Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   TR/ATRAPS.Gen2 gefunden (https://www.trojaner-board.de/121587-tr-atraps-gen2-gefunden.html)

Granade 08.08.2012 17:48
TR/ATRAPS.Gen2 gefunden
 
Hallo liebes Forum,

mir meldet seit gestern Avira Antivir, dass mein Rechner vom TR/ATRAPS.Gen2 befallen ist. Habe diesen bereits mehrmals von Antivir entfernen lassen, doch die Meldung erscheint nach wenigen Minuten dann wieder.
Habe auch schon mehrmals Malwarebytes Anti-Malware durchlaufen lassen und die Funde entfernt. Nach dem Neustart bleibt das Problem aber weiterhin bestehen.

Bin nun die Anleitung durchgegangen und habe nach der Benutzung von defogger, OTL und Malwarebytes Log-Datein erstellen lassen.

Wäre super, wenn mir einer von Euch helfen könnte!
Vielen Dank
Gruß
Alex

OTL.Txt.
Code:
OTL logfile created on: 08.08.2012 18:20:39 - Run 1
OTL by OldTimer - Version 3.2.56.0    Folder = E:\DOWNLOADS
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,80 Gb Available Physical Memory | 70,15% Memory free
8,16 Gb Paging File | 6,99 Gb Available in Paging File | 85,59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58,59 Gb Total Space | 7,54 Gb Free Space | 12,87% Space Free | Partition Type: NTFS
Drive D: | 358,33 Gb Total Space | 145,16 Gb Free Space | 40,51% Space Free | Partition Type: NTFS
Drive E: | 48,83 Gb Total Space | 8,10 Gb Free Space | 16,59% Space Free | Partition Type: NTFS
 
Computer Name: ***** | User Name: Besitzer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.08.08 18:20:13 | 000,596,480 | ---- | M] (OldTimer Tools) -- E:\DOWNLOADS\OTL.exe
PRC - [2012.05.09 08:58:28 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.09 08:58:28 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.09 08:58:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.03.01 02:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2011.01.10 14:49:52 | 000,014,848 | ---- | M] () -- C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
PRC - [2009.02.18 19:20:07 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012.05.29 13:09:50 | 000,035,680 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV - [2012.08.07 20:31:23 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.08.05 10:37:56 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.06.05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.29 13:09:52 | 002,143,072 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012.05.29 13:09:50 | 000,029,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2012.05.09 08:58:28 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.09 08:58:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.03.01 02:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.02.29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.01.12 10:44:32 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.01.10 14:49:52 | 000,014,848 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe -- (DokanMounter)
SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.03.29 21:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.02.18 19:20:07 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2007.12.20 01:04:00 | 000,364,544 | R--- | M] (AVM Berlin) [Disabled | Stopped] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.09 08:58:28 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.09 08:58:28 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.10.11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.01.10 14:51:40 | 000,120,408 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\dokan.sys -- (Dokan)
DRV:64bit: - [2010.11.09 18:59:09 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009.06.29 17:33:30 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:64bit: - [2009.06.29 17:33:29 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009.02.03 17:37:50 | 000,075,384 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfdrv01.sys -- (sfdrv01)
DRV:64bit: - [2008.11.18 17:27:10 | 000,118,016 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\gtstusbser_64.sys -- (gtstusbser_64)
DRV:64bit: - [2008.02.14 08:56:14 | 000,160,768 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008.01.21 04:51:07 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2008.01.21 04:47:28 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2007.04.23 14:15:48 | 000,031,016 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\rtlprot.sys -- (RtlProt)
DRV:64bit: - [2007.02.08 19:47:24 | 000,107,384 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfvfs02.sys -- (sfvfs02)
DRV:64bit: - [2006.12.28 01:00:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fwlanusb.sys -- (FWLANUSB)
DRV:64bit: - [2006.12.28 01:00:00 | 000,014,120 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject)
DRV:64bit: - [2006.09.18 23:27:33 | 000,055,640 | ---- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Rtnic64.sys -- (RTL8023x64)
DRV:64bit: - [2006.07.11 09:32:40 | 000,052,120 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfsync03.sys -- (sfsync03)
DRV:64bit: - [2006.06.14 16:58:10 | 000,014,192 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfhlp02.sys -- (sfhlp02)
DRV - [2012.02.01 14:24:02 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.02.04 12:59:34 | 000,020,544 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2008.11.18 17:27:10 | 000,118,016 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\gtstusbser_64.sys -- (gtstusbser_64)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{65008CED-E5F6-4583-92DF-63632298B982}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
 
