 3888        StillCam - ok
20:24:48.0624 3888        StiSvc          (a22825e7bb7018e8af3e229a5af17221) C:\Windows\System32\wiaservc.dll
20:24:48.0670 3888        StiSvc - ok
20:24:48.0686 3888        storflt        (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
20:24:48.0702 3888        storflt - ok
20:24:48.0717 3888        StorSvc        (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
20:24:48.0733 3888        StorSvc - ok
20:24:48.0748 3888        storvsc        (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
20:24:48.0764 3888        storvsc - ok
20:24:48.0780 3888        swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
20:24:48.0780 3888        swenum - ok
20:24:48.0811 3888        swprv          (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
20:24:48.0873 3888        swprv - ok
20:24:48.0920 3888        SynTP          (cf196a45fd61118c95585489fad5b2aa) C:\Windows\system32\DRIVERS\SynTP.sys
20:24:48.0982 3888        SynTP - ok
20:24:49.0903 3888        SysMain        (04105c8da62353589c29bdaeb8d88bd8) C:\Windows\system32\sysmain.dll
20:24:50.0028 3888        SysMain - ok
20:24:50.0121 3888        TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) C:\Windows\System32\TabSvc.dll
20:24:50.0152 3888        TabletInputService - ok
20:24:50.0168 3888        TapiSrv        (2f46b0c70a4adc8c90cf825da3b4feaf) C:\Windows\System32\tapisrv.dll
20:24:50.0199 3888        TapiSrv - ok
20:24:50.0230 3888        TBS            (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
20:24:50.0277 3888        TBS - ok
20:24:50.0402 3888        Tcpip          (55e9965552741f3850cb22cbba9671ed) C:\Windows\system32\drivers\tcpip.sys
20:24:50.0433 3888        Tcpip - ok
20:24:50.0620 3888        TCPIP6          (55e9965552741f3850cb22cbba9671ed) C:\Windows\system32\DRIVERS\tcpip.sys
20:24:50.0652 3888        TCPIP6 - ok
20:24:50.0854 3888        tcpipBM        (dcfeb82ca988598ceb8f83148616038e) C:\Windows\system32\drivers\tcpipBM.sys
20:24:50.0854 3888        tcpipBM ( UnsignedFile.Multi.Generic ) - warning
20:24:50.0854 3888        tcpipBM - detected UnsignedFile.Multi.Generic (1)
20:24:50.0886 3888        tcpipreg        (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
20:24:50.0964 3888        tcpipreg - ok
20:24:50.0979 3888        TDPIPE          (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
20:24:51.0026 3888        TDPIPE - ok
20:24:51.0073 3888        TDTCP          (7156308896d34ea75a582f9a09e50c17) C:\Windows\system32\drivers\tdtcp.sys
20:24:51.0104 3888        TDTCP - ok
20:24:51.0120 3888        tdx            (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
20:24:51.0151 3888        tdx - ok
20:24:51.0166 3888        TermDD          (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
20:24:51.0182 3888        TermDD - ok
20:24:51.0229 3888        TermService    (a01e50a04d7b1960b33e92b9080e6a94) C:\Windows\System32\termsrv.dll
20:24:51.0260 3888        TermService - ok
20:24:51.0276 3888        Themes          (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
20:24:51.0291 3888        Themes - ok
20:24:51.0322 3888        THREADORDER    (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
20:24:51.0354 3888        THREADORDER - ok
20:24:51.0385 3888        TlntSvr        (ce92b84ed806f1c5c340a51dfd3e49bc) C:\Windows\System32\tlntsvr.exe
20:24:51.0400 3888        TlntSvr - ok
20:24:51.0447 3888        TrkWks          (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
20:24:51.0494 3888        TrkWks - ok
20:24:51.0619 3888        TrustedInstaller (41a4c781d2286208d397d72099304133) C:\Windows\servicing\TrustedInstaller.exe
20:24:51.0634 3888        TrustedInstaller - ok
20:24:51.0634 3888        tssecsrv        (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:24:51.0681 3888        tssecsrv - ok
20:24:51.0728 3888        tunnel          (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
20:24:51.0759 3888        tunnel - ok
20:24:51.0884 3888        uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
20:24:51.0900 3888        uagp35 - ok
20:24:52.0227 3888        udfs            (eb0a7bd4d471ac3ce55564a4c55b9d8e) C:\Windows\system32\DRIVERS\udfs.sys
20:24:52.0305 3888        udfs - ok
20:24:52.0336 3888        UI0Detect      (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
20:24:52.0352 3888        UI0Detect - ok
20:24:52.0414 3888        uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
20:24:52.0430 3888        uliagpkx - ok
20:24:52.0524 3888        umbus          (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
20:24:52.0570 3888        umbus - ok
20:24:52.0602 3888        UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
20:24:52.0617 3888        UmPass - ok
20:24:52.0695 3888        UmRdpService    (8ecaca5454844f66386f7be4ae0d7cd1) C:\Windows\System32\umrdp.dll
20:24:52.0726 3888        UmRdpService - ok
20:24:53.0007 3888        UNS            (9e89c2d6945389270de067ce51ff7425) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
20:24:53.0085 3888        UNS - ok
20:24:53.0304 3888        upnphost        (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
20:24:53.0350 3888        upnphost - ok
20:24:53.0428 3888        USBAAPL        (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
20:24:53.0475 3888        USBAAPL - ok
20:24:53.0506 3888        usbccgp        (5c233aefb566ee78c1efbc0493fb066a) C:\Windows\system32\DRIVERS\usbccgp.sys
20:24:53.0522 3888        usbccgp - ok
20:24:53.0709 3888        usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
20:24:53.0756 3888        usbcir - ok
20:24:53.0834 3888        usbehci        (5b71019a6aca0116fd21b368f19c0b91) C:\Windows\system32\drivers\usbehci.sys
20:24:53.0850 3888        usbehci - ok
20:24:54.0661 3888        usbhub          (5823d3965c2a4f6f785ed1a3b403f3b8) C:\Windows\system32\DRIVERS\usbhub.sys
20:24:54.0770 3888        usbhub - ok
20:24:54.0848 3888        usbohci        (e753ed6c49da13967ebabf9ea616454a) C:\Windows\system32\drivers\usbohci.sys
20:24:54.0848 3888        usbohci - ok
20:24:54.0879 3888        usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
20:24:54.0926 3888        usbprint - ok
20:24:54.0973 3888        usbscan        (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
20:24:54.0988 3888        usbscan - ok
20:24:55.0004 3888        USBSTOR        (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:24:55.0035 3888        USBSTOR - ok
20:24:55.0051 3888        usbuhci        (6a30928a469ce802600e1ea8c0f2f53f) C:\Windows\system32\drivers\usbuhci.sys
20:24:55.0066 3888        usbuhci - ok
20:24:55.0129 3888        usbvideo        (b5f6a992d996282b7fae7048e50af83a) C:\Windows\system32\Drivers\usbvideo.sys
20:24:55.0176 3888        usbvideo - ok
20:24:55.0191 3888        usb_rndisx      (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows\system32\DRIVERS\usb8023x.sys
20:24:55.0207 3888        usb_rndisx - ok
20:24:55.0238 3888        UxSms          (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
20:24:55.0269 3888        UxSms - ok
20:24:55.0332 3888        VaultSvc        (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
20:24:55.0347 3888        VaultSvc - ok
20:24:55.0363 3888        vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
20:24:55.0378 3888        vdrvroot - ok
20:24:55.0425 3888        vds            (8c4e7c49d3641bc9e299e466a7f8867d) C:\Windows\System32\vds.exe
20:24:55.0488 3888        vds - ok
20:24:55.0519 3888        vga            (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
20:24:55.0534 3888        vga - ok
20:24:55.0566 3888        VgaSave        (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
20:24:55.0597 3888        VgaSave - ok
20:24:55.0722 3888        vhdmp          (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
20:24:55.0737 3888        vhdmp - ok
20:24:55.0815 3888        viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
20:24:55.0831 3888        viaagp - ok
20:24:55.0909 3888        ViaC7          (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
20:24:55.0940 3888        ViaC7 - ok
20:24:55.0987 3888        viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
20:24:55.0987 3888        viaide - ok
20:24:56.0112 3888        vmbus          (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
20:24:56.0143 3888        vmbus - ok
20:24:56.0143 3888        VMBusHID        (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
20:24:56.0158 3888        VMBusHID - ok
20:24:56.0205 3888        VNASC          (405df0b2f8d0616353ecc829622d77ac) C:\Windows\system32\DRIVERS\vnasc.sys
20:24:56.0221 3888        VNASC - ok
20:24:56.0268 3888        volmgr          (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
20:24:56.0283 3888        volmgr - ok
20:24:56.0299 3888        volmgrx        (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
20:24:56.0330 3888        volmgrx - ok
20:24:56.0346 3888        volsnap        (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
20:24:56.0361 3888        volsnap - ok
20:24:56.0439 3888        VPN-1          (002014fc59eee5e11bf7d6a555b11227) C:\Windows\System32\drivers\vpn.sys
20:24:56.0455 3888        VPN-1 - ok
20:24:56.0486 3888        vsmraid        (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
20:24:56.0502 3888        vsmraid - ok
20:24:56.0782 3888        VSS            (7ea2bcd94d9cfaf4c556f5cc94532a6c) C:\Windows\system32\vssvc.exe
20:24:56.0829 3888        VSS - ok
20:24:56.0954 3888        vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
20:24:57.0016 3888        vwifibus - ok
20:24:57.0048 3888        vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
20:24:57.0094 3888        vwififlt - ok
20:24:57.0172 3888        vwifimp        (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
20:24:57.0204 3888        vwifimp - ok
20:24:57.0328 3888        W32Time        (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
20:24:57.0360 3888        W32Time - ok
20:24:57.0406 3888        WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
20:24:57.0422 3888        WacomPen - ok
20:24:57.0469 3888        WANARP          (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
20:24:57.0500 3888        WANARP - ok
20:24:57.0500 3888        Wanarpv6        (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
20:24:57.0531 3888        Wanarpv6 - ok
20:24:57.0656 3888        WAS            (a5ea12d6020709b1e7db7d5f00c46a86) C:\Windows\system32\inetsrv\iisw3adm.dll
20:24:57.0672 3888        WAS - ok
20:24:57.0937 3888        WatAdminSvc    (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
20:24:58.0015 3888        WatAdminSvc - ok
20:24:58.0592 3888        wbengine        (7790b77fe1e5ee47dcc66247095bb4c9) C:\Windows\system32\wbengine.exe
20:24:58.0717 3888        wbengine - ok
20:24:58.0732 3888        WbioSrvc        (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
20:24:58.0748 3888        WbioSrvc - ok
20:24:58.0826 3888        wcncsvc        (6d9b75275c3e3a5f51aef81affadb2b6) C:\Windows\System32\wcncsvc.dll
20:24:58.0857 3888        wcncsvc - ok
20:24:58.0904 3888        WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
20:24:58.0966 3888        WcsPlugInService - ok
20:24:59.0044 3888        Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
20:24:59.0060 3888        Wd - ok
20:24:59.0091 3888        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
20:24:59.0122 3888        Wdf01000 - ok
20:24:59.0138 3888        WdiServiceHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
20:24:59.0154 3888        WdiServiceHost - ok
20:24:59.0169 3888        WdiSystemHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
20:24:59.0185 3888        WdiSystemHost - ok
20:24:59.0294 3888        WebClient      (bb5ec38f8d4600119b4720bc5d4211f1) C:\Windows\System32\webclnt.dll
20:24:59.0341 3888        WebClient - ok
20:24:59.0372 3888        Wecsvc          (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
20:24:59.0403 3888        Wecsvc - ok
20:24:59.0419 3888        wercplsupport  (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
20:24:59.0450 3888        wercplsupport - ok
20:24:59.0481 3888        WerSvc          (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
20:24:59.0512 3888        WerSvc - ok
20:24:59.0544 3888        WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
20:24:59.0575 3888        WfpLwf - ok
20:24:59.0606 3888        WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
20:24:59.0622 3888        WIMMount - ok
20:24:59.0715 3888        WinDefend      (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
20:24:59.0731 3888        WinDefend - ok
20:24:59.0746 3888        WinHttpAutoProxySvc - ok
20:24:59.0824 3888        Winmgmt        (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
20:24:59.0856 3888        Winmgmt - ok
20:24:59.0934 3888        WinRM          (c4f5d3901d1b41d602ddc196e0b95b51) C:\Windows\system32\WsmSvc.dll
20:24:59.0996 3888        WinRM - ok
20:25:00.0058 3888        WinUsb          (b5ba3cc19d00f2eba92f1cfbebb5d650) C:\Windows\system32\DRIVERS\WinUsb.sys
20:25:00.0074 3888        WinUsb - ok
20:25:00.0136 3888        Wlansvc        (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
20:25:00.0183 3888        Wlansvc - ok
20:25:00.0261 3888        wltrysvc        (7fff34ae69dfb80f7b190aba31e00610) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
20:25:00.0277 3888        wltrysvc ( UnsignedFile.Multi.Generic ) - warning
20:25:00.0277 3888        wltrysvc - detected UnsignedFile.Multi.Generic (1)
20:25:00.0308 3888        WmiAcpi        (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
20:25:00.0324 3888        WmiAcpi - ok
20:25:00.0386 3888        wmiApSrv        (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
20:25:00.0402 3888        wmiApSrv - ok
20:25:00.0495 3888        WMPNetworkSvc  (77fbd400984cf72ba0fc4b3489d65f74) C:\Program Files\Windows Media Player\wmpnetwk.exe
20:25:00.0542 3888        WMPNetworkSvc - ok
20:25:00.0682 3888        WPCSvc          (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
20:25:00.0729 3888        WPCSvc - ok
20:25:00.0745 3888        WPDBusEnum      (b7f658a2ebc07129538ad9ab35212637) C:\Windows\system32\wpdbusenum.dll
20:25:00.0745 3888        WPDBusEnum - ok
20:25:00.0854 3888        ws2ifsl        (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
20:25:00.0901 3888        ws2ifsl - ok
20:25:00.0932 3888        wscsvc          (a661a76333057b383a06e65f0073222f) C:\Windows\System32\wscsvc.dll
20:25:00.0948 3888        wscsvc - ok
20:25:01.0010 3888        WSDPrintDevice  (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys
20:25:01.0026 3888        WSDPrintDevice - ok
20:25:01.0057 3888        WSDScan        (7dc0270cfd4a05b4112e3ebbf083b595) C:\Windows\system32\DRIVERS\WSDScan.sys
20:25:01.0088 3888        WSDScan - ok
20:25:01.0104 3888        WSearch - ok
20:25:01.0213 3888        wuauserv        (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
20:25:01.0260 3888        wuauserv - ok
20:25:02.0086 3888        WudfPf          (a52494b107afc92ddca21f0b64f83376) C:\Windows\system32\drivers\WudfPf.sys
20:25:02.0133 3888        WudfPf - ok
20:25:02.0476 3888        WUDFRd          (90a541c607da0025ae75f0f3673945fe) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:25:02.0508 3888        WUDFRd - ok
20:25:02.0648 3888        wudfsvc        (f1fcb56102a8373ed86b6ff08fb17d67) C:\Windows\System32\WUDFSvc.dll
20:25:02.0726 3888        wudfsvc - ok
20:25:03.0022 3888        WwanSvc        (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
20:25:03.0085 3888        WwanSvc - ok
20:25:03.0241 3888        MBR (0x1B8)    (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
20:25:05.0050 3888        \Device\Harddisk0\DR0 - ok
20:25:05.0128 3888        Boot (0x1200)  (e6f3f13999f4be88efba1d93b874507b) \Device\Harddisk0\DR0\Partition0
20:25:05.0128 3888        \Device\Harddisk0\DR0\Partition0 - ok
20:25:05.0160 3888        Boot (0x1200)  (007dced352129e778a49d2aad7ee9167) \Device\Harddisk0\DR0\Partition1
20:25:05.0160 3888        \Device\Harddisk0\DR0\Partition1 - ok
20:25:05.0160 3888        Boot (0x1200)  (fe239bcf2fb282cc1ec90bb216ec87f2) \Device\Harddisk0\DR0\Partition2
20:25:05.0160 3888        \Device\Harddisk0\DR0\Partition2 - ok
20:25:05.0191 3888        Boot (0x1200)  (56fd26809b43cfedecce0a5a43006905) \Device\Harddisk0\DR0\Partition3
20:25:05.0222 3888        \Device\Harddisk0\DR0\Partition3 - ok
20:25:05.0222 3888        ============================================================
20:25:05.0222 3888        Scan finished
20:25:05.0222 3888        ============================================================
20:25:05.0222 3552        Detected object count: 22
20:25:05.0222 3552        Actual detected object count: 22
20:25:33.0053 3552        ASPI ( UnsignedFile.Multi.Generic ) - skipped by user
20:25:33.0053 3552        ASPI ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:25:33.0053 3552        ASPI32 ( UnsignedFile.Multi.Generic ) - skipped by user
20:25:33.0053 3552        ASPI32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:25:33.0053 3552        AVM IGD CTRL Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:25:33.0053 3552        AVM IGD CTRL Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:25:33.0053 3552        BMLoad ( UnsignedFile.Multi.Generic ) - skipped by user
20:25:33.0053 3552        BMLoad ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:25:33.0053 3552        CP_OMDRV ( UnsignedFile.Multi.Generic ) - skipped by user
20:25:33.0053 3552        CP_OMDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:25:33.0053 3552        de_serv ( UnsignedFile.Multi.Generic ) - skipped by user
20:25:33.0053 3552        de_serv ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:25:33.0053 3552        epmntdrv ( UnsignedFile.Multi.Generic ) - skipped by user
20:25:33.0053 3552        epmntdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:25:33.0053 3552        EuGdiDrv ( UnsignedFile.Multi.Generic ) - skipped by user
20:25:33.0053 3552        EuGdiDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:25:33.0053 3552        hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
20:25:33.0053 3552        hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:25:33.0053 3552        hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
20:25:33.0053 3552        hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:25:33.0053 3552        HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
20:25:33.0053 3552        HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:25:33.0068 3552        IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
20:25:33.0068 3552        IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:25:33.0068 3552        InstallFilterService ( UnsignedFile.Multi.Generic ) - skipped by user
20:25:33.0068 3552        InstallFilterService ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:25:33.0068 3552        MCSWASVR ( UnsignedFile.Multi.Generic ) - skipped by user
20:25:33.0068 3552        MCSWASVR ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:25:33.0068 3552        MDM ( UnsignedFile.Multi.Generic ) - skipped by user
20:25:33.0068 3552        MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:25:33.0068 3552        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
20:25:33.0068 3552        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:25:33.0068 3552        PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:25:33.0068 3552        PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:25:33.0068 3552        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
20:25:33.0068 3552        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:25:33.0068 3552        pnetmdm ( UnsignedFile.Multi.Generic ) - skipped by user
20:25:33.0068 3552        pnetmdm ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:25:33.0068 3552        SearchAnonymizer ( UnsignedFile.Multi.Generic ) - skipped by user
20:25:33.0068 3552        SearchAnonymizer ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:25:33.0068 3552        tcpipBM ( UnsignedFile.Multi.Generic ) - skipped by user
20:25:33.0068 3552        tcpipBM ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:25:33.0068 3552        wltrysvc ( UnsignedFile.Multi.Generic ) - skipped by user
20:25:33.0068 3552        wltrysvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:30:38.0129 4136        Deinitialize success
Gruß
Steffen