========== FireFox ==========
 
FF - prefs.js..CT2319825.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.spiegel.de/"
FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:4.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.4
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {5B52016C-D097-4aec-BE61-9F129D8FDDBA}:2.0
FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.5.2
FF - prefs.js..extensions.enabledItems: {184AA5E6-741D-464a-820E-94B3ABC2F3B4}:1.0
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=2&q="
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 9666
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 9666
FF - prefs.js..network.proxy.type: 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: E:\Programme\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: E:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: E:\Programme\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: E:\Programme\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.06.14 10:13:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Besitzer\AppData\Roaming\5025 [2011.09.14 15:58:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: E:\Programme\Firefox\components [2012.08.05 10:37:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: E:\Programme\Firefox\plugins [2012.03.05 14:45:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.06.14 10:13:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Besitzer\AppData\Roaming\5025 [2011.09.14 15:58:22 | 000,000,000 | ---D | M]
 
[2009.02.06 18:20:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Extensions
[2012.08.04 20:10:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\e9xqhlp5.default\extensions
[2010.06.14 16:00:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\e9xqhlp5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.03.21 16:49:27 | 000,000,000 | ---D | M] ("UltraSurf Firefox Tool") -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\e9xqhlp5.default\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA}
[2010.08.01 21:16:13 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\e9xqhlp5.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.01.23 16:59:09 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\e9xqhlp5.default\extensions\firefox@tvunetworks.com
[2010.05.26 22:06:19 | 000,000,000 | ---D | M] (Illimitux) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\e9xqhlp5.default\extensions\illimitux@illimitux.net
[2010.02.14 18:38:25 | 000,000,000 | ---D | M] (Veoh Video Compass) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\e9xqhlp5.default\extensions\searchrecs@veoh.com
[2012.08.04 20:09:22 | 000,000,907 | ---- | M] () -- C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\e9xqhlp5.default\searchplugins\conduit.xml
[2011.09.14 15:58:22 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\BESITZER\APPDATA\ROAMING\5025
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - E:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O8:64bit: - Extra context menu item: &Download by Orbit - E:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: &Grab video by Orbit - E:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - E:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Down&load all by Orbit - E:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Besitzer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - E:\Programme\Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: &Download by Orbit - E:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - E:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - E:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - E:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Besitzer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - E:\Programme\Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Programme\Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\PartyGaming\PartyPoker\RunApp.exe File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0EAE83B7-8094-4692-A9E6-3A97A46A9E38}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3B58B8DD-8186-42F4-B143-79CB626579D5}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7EFDA025-EAD5-4794-8B5F-26A3AF6E4D2B}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D2D43118-0F76-4CE2-8698-5585CB5C8AB5}: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FAF0B3C3-A88A-4957-8ADF-B13D20A35A6F}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{040c36de-f618-11dd-9fe6-001c4afb1eb1}\Shell - "" = AutoRun
O33 - MountPoints2\{040c36de-f618-11dd-9fe6-001c4afb1eb1}\Shell\AutoRun\command - "" = H:\autorun.exe
O33 - MountPoints2\{2924aa87-f2a0-11dd-a264-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{2924aa87-f2a0-11dd-a264-806e6f6e6963}\Shell\AutoRun\command - "" = "F:\Diablo III Setup.exe"
O33 - MountPoints2\{33517676-6a73-11df-b509-001fd0a136cb}\Shell - "" = AutoRun
O33 - MountPoints2\{33517676-6a73-11df-b509-001fd0a136cb}\Shell\AutoRun\command - "" = J:\QsSetup.exe
O33 - MountPoints2\{3542e24a-f466-11dd-bfbd-001fd0a136cb}\Shell - "" = AutoRun
O33 - MountPoints2\{3542e24a-f466-11dd-bfbd-001fd0a136cb}\Shell\AutoRun\command - "" = G:\pushinst.exe
O33 - MountPoints2\{5b4480e5-f996-11de-a893-001fd0a136cb}\Shell\AutoRun\command - "" = c2e.exe
O33 - MountPoints2\{5b4480e5-f996-11de-a893-001fd0a136cb}\Shell\open\Command - "" = c2e.exe
O33 - MountPoints2\{b18640d1-5c62-11df-9658-001fd0a136cb}\Shell - "" = AutoRun
O33 - MountPoints2\{b18640d1-5c62-11df-9658-001fd0a136cb}\Shell\AutoRun\command - "" = G:\QsSetup.exe
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\QsSetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.07 20:49:55 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Local\Macromedia
[2012.08.06 22:12:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012.08.05 22:57:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Microsoft Games
[2012.08.04 22:36:01 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Roaming\AirportMadness4
[2012.08.04 22:34:38 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\Desktop\Airpo
[2012.08.04 22:29:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\smartdl
[2012.08.04 20:18:35 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\Documents\TowerSim
[2012.08.04 20:18:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Airport-Tower-Simulator 2012
[2012.08.04 20:09:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2012.08.04 20:09:09 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Local\Conduit
[2012.08.04 20:09:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winload
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.08 18:24:52 | 001,418,632 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.08 18:24:52 | 000,618,204 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.08 18:24:52 | 000,586,980 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.08 18:24:52 | 000,122,636 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.08 18:24:52 | 000,101,052 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.08 18:18:03 | 000,003,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.08 18:18:02 | 000,003,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.08 18:18:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.08 18:17:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.08 18:16:22 | 000,000,020 | ---- | M] () -- C:\Users\Besitzer\defogger_reenable
[2012.08.07 21:36:00 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.07 21:31:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.05 10:38:58 | 000,000,606 | ---- | M] () -- C:\Users\Public\Desktop\AirportMadness4.lnk
[2012.08.04 20:09:20 | 000,000,009 | ---- | M] () -- C:\END
 