cosinus 10.08.2012 19:14
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

mobspot 14.08.2012 11:46
Hallo Arne,

hier das logfile von combofix.
Combofix Logfile:
Code:
ComboFix 12-08-13.01 - bslap 14.08.2012  12:18:58.1.4 - x86
Microsoft Windows 7 Professional  6.1.7600.0.1252.49.1031.18.2935.1603 [GMT 2:00]
ausgeführt von:: c:\users\bslap\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\bslap\AppData\Roaming\log.txt
c:\users\Johannes\Desktop\Internet Explorer.lnk
c:\windows\_detmp.2
c:\windows\IsUn0407.exe
c:\windows\system32\drivers\npf.sys
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\system32\winsusrm.dll
c:\windows\unin0407.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-07-14 bis 2012-08-14  ))))))))))))))))))))))))))))))
.
.
2012-08-14 10:14 . 2012-07-16 00:41        6891424        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{1CEDE5B4-C874-4F68-B944-CCDC2BEC041C}\mpengine.dll
2012-08-07 10:19 . 2012-08-07 10:19        --------        d-----w-        C:\_OTL
2012-07-31 11:24 . 2012-07-31 11:24        --------        d-----w-        c:\programdata\VS
2012-07-31 11:19 . 2011-09-22 15:18        73064        ----a-w-        c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
2012-07-31 11:19 . 2011-09-22 15:18        89960        ----a-w-        c:\windows\system32\SQSRVRES.DLL
2012-07-31 10:50 . 2012-01-04 09:03        442880        ----a-w-        c:\windows\system32\ntshrui.dll
2012-07-31 10:50 . 2012-01-03 05:44        478208        ----a-w-        c:\windows\system32\timedate.cpl
2012-07-31 10:50 . 2012-05-02 04:52        163328        ----a-w-        c:\windows\system32\profsvc.dll
2012-07-30 09:42 . 2012-07-30 09:42        --------        d-----w-        c:\users\bslap\AppData\Roaming\Malwarebytes
2012-07-30 09:42 . 2012-07-30 09:42        --------        d-----w-        c:\programdata\Malwarebytes
2012-07-30 09:42 . 2012-07-30 09:42        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-07-30 09:42 . 2012-07-03 11:46        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-07-30 06:35 . 2012-08-13 16:08        --------        d-----w-        c:\users\bslap\AppData\Local\482CD0FC-201D-485F-8987-8B9F43F23531.aplzod
2012-07-24 10:28 . 2012-07-24 10:28        --------        d-----w-        c:\program files\ESET
2012-07-24 10:28 . 2012-07-24 10:28        --------        d-----w-        c:\windows\AxInstSV
2012-07-23 11:11 . 2012-07-23 11:11        --------        d-----w-        c:\program files\FreeTime
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-01 15:25 . 2012-05-01 11:18        113440        ----a-w-        c:\programdata\Microsoft\VCExpress\10.0\1031\ResourceCache.dll
2012-07-29 17:46 . 2012-04-18 10:05        426184        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-07-29 17:46 . 2011-05-30 12:55        70344        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-12 15:13 . 2012-05-15 12:07        405144        ----a-w-        c:\windows\system32\Newtonsoft.Json.Net20.dll
2012-06-25 14:04 . 2012-06-25 14:04        1394248        ----a-w-        c:\windows\system32\msxml4.dll
2012-06-12 02:44 . 2012-07-11 14:26        2344448        ----a-w-        c:\windows\system32\win32k.sys
2012-06-06 05:09 . 2012-07-11 09:43        1389568        ----a-w-        c:\windows\system32\msxml6.dll
2012-06-06 05:09 . 2012-07-11 09:43        1236992        ----a-w-        c:\windows\system32\msxml3.dll
2012-06-02 22:19 . 2012-06-21 14:20        53784        ----a-w-        c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 14:20        45080        ----a-w-        c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 14:20        35864        ----a-w-        c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 14:20        577048        ----a-w-        c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 14:20        1933848        ----a-w-        c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 14:20        2422272        ----a-w-        c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 14:20        88576        ----a-w-        c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-21 14:20        171904        ----a-w-        c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-21 14:20        33792        ----a-w-        c:\windows\system32\wuapp.exe
2012-06-02 08:33 . 2012-07-11 14:30        1800192        ----a-w-        c:\windows\system32\jscript9.dll
2012-06-02 08:25 . 2012-07-11 14:30        1129472        ----a-w-        c:\windows\system32\wininet.dll
2012-06-02 08:25 . 2012-07-11 14:30        1427968        ----a-w-        c:\windows\system32\inetcpl.cpl
2012-06-02 08:20 . 2012-07-11 14:30        142848        ----a-w-        c:\windows\system32\ieUnatt.exe
2012-06-02 08:16 . 2012-07-11 14:30        2382848        ----a-w-        c:\windows\system32\mshtml.tlb
2012-06-02 04:51 . 2012-07-11 09:43        67440        ----a-w-        c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:51 . 2012-07-11 09:43        134000        ----a-w-        c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:50 . 2012-07-11 09:43        369336        ----a-w-        c:\windows\system32\drivers\cng.sys
2012-06-02 04:48 . 2012-07-11 09:43        225280        ----a-w-        c:\windows\system32\schannel.dll
2012-06-02 04:47 . 2012-07-11 09:43        219136        ----a-w-        c:\windows\system32\ncrypt.dll
2012-05-31 10:25 . 2010-09-14 11:24        237072        ------w-        c:\windows\system32\MpSigStub.exe
2011-06-16 04:32 . 2011-07-11 21:46        142296        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ASOOverlayIcon]
@="{0FB7818F-4055-4635-B618-09F669074940}"
[HKEY_CLASSES_ROOT\CLSID\{0FB7818F-4055-4635-B618-09F669074940}]
2010-06-19 01:22        452032        ----a-w-        c:\program files\EMC IRM\Common\ASOShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2010-05-15 14:55        155416        ----a-w-        c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\McsShellOverlayUpload]
@="{0774B5A9-ADB5-4D3A-915F-72C7EF9CD262}"
[HKEY_CLASSES_ROOT\CLSID\{0774B5A9-ADB5-4D3A-915F-72C7EF9CD262}]
2011-11-23 12:01        284160        ----a-w-        c:\windows\System32\DTAG.Mediencenter.ShellExtension.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-29 149040]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-02-16 221184]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
"HW_OPENEYE_OUC_T-Mobile Internet Manager"="c:\program files\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe" [2009-12-31 110592]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-01-08 1602856]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-04-07 495708]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-21 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-21 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-21 169496]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-09-04 5249024]
"DataCardMonitor"="c:\program files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe" [2010-11-25 253952]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2007-03-26 210472]
"Ocs_SM"="c:\users\bslap\AppData\Roaming\OCS\SM\SearchAnonymizer.exe" [2011-05-22 106496]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
c:\users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
IRM Offline Refresh.lnk - c:\program files\EMC IRM\Common\autoofflineprocess.exe [2010-10-27 4000768]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-10-20 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^bslap^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Mediencenter Assistent.lnk]
path=c:\users\bslap\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mediencenter Assistent.lnk
backup=c:\windows\pss\Mediencenter Assistent.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-05-30 18:06        59280        ----a-w-        c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Webcam Central]
2009-06-24 21:21        409744        ------w-        c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeFallProtection]
2009-07-22 12:52        2384896        ----a-w-        c:\program files\STMicroelectronics\Accelerometer\FF_Protection.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-05-10 01:41        49208        ----a-w-        c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-07-22 17:33        150528        ----a-w-        c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HW_OPENEYE_OUC_T-Mobile Internet Manager]
2009-12-31 13:13        110592        ----a-w-        c:\program files\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-06-07 17:33        421776        ----a-w-        c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 21:44        3883840        ----a-w-        c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-05-24 15:38        1226288        ----a-w-        c:\program files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nuance PDF Professional 5-reminder]
2007-08-31 07:02        328992        ----a-w-        c:\program files\Nuance\PDF Professional 5\Ereg\Ereg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ocs_SM]
2011-05-22 16:01        106496        ----a-w-        c:\users\bslap\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF5 Registry Controller]
2008-02-02 00:19        58656        ----a-w-        c:\program files\Nuance\PDF Professional 5\RegistryController.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFHook]
2008-02-02 00:20        795936        ----a-w-        c:\program files\Nuance\PDF Professional 5\PdfPro5Hook.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD9LanguageShortcut]
2010-09-17 17:59        50472        ------w-        c:\program files\CyberLink\PowerDVD9\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickSet]
2010-01-15 15:26        3873648        ----a-w-        c:\program files\Dell\QuickSet\quickset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-18 18:56        421888        ----a-w-        c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 10:59        254696        ----a-w-        c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\To-Do DeskList]
2011-02-21 16:21        2539520        ----a-w-        c:\program files\To-Do DeskList\To-Do DeskList.exe
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 InstallFilterService;FF Install Filter Service;c:\program files\STMicroelectronics\Accelerometer\InstallFilterService.exe [x]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]
R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [x]
R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [x]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [x]
R3 PDFProFiltSrv;PDFProFiltSrv;c:\program files\Nuance\PDF Professional 5\PDFProFiltSrv.exe [x]
R3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\aestsrv.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [x]
S2 CP_OMDRV;Check Point Office Mode Module;c:\windows\system32\drivers\omdrv.sys [x]
S2 MCSWASVR;Mediencenter Service;c:\program files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe [x]
S2 SearchAnonymizer;SearchAnonymizer;c:\users\bslap\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VNASC;Check Point Virtual Network Adapter - SecureClient;c:\windows\system32\DRIVERS\vnasc.sys [x]
S2 VPN-1;VPN-1 Module;c:\windows\System32\drivers\vpn.sys [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 FW1;SecuRemote Miniport;c:\windows\system32\DRIVERS\fw.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
S3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - BMLoad
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12
HPService        REG_MULTI_SZ          HPSLPSVC
hpdevmgmt        REG_MULTI_SZ          hpqcxs08 hpqddsvc
iissvcs        REG_MULTI_SZ          w3svc was
apphost        REG_MULTI_SZ          apphostsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-22 15:21]
.
2012-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-22 15:21]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.obt.de/obt/view/index.shtml
uDefault_Search_URL = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: An vorhandene PDF-Datei anhängen - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube Download - c:\users\bslap\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\bslap\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Inhalt der ausgewählten Links an vorhandene PDF-Datei anhängen - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Linkinhalt an vorhandene PDF-Datei anhängen - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Mit Nuance PDF Converter 5.0 öffnen - c:\program files\Nuance\PDF Professional 5\cnvres_ger.dll /100
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: PDF-Datei aus Linkinhalt erstellen - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: PDF-Datei erstellen - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: PDF-Dateien aus den ausgewählten Links erstellen - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: Interfaces\{13709972-8B0E-4E3E-8DF9-A937C1F47338}: NameServer = 192.2.200.1
FF - ProfilePath - c:\users\bslap\AppData\Roaming\Mozilla\Firefox\Profiles\7ns5zi8v.default\
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: browser.search.selectedEngine -
.
.
------- Dateityp-Verknüpfung -------
.
.scr=DWGTrueViewScriptFile
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{C98BE8DB-5FD4-4455-9BB2-A3E1AE5A325B} - (no file)
AddRemove-FRITZ! 2.0 - c:\windows\IsUn0407.exe
AddRemove-FRITZ!DSL - c:\windows\IsUn0407.exe
AddRemove-Visio Professional - c:\windows\unin0407.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\bslap\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(1268)
c:\windows\system32\CbFsNetRdr3.dll
.
- - - - - - - > 'Explorer.exe'(1036)
c:\windows\system32\CbFsMntNtf3.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\STacSV.exe
c:\program files\CheckPoint\SecuRemote\bin\SR_Service.exe
c:\program files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
c:\program files\Dell\DW WLAN Card\WLTRYSVC.EXE
c:\program files\Dell\DW WLAN Card\bcmwltry.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\FRITZ!DSL\IGDCTRL.EXE
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\windows\System32\tcpsvcs.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\taskhost.exe
c:\program files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-08-14  12:43:25 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-08-14 10:43
.
Vor Suchlauf: 20 Verzeichnis(se), 40.829.112.320 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 40.385.060.864 Bytes frei
.
- - End Of File - - 64FD5239447891B2BBE5C43042FB603D
--- --- ---

Danke und Gruß
Steffen

cosinus 14.08.2012 16:08
Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
Filelook::
c:\users\bslap\AppData\Local\482CD0FC-201D-485F-8987-8B9F43F23531.aplzod
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

mobspot 16.08.2012 12:04
Anbei die Log-Datei von Combofix:

Combofix Logfile:
Code:
ComboFix 12-08-16.01 - bslap 16.08.2012  12:44:03.2.4 - x86
Microsoft Windows 7 Professional  6.1.7600.0.1252.49.1031.18.2935.1766 [GMT 2:00]
ausgeführt von:: c:\users\bslap\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\bslap\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-07-16 bis 2012-08-16  ))))))))))))))))))))))))))))))
.
.
2012-08-16 10:51 . 2012-08-16 10:51        --------        d-----w-        c:\users\Johannes\AppData\Local\temp
2012-08-16 10:51 . 2012-08-16 10:51        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-08-14 10:30 . 2012-08-16 10:51        --------        d-----w-        c:\users\bslap\AppData\Local\temp
2012-08-14 10:14 . 2012-07-16 00:41        6891424        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{1CEDE5B4-C874-4F68-B944-CCDC2BEC041C}\mpengine.dll
2012-08-07 10:19 . 2012-08-07 10:19        --------        d-----w-        C:\_OTL
2012-07-31 11:24 . 2012-07-31 11:24        --------        d-----w-        c:\programdata\VS
2012-07-31 11:19 . 2011-09-22 15:18        73064        ----a-w-        c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
2012-07-31 11:19 . 2011-09-22 15:18        89960        ----a-w-        c:\windows\system32\SQSRVRES.DLL
2012-07-31 10:50 . 2012-01-04 09:03        442880        ----a-w-        c:\windows\system32\ntshrui.dll
2012-07-31 10:50 . 2012-01-03 05:44        478208        ----a-w-        c:\windows\system32\timedate.cpl
2012-07-31 10:50 . 2012-05-02 04:52        163328        ----a-w-        c:\windows\system32\profsvc.dll
2012-07-30 09:42 . 2012-07-30 09:42        --------        d-----w-        c:\users\bslap\AppData\Roaming\Malwarebytes
2012-07-30 09:42 . 2012-07-30 09:42        --------        d-----w-        c:\programdata\Malwarebytes
2012-07-30 09:42 . 2012-07-30 09:42        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-07-30 09:42 . 2012-07-03 11:46        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-07-30 06:35 . 2012-08-16 10:37        --------        d-----w-        c:\users\bslap\AppData\Local\482CD0FC-201D-485F-8987-8B9F43F23531.aplzod
2012-07-24 10:28 . 2012-07-24 10:28        --------        d-----w-        c:\program files\ESET
2012-07-24 10:28 . 2012-07-24 10:28        --------        d-----w-        c:\windows\AxInstSV
2012-07-23 11:11 . 2012-07-23 11:11        --------        d-----w-        c:\program files\FreeTime
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-01 15:25 . 2012-05-01 11:18        113440        ----a-w-        c:\programdata\Microsoft\VCExpress\10.0\1031\ResourceCache.dll
2012-07-29 17:46 . 2012-04-18 10:05        426184        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-07-29 17:46 . 2011-05-30 12:55        70344        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-12 15:13 . 2012-05-15 12:07        405144        ----a-w-        c:\windows\system32\Newtonsoft.Json.Net20.dll
2012-06-25 14:04 . 2012-06-25 14:04        1394248        ----a-w-        c:\windows\system32\msxml4.dll
2012-06-12 02:44 . 2012-07-11 14:26        2344448        ----a-w-        c:\windows\system32\win32k.sys
2012-06-06 05:09 . 2012-07-11 09:43        1389568        ----a-w-        c:\windows\system32\msxml6.dll
2012-06-06 05:09 . 2012-07-11 09:43        1236992        ----a-w-        c:\windows\system32\msxml3.dll
2012-06-02 22:19 . 2012-06-21 14:20        53784        ----a-w-        c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 14:20        45080        ----a-w-        c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 14:20        35864        ----a-w-        c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 14:20        577048        ----a-w-        c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 14:20        1933848        ----a-w-        c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 14:20        2422272        ----a-w-        c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 14:20        88576        ----a-w-        c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-21 14:20        171904        ----a-w-        c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-21 14:20        33792        ----a-w-        c:\windows\system32\wuapp.exe
2012-06-02 08:33 . 2012-07-11 14:30        1800192        ----a-w-        c:\windows\system32\jscript9.dll
2012-06-02 08:25 . 2012-07-11 14:30        1129472        ----a-w-        c:\windows\system32\wininet.dll
2012-06-02 08:25 . 2012-07-11 14:30        1427968        ----a-w-        c:\windows\system32\inetcpl.cpl
2012-06-02 08:20 . 2012-07-11 14:30        142848        ----a-w-        c:\windows\system32\ieUnatt.exe
2012-06-02 08:16 . 2012-07-11 14:30        2382848        ----a-w-        c:\windows\system32\mshtml.tlb
2012-06-02 04:51 . 2012-07-11 09:43        67440        ----a-w-        c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:51 . 2012-07-11 09:43        134000        ----a-w-        c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:50 . 2012-07-11 09:43        369336        ----a-w-        c:\windows\system32\drivers\cng.sys
2012-06-02 04:48 . 2012-07-11 09:43        225280        ----a-w-        c:\windows\system32\schannel.dll
2012-06-02 04:47 . 2012-07-11 09:43        219136        ----a-w-        c:\windows\system32\ncrypt.dll
2012-05-31 10:25 . 2010-09-14 11:24        237072        ------w-        c:\windows\system32\MpSigStub.exe
2011-06-16 04:32 . 2011-07-11 21:46        142296        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ASOOverlayIcon]
@="{0FB7818F-4055-4635-B618-09F669074940}"
[HKEY_CLASSES_ROOT\CLSID\{0FB7818F-4055-4635-B618-09F669074940}]
2010-06-19 01:22        452032        ----a-w-        c:\program files\EMC IRM\Common\ASOShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2010-05-15 14:55        155416        ----a-w-        c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\McsShellOverlayUpload]
@="{0774B5A9-ADB5-4D3A-915F-72C7EF9CD262}"
[HKEY_CLASSES_ROOT\CLSID\{0774B5A9-ADB5-4D3A-915F-72C7EF9CD262}]
2011-11-23 12:01        284160        ----a-w-        c:\windows\System32\DTAG.Mediencenter.ShellExtension.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-29 149040]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-02-16 221184]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
"HW_OPENEYE_OUC_T-Mobile Internet Manager"="c:\program files\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe" [2009-12-31 110592]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-01-08 1602856]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-04-07 495708]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-21 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-21 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-21 169496]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-09-04 5249024]
"DataCardMonitor"="c:\program files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe" [2010-11-25 253952]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2007-03-26 210472]
"Ocs_SM"="c:\users\bslap\AppData\Roaming\OCS\SM\SearchAnonymizer.exe" [2011-05-22 106496]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
c:\users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
IRM Offline Refresh.lnk - c:\program files\EMC IRM\Common\autoofflineprocess.exe [2010-10-27 4000768]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-10-20 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^bslap^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Mediencenter Assistent.lnk]
path=c:\users\bslap\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mediencenter Assistent.lnk
backup=c:\windows\pss\Mediencenter Assistent.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-05-30 18:06        59280        ----a-w-        c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Webcam Central]
2009-06-24 21:21        409744        ------w-        c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeFallProtection]
2009-07-22 12:52        2384896        ----a-w-        c:\program files\STMicroelectronics\Accelerometer\FF_Protection.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-05-10 01:41        49208        ----a-w-        c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-07-22 17:33        150528        ----a-w-        c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HW_OPENEYE_OUC_T-Mobile Internet Manager]
2009-12-31 13:13        110592        ----a-w-        c:\program files\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-06-07 17:33        421776        ----a-w-        c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 21:44        3883840        ----a-w-        c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-05-24 15:38        1226288        ----a-w-        c:\program files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nuance PDF Professional 5-reminder]
2007-08-31 07:02        328992        ----a-w-        c:\program files\Nuance\PDF Professional 5\Ereg\Ereg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ocs_SM]
2011-05-22 16:01        106496        ----a-w-        c:\users\bslap\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF5 Registry Controller]
2008-02-02 00:19        58656        ----a-w-        c:\program files\Nuance\PDF Professional 5\RegistryController.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFHook]
2008-02-02 00:20        795936        ----a-w-        c:\program files\Nuance\PDF Professional 5\PdfPro5Hook.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD9LanguageShortcut]
2010-09-17 17:59        50472        ------w-        c:\program files\CyberLink\PowerDVD9\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickSet]
2010-01-15 15:26        3873648        ----a-w-        c:\program files\Dell\QuickSet\quickset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-18 18:56        421888        ----a-w-        c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 10:59        254696        ----a-w-        c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\To-Do DeskList]
2011-02-21 16:21        2539520        ----a-w-        c:\program files\To-Do DeskList\To-Do DeskList.exe
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 InstallFilterService;FF Install Filter Service;c:\program files\STMicroelectronics\Accelerometer\InstallFilterService.exe [x]
R2 SearchAnonymizer;SearchAnonymizer;c:\users\bslap\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [x]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]
R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [x]
R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [x]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [x]
R3 PDFProFiltSrv;PDFProFiltSrv;c:\program files\Nuance\PDF Professional 5\PDFProFiltSrv.exe [x]
R3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\aestsrv.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [x]
S2 CP_OMDRV;Check Point Office Mode Module;c:\windows\system32\drivers\omdrv.sys [x]
S2 MCSWASVR;Mediencenter Service;c:\program files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VNASC;Check Point Virtual Network Adapter - SecureClient;c:\windows\system32\DRIVERS\vnasc.sys [x]
S2 VPN-1;VPN-1 Module;c:\windows\System32\drivers\vpn.sys [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 FW1;SecuRemote Miniport;c:\windows\system32\DRIVERS\fw.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
S3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - BMLoad
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12
HPService        REG_MULTI_SZ          HPSLPSVC
hpdevmgmt        REG_MULTI_SZ          hpqcxs08 hpqddsvc
iissvcs        REG_MULTI_SZ          w3svc was
apphost        REG_MULTI_SZ          apphostsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-22 15:21]
.
2012-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-22 15:21]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.obt.de/obt/view/index.shtml
uDefault_Search_URL = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: An vorhandene PDF-Datei anhängen - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube Download - c:\users\bslap\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\bslap\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Inhalt der ausgewählten Links an vorhandene PDF-Datei anhängen - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Linkinhalt an vorhandene PDF-Datei anhängen - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Mit Nuance PDF Converter 5.0 öffnen - c:\program files\Nuance\PDF Professional 5\cnvres_ger.dll /100
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: PDF-Datei aus Linkinhalt erstellen - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: PDF-Datei erstellen - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: PDF-Dateien aus den ausgewählten Links erstellen - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: Interfaces\{13709972-8B0E-4E3E-8DF9-A937C1F47338}: NameServer = 192.2.200.1
FF - ProfilePath - c:\users\bslap\AppData\Roaming\Mozilla\Firefox\Profiles\7ns5zi8v.default\
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: browser.search.selectedEngine -
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(1268)
c:\windows\system32\CbFsNetRdr3.dll
.
- - - - - - - > 'Explorer.exe'(5812)
c:\windows\system32\CbFsMntNtf3.dll
.
Zeit der Fertigstellung: 2012-08-16  12:54:31
ComboFix-quarantined-files.txt  2012-08-16 10:54
ComboFix2.txt  2012-08-14 10:43
.
Vor Suchlauf: 22 Verzeichnis(se), 39.439.360.000 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 39.241.756.672 Bytes frei
.
- - End Of File - - DF8E6C83628A3D53405946C6047CEEC2
--- --- ---


Gruß
Steffen

cosinus 16.08.2012 13:39
Hm, ich das Teil mit einer Datei verwechselt, nochmal aber so bitte:

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
Dirlook::
c:\users\bslap\AppData\Local\482CD0FC-201D-485F-8987-8B9F43F23531.aplzod
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

mobspot 16.08.2012 14:30
Hier der 2. Versuch:

Combofix Logfile:
Code:
ComboFix 12-08-16.01 - bslap 16.08.2012  15:11:15.3.4 - x86
Microsoft Windows 7 Professional  6.1.7600.0.1252.49.1031.18.2935.1411 [GMT 2:00]
ausgeführt von:: c:\users\bslap\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\bslap\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-07-16 bis 2012-08-16  ))))))))))))))))))))))))))))))
.
.
2012-08-16 13:21 . 2012-08-16 13:21        --------        d-----w-        c:\users\Johannes\AppData\Local\temp
2012-08-16 13:21 . 2012-08-16 13:21        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-08-16 09:29 . 2012-07-18 17:10        2344448        ----a-w-        c:\windows\system32\win32k.sys
2012-08-16 09:29 . 2012-07-04 21:23        41472        ----a-w-        c:\windows\system32\browcli.dll
2012-08-16 09:29 . 2012-07-04 21:23        102912        ----a-w-        c:\windows\system32\browser.dll
2012-08-16 09:29 . 2012-05-14 04:37        768512        ----a-w-        c:\windows\system32\localspl.dll
2012-08-14 10:30 . 2012-08-16 13:21        --------        d-----w-        c:\users\bslap\AppData\Local\temp
2012-08-14 10:14 . 2012-07-16 00:41        6891424        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{1CEDE5B4-C874-4F68-B944-CCDC2BEC041C}\mpengine.dll
2012-08-07 10:19 . 2012-08-07 10:19        --------        d-----w-        C:\_OTL
2012-07-31 11:24 . 2012-07-31 11:24        --------        d-----w-        c:\programdata\VS
2012-07-31 11:19 . 2011-09-22 15:18        73064        ----a-w-        c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
2012-07-31 11:19 . 2011-09-22 15:18        89960        ----a-w-        c:\windows\system32\SQSRVRES.DLL
2012-07-31 10:50 . 2012-01-04 09:03        442880        ----a-w-        c:\windows\system32\ntshrui.dll
2012-07-31 10:50 . 2012-01-03 05:44        478208        ----a-w-        c:\windows\system32\timedate.cpl
2012-07-31 10:50 . 2012-05-02 04:52        163328        ----a-w-        c:\windows\system32\profsvc.dll
2012-07-30 09:42 . 2012-07-30 09:42        --------        d-----w-        c:\users\bslap\AppData\Roaming\Malwarebytes
2012-07-30 09:42 . 2012-07-30 09:42        --------        d-----w-        c:\programdata\Malwarebytes
2012-07-30 09:42 . 2012-07-30 09:42        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-07-30 09:42 . 2012-07-03 11:46        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-07-30 06:35 . 2012-08-16 13:08        --------        d-----w-        c:\users\bslap\AppData\Local\482CD0FC-201D-485F-8987-8B9F43F23531.aplzod
2012-07-24 10:28 . 2012-07-24 10:28        --------        d-----w-        c:\program files\ESET
2012-07-24 10:28 . 2012-07-24 10:28        --------        d-----w-        c:\windows\AxInstSV
2012-07-23 11:11 . 2012-07-23 11:11        --------        d-----w-        c:\program files\FreeTime
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-01 15:25 . 2012-05-01 11:18        113440        ----a-w-        c:\programdata\Microsoft\VCExpress\10.0\1031\ResourceCache.dll
2012-07-29 17:46 . 2012-04-18 10:05        426184        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-07-29 17:46 . 2011-05-30 12:55        70344        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-12 15:13 . 2012-05-15 12:07        405144        ----a-w-        c:\windows\system32\Newtonsoft.Json.Net20.dll
2012-06-25 14:04 . 2012-06-25 14:04        1394248        ----a-w-        c:\windows\system32\msxml4.dll
2012-06-06 05:09 . 2012-07-11 09:43        1389568        ----a-w-        c:\windows\system32\msxml6.dll
2012-06-06 05:09 . 2012-07-11 09:43        1236992        ----a-w-        c:\windows\system32\msxml3.dll
2012-06-02 22:19 . 2012-06-21 14:20        53784        ----a-w-        c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 14:20        45080        ----a-w-        c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 14:20        35864        ----a-w-        c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 14:20        577048        ----a-w-        c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 14:20        1933848        ----a-w-        c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 14:20        2422272        ----a-w-        c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 14:20        88576        ----a-w-        c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-21 14:20        171904        ----a-w-        c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-21 14:20        33792        ----a-w-        c:\windows\system32\wuapp.exe
2012-06-02 04:51 . 2012-07-11 09:43        67440        ----a-w-        c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:51 . 2012-07-11 09:43        134000        ----a-w-        c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:50 . 2012-07-11 09:43        369336        ----a-w-        c:\windows\system32\drivers\cng.sys
2012-06-02 04:48 . 2012-07-11 09:43        225280        ----a-w-        c:\windows\system32\schannel.dll
2012-06-02 04:47 . 2012-07-11 09:43        219136        ----a-w-        c:\windows\system32\ncrypt.dll
2012-05-31 10:25 . 2010-09-14 11:24        237072        ------w-        c:\windows\system32\MpSigStub.exe
2011-06-16 04:32 . 2011-07-11 21:46        142296        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((((((((((  Look  )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\users\bslap\AppData\Local\482CD0FC-201D-485F-8987-8B9F43F23531.aplzod ----
.
2012-07-30 06:37 . 2012-08-16 13:08        5120        ----a-w-        c:\users\bslap\AppData\Local\482CD0FC-201D-485F-8987-8B9F43F23531.aplzod\alarms.db
2012-07-30 06:35 . 2012-08-16 13:08        4862976        ----a-w-        c:\users\bslap\AppData\Local\482CD0FC-201D-485F-8987-8B9F43F23531.aplzod\main.db
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ASOOverlayIcon]
@="{0FB7818F-4055-4635-B618-09F669074940}"
[HKEY_CLASSES_ROOT\CLSID\{0FB7818F-4055-4635-B618-09F669074940}]
2010-06-19 01:22        452032        ----a-w-        c:\program files\EMC IRM\Common\ASOShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2010-05-15 14:55        155416        ----a-w-        c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\McsShellOverlayUpload]
@="{0774B5A9-ADB5-4D3A-915F-72C7EF9CD262}"
[HKEY_CLASSES_ROOT\CLSID\{0774B5A9-ADB5-4D3A-915F-72C7EF9CD262}]
2011-11-23 12:01        284160        ----a-w-        c:\windows\System32\DTAG.Mediencenter.ShellExtension.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-29 149040]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-02-16 221184]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
"HW_OPENEYE_OUC_T-Mobile Internet Manager"="c:\program files\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe" [2009-12-31 110592]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-01-08 1602856]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-04-07 495708]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-21 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-21 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-21 169496]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-09-04 5249024]
"DataCardMonitor"="c:\program files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe" [2010-11-25 253952]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2007-03-26 210472]
"Ocs_SM"="c:\users\bslap\AppData\Roaming\OCS\SM\SearchAnonymizer.exe" [2011-05-22 106496]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
c:\users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
IRM Offline Refresh.lnk - c:\program files\EMC IRM\Common\autoofflineprocess.exe [2010-10-27 4000768]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-10-20 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^bslap^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Mediencenter Assistent.lnk]
path=c:\users\bslap\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mediencenter Assistent.lnk
backup=c:\windows\pss\Mediencenter Assistent.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-05-30 18:06        59280        ----a-w-        c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Webcam Central]
2009-06-24 21:21        409744        ------w-        c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeFallProtection]
2009-07-22 12:52        2384896        ----a-w-        c:\program files\STMicroelectronics\Accelerometer\FF_Protection.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-05-10 01:41        49208        ----a-w-        c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-07-22 17:33        150528        ----a-w-        c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HW_OPENEYE_OUC_T-Mobile Internet Manager]
2009-12-31 13:13        110592        ----a-w-        c:\program files\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-06-07 17:33        421776        ----a-w-        c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 21:44        3883840        ----a-w-        c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-05-24 15:38        1226288        ----a-w-        c:\program files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nuance PDF Professional 5-reminder]
2007-08-31 07:02        328992        ----a-w-        c:\program files\Nuance\PDF Professional 5\Ereg\Ereg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ocs_SM]
2011-05-22 16:01        106496        ----a-w-        c:\users\bslap\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF5 Registry Controller]
2008-02-02 00:19        58656        ----a-w-        c:\program files\Nuance\PDF Professional 5\RegistryController.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFHook]
2008-02-02 00:20        795936        ----a-w-        c:\program files\Nuance\PDF Professional 5\PdfPro5Hook.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD9LanguageShortcut]
2010-09-17 17:59        50472        ------w-        c:\program files\CyberLink\PowerDVD9\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickSet]
2010-01-15 15:26        3873648        ----a-w-        c:\program files\Dell\QuickSet\quickset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-18 18:56        421888        ----a-w-        c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 10:59        254696        ----a-w-        c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\To-Do DeskList]
2011-02-21 16:21        2539520        ----a-w-        c:\program files\To-Do DeskList\To-Do DeskList.exe
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 InstallFilterService;FF Install Filter Service;c:\program files\STMicroelectronics\Accelerometer\InstallFilterService.exe [x]
R2 SearchAnonymizer;SearchAnonymizer;c:\users\bslap\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [x]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]
R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [x]
R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [x]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [x]
R3 PDFProFiltSrv;PDFProFiltSrv;c:\program files\Nuance\PDF Professional 5\PDFProFiltSrv.exe [x]
R3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\aestsrv.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [x]
S2 CP_OMDRV;Check Point Office Mode Module;c:\windows\system32\drivers\omdrv.sys [x]
S2 MCSWASVR;Mediencenter Service;c:\program files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VNASC;Check Point Virtual Network Adapter - SecureClient;c:\windows\system32\DRIVERS\vnasc.sys [x]
S2 VPN-1;VPN-1 Module;c:\windows\System32\drivers\vpn.sys [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 FW1;SecuRemote Miniport;c:\windows\system32\DRIVERS\fw.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
S3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - BMLoad
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12
HPService        REG_MULTI_SZ          HPSLPSVC
hpdevmgmt        REG_MULTI_SZ          hpqcxs08 hpqddsvc
iissvcs        REG_MULTI_SZ          w3svc was
apphost        REG_MULTI_SZ          apphostsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-22 15:21]
.
2012-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-22 15:21]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.obt.de/obt/view/index.shtml
uDefault_Search_URL = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: An vorhandene PDF-Datei anhängen - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube Download - c:\users\bslap\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\bslap\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Inhalt der ausgewählten Links an vorhandene PDF-Datei anhängen - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Linkinhalt an vorhandene PDF-Datei anhängen - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Mit Nuance PDF Converter 5.0 öffnen - c:\program files\Nuance\PDF Professional 5\cnvres_ger.dll /100
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: PDF-Datei aus Linkinhalt erstellen - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: PDF-Datei erstellen - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: PDF-Dateien aus den ausgewählten Links erstellen - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: Interfaces\{13709972-8B0E-4E3E-8DF9-A937C1F47338}: NameServer = 192.2.200.1
FF - ProfilePath - c:\users\bslap\AppData\Roaming\Mozilla\Firefox\Profiles\7ns5zi8v.default\
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: browser.search.selectedEngine -
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(696)
c:\windows\system32\CbFsNetRdr3.dll
.
- - - - - - - > 'Explorer.exe'(6148)
c:\windows\system32\CbFsMntNtf3.dll
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
.
Zeit der Fertigstellung: 2012-08-16  15:24:27
ComboFix-quarantined-files.txt  2012-08-16 13:24
ComboFix2.txt  2012-08-16 10:54
ComboFix3.txt  2012-08-14 10:43
.
Vor Suchlauf: 21 Verzeichnis(se), 39.002.292.224 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 38.590.222.336 Bytes frei
.
- - End Of File - - 36F2AD3BA9729CB2A5325AC4F312BCF1
--- --- ---

Danke und Gruß
Steffen

cosinus 17.08.2012 17:32
Code:
c:\users\bslap\AppData\Local\482CD0FC-201D-485F-8987-8B9F43F23531.aplzod
Bitte diesen Ordner komplett mit seinem ganzen Inhalt in eine Datei zippen (per Rechtsklick, senden an => ZIP kompirierter Ordner oder via 7zip, WinRAR oder so)

Die Archivdatei dann bitte hier bei uns hochladen => http://www.trojaner-board.de/54791-a...tml#post349565

mobspot 17.08.2012 17:59
Erledigt!
Hab die Datei eben hochgeladen.