========== Files Created - No Company Name ==========
 
[2012.08.08 18:16:21 | 000,000,020 | ---- | C] () -- C:\Users\Besitzer\defogger_reenable
[2012.08.08 18:08:30 | 000,092,160 | ---- | C] () -- C:\Windows\Installer\{8d85f97b-1311-281b-17d2-05b2700438bc}\U\80000032.@
[2012.08.08 18:08:29 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{8d85f97b-1311-281b-17d2-05b2700438bc}\U\00000008.@
[2012.08.08 18:08:27 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{8d85f97b-1311-281b-17d2-05b2700438bc}\U\000000cb.@
[2012.08.08 17:57:17 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{8d85f97b-1311-281b-17d2-05b2700438bc}\U\80000064.@
[2012.08.06 22:12:52 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.06 21:22:35 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{8d85f97b-1311-281b-17d2-05b2700438bc}\U\80000000.@
[2012.08.06 21:22:05 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{8d85f97b-1311-281b-17d2-05b2700438bc}\L\00000004.@
[2012.08.05 21:06:00 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{8d85f97b-1311-281b-17d2-05b2700438bc}\U\00000004.@
[2012.08.04 22:35:14 | 000,000,606 | ---- | C] () -- C:\Users\Public\Desktop\AirportMadness4.lnk
[2012.08.04 22:35:14 | 000,000,606 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AirportMadness4.lnk
[2012.08.04 20:09:18 | 000,000,009 | ---- | C] () -- C:\END
[2012.05.15 10:14:37 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012.05.15 10:14:19 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2012.05.15 10:13:27 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2012.05.09 18:26:11 | 001,368,464 | ---- | C] () -- C:\Windows\gdfdata.dll
[2012.05.09 18:26:11 | 000,034,753 | ---- | C] () -- C:\Windows\data2.bin
[2012.05.09 18:26:08 | 001,771,424 | ---- | C] () -- C:\Windows\SH_NClient.dll
[2012.05.09 18:26:08 | 000,992,168 | ---- | C] () -- C:\Windows\MissionTerrain.dll
[2012.05.09 18:26:08 | 000,736,160 | ---- | C] () -- C:\Windows\SimData.dll
[2012.05.09 18:26:08 | 000,419,752 | ---- | C] () -- C:\Windows\grannyloader.dll
[2012.05.09 18:26:08 | 000,362,904 | ---- | C] () -- C:\Windows\kernel.dll
[2012.05.09 18:26:08 | 000,300,440 | ---- | C] () -- C:\Windows\Utils.dll
[2012.05.09 18:26:08 | 000,181,664 | ---- | C] () -- C:\Windows\GDSScene.dll
[2012.05.09 18:26:08 | 000,135,072 | ---- | C] () -- C:\Windows\DrawLib.dll
[2012.05.09 18:26:08 | 000,133,544 | ---- | C] () -- C:\Windows\MissionEngine.dll
[2012.05.09 18:26:08 | 000,124,328 | ---- | C] () -- C:\Windows\Plug_Behavior.dll