Gruß Steffen

cosinus 17.08.2012 21:15
Ach jetzt weiß ich was das ist. Das scheint irgendeine Mailclient-Datenbank zu sein. Nicht Gefährliches

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

mobspot 20.08.2012 17:34
Hallo Arne,

GMER hat nicht funktioniert. Hier nun das logfile von OSAM und die txt von aswMBR

OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
Online Solutions. Complex Protection for Information Systems
Saved at 18:10:40 on 20.08.2012

OS: Windows 7  (Build 7600), 32-bit
Default Browser: Opera Software Opera Internet Browser 12.01

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"BCMWLCPL.CPL" - "Dell Inc." - C:\Windows\system32\BCMWLCPL.CPL
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"ISUSPM.cpl" - "Macrovision Corporation" - C:\Windows\system32\ISUSPM.cpl
"Odbccp32.cpl" - "Microsoft Corporation" - C:\Windows\system32\Odbccp32.cpl
"plotman.cpl" - "Autodesk, Inc." - C:\Windows\system32\plotman.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"bcmwlcpl.cpl" - "Dell Inc." - C:\Windows\System32\bcmwlcpl.cpl
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\MLCFG32.CPL
"Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Advanced SCSI Programming Interface Driver" (ASPI) - ? - C:\Windows\System32\DRIVERS\ASPI32.sys
"ASPI32" (ASPI32) - ? - C:\Windows\system32\drivers\ASPI32.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys
"BCM42RLY" (BCM42RLY) - "Broadcom Corporation" - C:\Windows\System32\drivers\BCM42RLY.sys
"BlackBerry-Smartphone" (RimUsb) - ? - C:\Windows\System32\Drivers\RimUsb.sys  (File not found)
"Bytemobile Boot Time Load Driver" (BMLoad) - "Bytemobile, Inc." - C:\Windows\System32\drivers\BMLoad.sys
"Bytemobile Kernel Network Provider" (tcpipBM) - "Bytemobile, Inc." - C:\Windows\system32\drivers\tcpipBM.sys
"catchme" (catchme) - ? - C:\Users\bslap\AppData\Local\Temp\catchme.sys  (File not found)
"cbfs3" (cbfs3) - "EldoS Corporation" - C:\Windows\system32\drivers\cbfs3.sys
"Check Point Office Mode Module" (CP_OMDRV) - "Check Point Software Technologies" - C:\Windows\System32\drivers\omdrv.sys
"epmntdrv" (epmntdrv) - ? - C:\Windows\system32\epmntdrv.sys  (File found, but it contains no detailed information)
"EuGdiDrv" (EuGdiDrv) - ? - C:\Windows\system32\EuGdiDrv.sys  (File found, but it contains no detailed information)
"kwloqpow" (kwloqpow) - ? - C:\Users\bslap\AppData\Local\Temp\kwloqpow.sys  (Hidden registry entry, rootkit activity | File not found)
"PdaNet Modem" (pnetmdm) - "June Fabrics Technology" - C:\Windows\System32\DRIVERS\pnetmdm.sys
"Sentinel" (Sentinel) - "SafeNet, Inc." - C:\Windows\System32\Drivers\SENTINEL.SYS
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"VPN-1 Module" (VPN-1) - "Check Point Software Technologies" - C:\Windows\System32\drivers\vpn.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{8A0BC933-7552-42E2-A228-3BE055777227} "AcColumnHandler" - "Autodesk" - C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{0E526CB5-7446-41D1-A403-19BFE95E8C23} "tmpx" - ? -  (File not found | COM-object registry key not found)
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler )-----
{5FF49FE8-B332-4CB9-B102-FB6951629E55} "Virtual Storage Mount Notification" - "EldoS Corporation" - C:\Windows\system32\CbFsMntNtf3.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\VISSHE.DLL
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\VISSHE.DLL
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{0420B051-ECD8-4B18-9037-8739B4B6469F} "McsShellContextMenu Class" - "Deutsche Telekom AG" - C:\Windows\system32\DTAG.Mediencenter.ShellExtension.dll
{0774B5A9-ADB5-4D3A-915F-72C7EF9CD262} "McsShellOverlayUpload Class" - "Deutsche Telekom AG" - C:\Windows\system32\DTAG.Mediencenter.ShellExtension.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\OLKFSTUB.DLL
{40E69241-5D1A-11D1-81CB-121314151617} "Quick Register Context Menu Shell Extension" - ? -  (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{5FF49FE8-B332-4CB9-B102-FB6951629E55} "Virtual Storage Mount Notification" - "EldoS Corporation" - C:\Windows\system32\CbFsMntNtf3.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )-----
{5FF49FE8-B332-4CB9-B102-FB6951629E55} "Virtual Storage Mount Notification" - "EldoS Corporation" - C:\Windows\system32\CbFsMntNtf3.dll

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{555D4D79-4BD2-4094-A395-CFC534424A05} "HP Smart Web Printing" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab
{166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\Windows\system32\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
{233C1507-6A77-46A4-9443-F871F945D258} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\Windows\system32\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -  (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015" - ? - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
{DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Smart Web Printing ein- oder ausblenden" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{8dcb7100-df86-4384-8842-8fa844297b3f} "Bing Bar" - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BingExt.dll
<binary data> "Nuance PDF" - "Zeon Corporation" - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{d2ce3e00-f94a-4740-988e-03dc2f38c34f} "Bing Bar Helper" - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BingExt.dll
{0347C33E-8762-4905-BF09-768834316C61} "HP Print Enhancer" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{5FF49FE8-B332-4CB9-B102-FB6951629E55} "Virtual Storage Mount Notification" - "EldoS Corporation" - C:\Windows\system32\CbFsMntNtf3.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} "ZeonIEEventHelper Class" - "Zeon Corporation" - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\bslap\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Bluetooth.lnk" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" - "Nero AG" - "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"HW_OPENEYE_OUC_T-Mobile Internet Manager" - "Huawei Technologies Co., Ltd." - "C:\Program Files\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe"
"iCloudServices" - "Apple Inc." - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
"ISUSPM" - "InstallShield Software Corporation" - "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
"ISUSPM Startup" - "InstallShield Software Corporation" - C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"ISUSScheduler" - "Macrovision Corporation" - "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
"MobileDocuments" - "Apple Inc." - C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"Broadcom Wireless Manager UI" - "Dell Inc." - C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe
"DataCardMonitor" - "Huawei Technologies Co., Ltd." - C:\Program Files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe
"ISUSScheduler" - "Macrovision Corporation" - "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"Ocs_SM" - "OCS" - C:\Users\bslap\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"RemoteControl9" - "CyberLink Corp." - "c:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"
"SSBkgdUpdate" - "Nuance Communications, Inc." - "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

[Network Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )-----
"Check Point Network Provider" - "Check Point Software Technologies" - C:\Program Files\CheckPoint\SecuRemote\bin\ckpgina.dll
"DW WLAN Card Logon Provider" - "Dell Inc." - C:\Windows\System32\BCMLogon.dll
"Virtual Network Shares CallbackFS v3" - "EldoS Corporation" - C:\Windows\System32\CbFsNetRdr3.dll

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"avm:" - "AVM Berlin GmbH" - C:\Windows\system32\avmprmon.dll
"FRITZ!fax Color Monitor" - "AVM Berlin" - C:\Windows\system32\FritzVistaColorMon.dll
"FRITZ!fax Port Monitor" - "AVM Berlin" - C:\Windows\system32\FritzVistaMon.dll
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll
"RLanguage Monitor" - "Hewlett-Packard Corporation, Microsoft Corporation" - C:\Windows\system32\hpltlm5.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"AVM FRITZ!web Routing Service" (de_serv) - "AVM Berlin" - C:\Program Files\Common Files\AVM\de_serv.exe
"AVM IGD CTRL Service" (AVM IGD CTRL Service) - "AVM Berlin" - C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
"BBUpdate" (BBUpdate) - "Microsoft Corporation" - C:\Program Files\Microsoft\BingBar\SeaPort.EXE
"Bing Bar Update Service" (BBSvc) - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BBSvc.EXE
"Bluetooth Service" (btwdins) - "Broadcom Corporation." - c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
"Check Point VPN-1 Securemote service" (SR_Service) - "Check Point Software Technologies" - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
"Check Point VPN-1 Securemote watchdog" (SR_Watchdog) - "Check Point Software Technologies" - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"DW WLAN Tray Service" (wltrysvc) - "Dell Inc." - C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
"FF Install Filter Service" (InstallFilterService) - ? - C:\Program Files\STMicroelectronics\Accelerometer\InstallFilterService.exe  (File found, but it contains no detailed information)
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
"HP Network Devices Support" (HPSLPSVC) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"Intel(R) Management & Security Application User Notification Service" (UNS) - "Intel Corporation" - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
"Intel(R) Management and Security Application Local Management Service" (LMS) - "Intel Corporation" - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
"Mediencenter Service" (MCSWASVR) - "Deutsche Telekom AG" - C:\Program Files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"NBService" (NBService) - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll
"NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"PDFProFiltSrv" (PDFProFiltSrv) - "Nuance Communications, Inc." - C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe
"PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - C:\Windows\system32\IoctlSvc.exe
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll
"SearchAnonymizer" (SearchAnonymizer) - ? - C:\Users\bslap\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
"SQL Server (SQLEXPRESS)" (MSSQL$SQLEXPRESS) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
"SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-20 18:30:47
-----------------------------
18:30:47.624 OS Version: Windows 6.1.7600
18:30:47.624 Number of processors: 4 586 0x2505
18:30:47.624 ComputerName: BSLAP-PC UserName: bslap
18:30:48.591 Initialize success
18:31:02.507 AVAST engine defs: 12082000
18:31:06.610 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:31:06.610 Disk 0 Vendor: Hitachi_ PC3O Size: 305245MB BusType: 3
18:31:06.641 Disk 0 MBR read successfully
18:31:06.641 Disk 0 MBR scan
18:31:06.656 Disk 0 Windows VISTA default MBR code
18:31:06.672 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
18:31:06.688 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 9542 MB offset 81920
18:31:06.703 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 113203 MB offset 19623936
18:31:06.719 Disk 0 Partition - 00 0F Extended LBA 182456 MB offset 251465445
18:31:06.750 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 86349 MB offset 251465508
18:31:06.766 Disk 0 Partition - 00 05 Extended 96107 MB offset 428308965
18:31:06.797 Disk 0 Partition 5 00 07 HPFS/NTFS NTFS 96107 MB offset 428309028
18:31:06.828 Disk 0 scanning sectors +625137345
18:31:06.890 Disk 0 scanning C:\Windows\system32\drivers
18:31:24.300 Service scanning
18:32:02.598 Modules scanning
18:32:14.672 Disk 0 trace - called modules:
18:32:14.704 ntkrnlpa.exe CLASSPNP.SYS disk.sys stdflt.sys iaStor.sys halmacpi.dll
18:32:14.719 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x885b3030]
18:32:14.719 3 CLASSPNP.SYS[8bba859e] -> nt!IofCallDriver -> [0x885b29a0]
18:32:14.735 5 stdflt.sys[8bdd6274] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x869a4028]
18:32:14.750 Scan finished successfully
18:32:43.782 Disk 0 MBR has been saved successfully to "C:\Users\bslap\Desktop\MBR.dat"
18:32:43.798 The log file has been saved successfully to "C:\Users\bslap\Desktop\aswMBR.txt"


Danke und Gruß
Steffen

cosinus 21.08.2012 12:11
Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

mobspot 03.09.2012 14:17
Hallo Arne,

hier die Logs.

Malwarebytes Anti-Malware 1.62.0.1300
Malwarebytes : Free anti-malware download

Datenbank Version: v2012.09.03.05

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
bslap :: BSLAP-PC [Administrator]

03.09.2012 13:08:19
mbam-log-2012-09-03 (13-08-19).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|P:\|Q:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 422588
Laufzeit: 1 Stunde(n), 34 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Generated 09/03/2012 at 12:55 PM

Application Version : 5.5.1012

Core Rules Database Version : 9167
Trace Rules Database Version: 6979

Scan type : Complete Scan
Total Scan Time : 01:23:54

Operating System Information
Windows 7 Professional 32-bit (Build 6.01.7600)
UAC On - Limited User

Memory items scanned : 982
Memory threats detected : 0
Registry items scanned : 38195
Registry threats detected : 0
File items scanned : 64787
File threats detected : 95

Adware.Tracking Cookie
C:\Users\bslap\AppData\Roaming\Microsoft\Windows\Cookies\JTPMIH45.txt [ /doubleclick.net ]
C:\Users\bslap\AppData\Roaming\Microsoft\Windows\Cookies\VPSWITPU.txt [ /de.sitestat.com ]
C:\Users\bslap\AppData\Roaming\Microsoft\Windows\Cookies\1NJF6SMW.txt [ /fastclick.net ]
C:\Users\bslap\AppData\Roaming\Microsoft\Windows\Cookies\1QW2VIYX.txt [ /apmebf.com ]
C:\Users\bslap\AppData\Roaming\Microsoft\Windows\Cookies\5YVL319P.txt [ /atdmt.com ]
C:\Users\bslap\AppData\Roaming\Microsoft\Windows\Cookies\P1H4YMP6.txt [ /mediaplex.com ]
C:\USERS\BSLAP\Cookies\JTPMIH45.txt [ Cookie:bslap@doubleclick.net/ ]
C:\USERS\BSLAP\Cookies\VPSWITPU.txt [ Cookie:bslap@de.sitestat.com/is24-mail/is24-mail/ ]
C:\USERS\BSLAP\Cookies\1NJF6SMW.txt [ Cookie:bslap@fastclick.net/ ]
C:\USERS\BSLAP\Cookies\1QW2VIYX.txt [ Cookie:bslap@apmebf.com/ ]
C:\USERS\BSLAP\Cookies\5YVL319P.txt [ Cookie:bslap@atdmt.com/ ]
C:\USERS\BSLAP\Cookies\P1H4YMP6.txt [ Cookie:bslap@mediaplex.com/ ]
C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\OMWCNJZ3.txt [ Cookie:johannes@adviva.net/ ]
C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\WRO13W0H.txt [ Cookie:johannes@mediaplex.com/ ]
C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\JXOB3JP1.txt [ Cookie:johannes@zanox.com/ ]
C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\EJGWRKNM.txt [ Cookie:johannes@adfarm1.adition.com/ ]
C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\4E2I482U.txt [ Cookie:johannes@ad.zanox.com/ ]
C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\5V23PCWC.txt [ Cookie:johannes@im.banner.t-online.de/ ]
C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\MOM8YWE3.txt [ Cookie:johannes@specificclick.net/ ]
C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\4J76X1AV.txt [ Cookie:johannes@media.gan-online.com/ ]
C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\2RWEPCYH.txt [ Cookie:johannes@smartadserver.com/ ]
C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\ET8TW8UE.txt [ Cookie:johannes@apmebf.com/ ]
C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\SNLIBZM9.txt [ Cookie:johannes@ad.adnet.de/ ]
C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\EPCXRKG1.txt [ Cookie:johannes@2o7.net/ ]
C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\VW98CIII.txt [ Cookie:johannes@tracking.mindshare.de/ ]
C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\K1H965TP.txt [ Cookie:johannes@ru4.com/ ]
C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\M6YH9OEC.txt [ Cookie:johannes@statcounter.com/ ]
C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\B62BJ4AK.txt [ Cookie:johannes@www.googleadservices.com/pagead/conversion/1020833047/ ]
C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZKOF52KC.txt [ Cookie:johannes@amazon-adsystem.com/ ]
C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\U21KJ84Q.txt [ Cookie:johannes@media6degrees.com/ ]
C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\8K284UJI.txt [ Cookie:johannes@xiti.com/ ]
C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\33CWIXBS.txt [ Cookie:johannes@adtech.de/ ]
C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\7FN33MTF.txt [ Cookie:johannes@overture.com/ ]
C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\BA8IXSZO.txt [ Cookie:johannes@webmasterplan.com/ ]
C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\G7EVLWEA.txt [ Cookie:johannes@tracking.die-trucker-seite.info/ ]
C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\15S37K5E.txt [ Cookie:johannes@www.googleadservices.com/pagead/conversion/1058541240/ ]
C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\OCVYRMY7.txt [ Cookie:johannes@zanox.com/ ]
C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\3IWJVYBH.txt [ Cookie:johannes@lego.112.2o7.net/ ]
C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\IX69PUHP.txt [ Cookie:johannes@bs.serving-sys.com/ ]
C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\530CNQLS.txt [ Cookie:johannes@traffictrack.de/ ]
C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\NT30TCLE.txt [ Cookie:johannes@ad2.adfarm1.adition.com/ ]
C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\IZRH6UBM.txt [ Cookie:johannes@tradedoubler.com/ ]
C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\E19RX98O.txt [ Cookie:johannes@fr.sitestat.com/eurosport/yahoode/ ]
C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\JN16KPZO.txt [ Cookie:johannes@adfarm1.adition.com/ ]
C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\GNNS6ETF.txt [ Cookie:johannes@adserver.adtechus.com/ ]
C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\PQFXX33L.txt [ Cookie:johannes@ad.zanox.com/ ]
C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\8GZMZVWN.txt [ Cookie:johannes@server.cpmstar.com/ ]
C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\N9JSQ0QK.txt [ Cookie:johannes@track.effiliation.com/ ]
C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\QP1Y92SE.txt [ Cookie:johannes@eas.apm.emediate.eu/ ]
C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\PTDDJIS7.txt [ Cookie:johannes@zanox-affiliate.de/ ]
C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\YAR35KQO.txt [ Cookie:johannes@serving-sys.com/ ]
C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\I38TQ89F.txt [ Cookie:johannes@revsci.net/ ]
C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\C5RDKICB.txt [ Cookie:johannes@aim4media.com/ ]
C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\FKEH1JOY.txt [ Cookie:johannes@track.adform.net/ ]
C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\UIWEBD9R.txt [ Cookie:johannes@im.banner.t-online.de/ ]
C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\39AU7VAN.txt [ Cookie:johannes@ww251.smartadserver.com/ ]
C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\RF0F9ZAW.txt [ Cookie:johannes@tribalfusion.com/ ]
C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\1LD9NDRG.txt [ Cookie:johannes@yieldmanager.net/ ]
C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\R6P9D2NA.txt [ Cookie:johannes@doubleclick.net/ ]
C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\0MH22WEI.txt [ Cookie:johannes@specificclick.net/ ]
C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\PG3M6VX0.txt [ Cookie:johannes@ad.yieldmanager.com/ ]
C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\2K3YZXQ6.txt [ Cookie:johannes@media.gan-online.com/ ]
C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\YN1CA9K4.txt [ Cookie:johannes@track.effiliation.com/servlet/ ]
C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\XKH32NOU.txt [ Cookie:johannes@adserver.kfz-nfz.de/ ]
C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\PX5RCSBB.txt [ Cookie:johannes@smartadserver.com/ ]
C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\4ZVS2E0B.txt [ Cookie:johannes@clickply.com/ ]
C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\9IK3WDCB.txt [ Cookie:johannes@invitemedia.com/ ]
C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\7ZLCM7AC.txt [ Cookie:johannes@apmebf.com/ ]
C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\PUDHHN6P.txt [ Cookie:johannes@adlegend.com/ ]
C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\8VNI6IDF.txt [ Cookie:johannes@lucidmedia.com/ ]
C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\Q6CBOV2A.txt [ Cookie:johannes@server.adformdsp.net/ ]
C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\8A0BPPJE.txt [ Cookie:johannes@adviva.net/ ]
C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\16XF379C.txt [ Cookie:johannes@fr.sitestat.com/eurosport/ ]
C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\PWOJLG1Q.txt [ Cookie:johannes@www.googleadservices.com/pagead/conversion/994070591/ ]
C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\1HU3WBLZ.txt [ Cookie:johannes@ads.gamesbannernet.com/ ]
C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\4UNVW1Q8.txt [ Cookie:johannes@www.googleadservices.com/pagead/conversion/1061251810/ ]
C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\DAUM9KNC.txt [ Cookie:johannes@server.adform.net/ ]
C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\MA2S0WR1.txt [ Cookie:johannes@www.googleadservices.com/pagead/conversion/1070971934/ ]
C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\SMEU2YWJ.txt [ Cookie:johannes@unitymedia.de/ ]
C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\THYI6ZN4.txt [ Cookie:johannes@www.googleadservices.com/pagead/conversion/1057321866/ ]
C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z09C1GJI.txt [ Cookie:johannes@delivery.atkmedia.de/ ]
C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\AQ2C9EDQ.txt [ Cookie:johannes@www.googleadservices.com/pagead/conversion/1035760606/ ]
C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\RMP3Q5A8.txt [ Cookie:johannes@adinterax.com/ ]
C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\4QWH0ZLY.txt [ Cookie:johannes@googleads.g.doubleclick.net/ ]
C:\USERS\JOHANNES\Cookies\OMWCNJZ3.txt [ Cookie:johannes@adviva.net/ ]
C:\USERS\JOHANNES\Cookies\WRO13W0H.txt [ Cookie:johannes@mediaplex.com/ ]
C:\USERS\JOHANNES\Cookies\JXOB3JP1.txt [ Cookie:johannes@zanox.com/ ]
C:\USERS\JOHANNES\Cookies\EJGWRKNM.txt [ Cookie:johannes@adfarm1.adition.com/ ]
C:\USERS\JOHANNES\Cookies\4E2I482U.txt [ Cookie:johannes@ad.zanox.com/ ]
C:\USERS\JOHANNES\Cookies\5V23PCWC.txt [ Cookie:johannes@im.banner.t-online.de/ ]
C:\USERS\JOHANNES\Cookies\MOM8YWE3.txt [ Cookie:johannes@specificclick.net/ ]
C:\USERS\JOHANNES\Cookies\4J76X1AV.txt [ Cookie:johannes@media.gan-online.com/ ]
C:\USERS\JOHANNES\Cookies\2RWEPCYH.txt [ Cookie:johannes@smartadserver.com/ ]
C:\USERS\JOHANNES\Cookies\ET8TW8UE.txt [ Cookie:johannes@apmebf.com/ ]
delivery.ibanner.de [ C:\USERS\BSLAP\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\X28S3DKT ]

Danke und Gruß
Steffen:dankeschoen:

cosinus 03.09.2012 20:17
Wieso postest du die Logs jetzt nicht mehr in CODE-Tags?
Code:
UAC On - Limited User
Wie hast du sasw gestartet? Einfach per Doppelklick?

mobspot 04.09.2012 14:26
Sorry, war gestresst und erkältet. Hier das logfile von mbam:

Code:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.09.03.05

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
bslap :: BSLAP-PC [Administrator]

03.09.2012 13:08:19
mbam-log-2012-09-03 (13-08-19).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|P:\|Q:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 422588
Laufzeit: 1 Stunde(n), 34 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Anti-Spy hab ich grad nochmal ausgeführt. Hier das logfile:

Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 09/04/2012 at 03:00 PM

Application Version : 5.5.1012

Core Rules Database Version : 9168
Trace Rules Database Version: 6980

Scan type      : Complete Scan
Total Scan Time : 02:38:34

Operating System Information
Windows 7 Professional 32-bit (Build 6.01.7600)
UAC On - Limited User

Memory items scanned      : 915
Memory threats detected  : 0
Registry items scanned    : 38203
Registry threats detected : 0
File items scanned        : 189433
File threats detected    : 95

Adware.Tracking Cookie
        C:\Users\bslap\AppData\Roaming\Microsoft\Windows\Cookies\JTPMIH45.txt [ /doubleclick.net ]
        C:\Users\bslap\AppData\Roaming\Microsoft\Windows\Cookies\VPSWITPU.txt [ /de.sitestat.com ]
        C:\Users\bslap\AppData\Roaming\Microsoft\Windows\Cookies\1NJF6SMW.txt [ /fastclick.net ]
        C:\Users\bslap\AppData\Roaming\Microsoft\Windows\Cookies\1QW2VIYX.txt [ /apmebf.com ]
        C:\Users\bslap\AppData\Roaming\Microsoft\Windows\Cookies\5YVL319P.txt [ /atdmt.com ]
        C:\Users\bslap\AppData\Roaming\Microsoft\Windows\Cookies\8R4N43OS.txt [ /mediaplex.com ]
        C:\USERS\BSLAP\Cookies\JTPMIH45.txt [ Cookie:bslap@doubleclick.net/ ]
        C:\USERS\BSLAP\Cookies\VPSWITPU.txt [ Cookie:bslap@de.sitestat.com/is24-mail/is24-mail/ ]
        C:\USERS\BSLAP\Cookies\1NJF6SMW.txt [ Cookie:bslap@fastclick.net/ ]
        C:\USERS\BSLAP\Cookies\1QW2VIYX.txt [ Cookie:bslap@apmebf.com/ ]
        C:\USERS\BSLAP\Cookies\5YVL319P.txt [ Cookie:bslap@atdmt.com/ ]
        C:\USERS\BSLAP\Cookies\8R4N43OS.txt [ Cookie:bslap@mediaplex.com/ ]
        C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\OMWCNJZ3.txt [ Cookie:johannes@adviva.net/ ]
        C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\WRO13W0H.txt [ Cookie:johannes@mediaplex.com/ ]
        C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\JXOB3JP1.txt [ Cookie:johannes@zanox.com/ ]
        C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\EJGWRKNM.txt [ Cookie:johannes@adfarm1.adition.com/ ]
        C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\4E2I482U.txt [ Cookie:johannes@ad.zanox.com/ ]
        C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\5V23PCWC.txt [ Cookie:johannes@im.banner.t-online.de/ ]
        C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\MOM8YWE3.txt [ Cookie:johannes@specificclick.net/ ]
        C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\4J76X1AV.txt [ Cookie:johannes@media.gan-online.com/ ]
        C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\2RWEPCYH.txt [ Cookie:johannes@smartadserver.com/ ]
        C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\ET8TW8UE.txt [ Cookie:johannes@apmebf.com/ ]
        C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\SNLIBZM9.txt [ Cookie:johannes@ad.adnet.de/ ]
        C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\EPCXRKG1.txt [ Cookie:johannes@2o7.net/ ]
        C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\VW98CIII.txt [ Cookie:johannes@tracking.mindshare.de/ ]
        C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\K1H965TP.txt [ Cookie:johannes@ru4.com/ ]
        C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\M6YH9OEC.txt [ Cookie:johannes@statcounter.com/ ]
        C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\B62BJ4AK.txt [ Cookie:johannes@www.googleadservices.com/pagead/conversion/1020833047/ ]
        C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZKOF52KC.txt [ Cookie:johannes@amazon-adsystem.com/ ]
        C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\U21KJ84Q.txt [ Cookie:johannes@media6degrees.com/ ]
        C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\8K284UJI.txt [ Cookie:johannes@xiti.com/ ]
        C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\33CWIXBS.txt [ Cookie:johannes@adtech.de/ ]
        C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\7FN33MTF.txt [ Cookie:johannes@overture.com/ ]
        C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\BA8IXSZO.txt [ Cookie:johannes@webmasterplan.com/ ]
        C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\G7EVLWEA.txt [ Cookie:johannes@tracking.die-trucker-seite.info/ ]
        C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\15S37K5E.txt [ Cookie:johannes@www.googleadservices.com/pagead/conversion/1058541240/ ]
        C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\OCVYRMY7.txt [ Cookie:johannes@zanox.com/ ]
        C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\3IWJVYBH.txt [ Cookie:johannes@lego.112.2o7.net/ ]
        C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\IX69PUHP.txt [ Cookie:johannes@bs.serving-sys.com/ ]
        C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\530CNQLS.txt [ Cookie:johannes@traffictrack.de/ ]
        C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\NT30TCLE.txt [ Cookie:johannes@ad2.adfarm1.adition.com/ ]
        C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\IZRH6UBM.txt [ Cookie:johannes@tradedoubler.com/ ]
        C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\E19RX98O.txt [ Cookie:johannes@fr.sitestat.com/eurosport/yahoode/ ]
        C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\JN16KPZO.txt [ Cookie:johannes@adfarm1.adition.com/ ]
        C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\GNNS6ETF.txt [ Cookie:johannes@adserver.adtechus.com/ ]
        C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\PQFXX33L.txt [ Cookie:johannes@ad.zanox.com/ ]
        C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\8GZMZVWN.txt [ Cookie:johannes@server.cpmstar.com/ ]
        C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\N9JSQ0QK.txt [ Cookie:johannes@track.effiliation.com/ ]
        C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\QP1Y92SE.txt [ Cookie:johannes@eas.apm.emediate.eu/ ]
        C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\PTDDJIS7.txt [ Cookie:johannes@zanox-affiliate.de/ ]
        C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\YAR35KQO.txt [ Cookie:johannes@serving-sys.com/ ]
        C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\I38TQ89F.txt [ Cookie:johannes@revsci.net/ ]
        C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\C5RDKICB.txt [ Cookie:johannes@aim4media.com/ ]
        C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\FKEH1JOY.txt [ Cookie:johannes@track.adform.net/ ]
        C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\UIWEBD9R.txt [ Cookie:johannes@im.banner.t-online.de/ ]
        C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\39AU7VAN.txt [ Cookie:johannes@ww251.smartadserver.com/ ]
        C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\RF0F9ZAW.txt [ Cookie:johannes@tribalfusion.com/ ]
        C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\1LD9NDRG.txt [ Cookie:johannes@yieldmanager.net/ ]
        C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\R6P9D2NA.txt [ Cookie:johannes@doubleclick.net/ ]
        C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\0MH22WEI.txt [ Cookie:johannes@specificclick.net/ ]
        C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\PG3M6VX0.txt [ Cookie:johannes@ad.yieldmanager.com/ ]
        C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\2K3YZXQ6.txt [ Cookie:johannes@media.gan-online.com/ ]
        C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\YN1CA9K4.txt [ Cookie:johannes@track.effiliation.com/servlet/ ]
        C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\XKH32NOU.txt [ Cookie:johannes@adserver.kfz-nfz.de/ ]
        C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\PX5RCSBB.txt [ Cookie:johannes@smartadserver.com/ ]
        C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\4ZVS2E0B.txt [ Cookie:johannes@clickply.com/ ]
        C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\9IK3WDCB.txt [ Cookie:johannes@invitemedia.com/ ]
        C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\7ZLCM7AC.txt [ Cookie:johannes@apmebf.com/ ]
        C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\PUDHHN6P.txt [ Cookie:johannes@adlegend.com/ ]
        C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\8VNI6IDF.txt [ Cookie:johannes@lucidmedia.com/ ]
        C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\Q6CBOV2A.txt [ Cookie:johannes@server.adformdsp.net/ ]
        C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\8A0BPPJE.txt [ Cookie:johannes@adviva.net/ ]
        C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\16XF379C.txt [ Cookie:johannes@fr.sitestat.com/eurosport/ ]
        C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\PWOJLG1Q.txt [ Cookie:johannes@www.googleadservices.com/pagead/conversion/994070591/ ]
        C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\1HU3WBLZ.txt [ Cookie:johannes@ads.gamesbannernet.com/ ]
        C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\4UNVW1Q8.txt [ Cookie:johannes@www.googleadservices.com/pagead/conversion/1061251810/ ]
        C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\DAUM9KNC.txt [ Cookie:johannes@server.adform.net/ ]
        C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\MA2S0WR1.txt [ Cookie:johannes@www.googleadservices.com/pagead/conversion/1070971934/ ]
        C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\SMEU2YWJ.txt [ Cookie:johannes@unitymedia.de/ ]
        C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\THYI6ZN4.txt [ Cookie:johannes@www.googleadservices.com/pagead/conversion/1057321866/ ]
        C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z09C1GJI.txt [ Cookie:johannes@delivery.atkmedia.de/ ]
        C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\AQ2C9EDQ.txt [ Cookie:johannes@www.googleadservices.com/pagead/conversion/1035760606/ ]
        C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\RMP3Q5A8.txt [ Cookie:johannes@adinterax.com/ ]
        C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\4QWH0ZLY.txt [ Cookie:johannes@googleads.g.doubleclick.net/ ]
        C:\USERS\JOHANNES\Cookies\OMWCNJZ3.txt [ Cookie:johannes@adviva.net/ ]
        C:\USERS\JOHANNES\Cookies\WRO13W0H.txt [ Cookie:johannes@mediaplex.com/ ]
        C:\USERS\JOHANNES\Cookies\JXOB3JP1.txt [ Cookie:johannes@zanox.com/ ]
        C:\USERS\JOHANNES\Cookies\EJGWRKNM.txt [ Cookie:johannes@adfarm1.adition.com/ ]
        C:\USERS\JOHANNES\Cookies\4E2I482U.txt [ Cookie:johannes@ad.zanox.com/ ]
        C:\USERS\JOHANNES\Cookies\5V23PCWC.txt [ Cookie:johannes@im.banner.t-online.de/ ]
        C:\USERS\JOHANNES\Cookies\MOM8YWE3.txt [ Cookie:johannes@specificclick.net/ ]
        C:\USERS\JOHANNES\Cookies\4J76X1AV.txt [ Cookie:johannes@media.gan-online.com/ ]
        C:\USERS\JOHANNES\Cookies\2RWEPCYH.txt [ Cookie:johannes@smartadserver.com/ ]
        C:\USERS\JOHANNES\Cookies\ET8TW8UE.txt [ Cookie:johannes@apmebf.com/ ]
        delivery.ibanner.de [ C:\USERS\BSLAP\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\X28S3DKT ]
Sorry nochmal
Freu mich auf Antwort.
:dankeschoen:

cosinus 04.09.2012 16:33
Zitat:
UAC On - Limited User
Wieder nur per Doppelklick?

mobspot 04.09.2012 16:42
Nein. Instaliert und vorgegangen wie bei euch beschrieben. Was ist das problem?
Gruß Steffen

cosinus 04.09.2012 19:08
Steht och im Zitat! Limited User - also keine Adminrechte
Aber das wird ein Bug von sasw sein hab ich schon öfter gesehen

Sieht ok aus, da wurden nur Cookies gefunden.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )


Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

mobspot 07.09.2012 12:49
Hallo Arne, danke erstmal für deine Hilfe bis hierher. Wenn ich dich richtig verstehe ist mein Rechner soweit wieder sauber und die Trojaner sind verschwunden, die ja ursächlich für meine Anfrage waren. Bezüglich der Cookies nehm ich die Tipps sehr gerne an und werd das auch so umsetzen.

Würdest Du die Installation von Kaspersky Internet Security statt jetzt Avira empfehlen?

Viele Grüße
Steffen

cosinus 09.09.2012 20:41
Zitat:
Würdest Du die Installation von Kaspersky Internet Security statt jetzt Avira empfehlen?
Nein! Beschränke dich auf ein reinen Virenscanner! Mehr bracht man nicht!
Es gibt keine Sicherheit in bunten Pappschachteln und wenn man die grundlegenden Regeln beachtet ist IMHO außer Malwarebytes garnichts notwendig!

Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen:

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.


Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.


Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks => Adobe Flash Player Distribution | Adobe

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

mobspot 10.09.2012 09:29
Hallo Arne

Vielen Dank für die Unterstützung :abklatsch: und die vielen Tipps. :applaus:

Ich werde euch weiterempfehlen und gerne auch wieder konsultieren (was ich hoffentlich nicht mehr brauche).

Werde soweit alles umsetzen und wachsam sein.

Merci aus Bayern
Steffen
:dankeschoen:


Alle Zeitangaben in WEZ +1. Es ist jetzt 17:58 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130