[2012.05.09 18:26:08 | 000,117,672 | ---- | C] () -- C:\Windows\AIFramework.dll
[2012.05.09 18:26:08 | 000,114,600 | ---- | C] () -- C:\Windows\GDSViewerCtrl.dll
[2012.05.09 18:26:08 | 000,095,672 | ---- | C] () -- C:\Windows\PropertyUserInterface.dll
[2012.05.09 18:26:08 | 000,083,368 | ---- | C] () -- C:\Windows\StateMachine.dll
[2012.05.09 18:26:08 | 000,081,320 | ---- | C] () -- C:\Windows\FileManager.dll
[2012.05.09 18:26:08 | 000,074,144 | ---- | C] () -- C:\Windows\MessageNet.dll
[2012.05.09 18:26:08 | 000,073,136 | ---- | C] () -- C:\Windows\GoblinEditorApp.exe
[2012.05.09 18:26:08 | 000,069,040 | ---- | C] () -- C:\Windows\MisTerrViewCtrl.dll
[2012.05.09 18:26:08 | 000,067,000 | ---- | C] () -- C:\Windows\ScriptManagerNative.dll
[2012.05.09 18:26:08 | 000,065,432 | ---- | C] () -- C:\Windows\zlib1.dll
[2012.05.09 18:26:08 | 000,051,624 | ---- | C] () -- C:\Windows\SH_NProtocol.dll
[2012.05.09 18:26:08 | 000,039,328 | ---- | C] () -- C:\Windows\property.dll
[2012.05.09 18:26:08 | 000,033,696 | ---- | C] () -- C:\Windows\Plug_Zones.dll
[2012.05.09 18:26:08 | 000,031,656 | ---- | C] () -- C:\Windows\Plug_Commons.dll
[2012.05.09 18:26:08 | 000,023,464 | ---- | C] () -- C:\Windows\LowLevelUtils.dll
[2012.05.09 18:26:08 | 000,014,240 | ---- | C] () -- C:\Windows\TuningTool.dll
[2012.04.01 12:06:24 | 000,000,366 | ---- | C] () -- C:\Windows\XIIIHooligans.ini
[2012.03.16 18:40:45 | 000,000,680 | ---- | C] () -- C:\Users\Besitzer\AppData\Local\d3d9caps.dat
[2012.02.29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.01.16 10:39:12 | 000,150,816 | ---- | C] () -- C:\Windows\SysWow64\WIN2PDFS.DLL
[2012.01.16 10:39:11 | 000,000,002 | ---- | C] () -- C:\Windows\1way.ini
[2011.10.19 15:10:23 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{8d85f97b-1311-281b-17d2-05b2700438bc}\@
[2011.09.14 15:58:18 | 000,000,000 | ---- | C] () -- C:\Users\Besitzer\AppData\Roaming\blckdom.res
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.03.27 21:45:55 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2011.01.10 14:49:52 | 000,035,840 | ---- | C] () -- C:\Windows\SysWow64\dokan.dll
[2010.09.30 16:46:08 | 000,122,608 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010.08.24 12:27:45 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.03.21 16:46:18 | 000,000,600 | ---- | C] () -- C:\Users\Besitzer\PUTTY.RND
[2009.02.06 20:14:00 | 000,049,664 | ---- | C] () -- C:\Users\Besitzer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== LOP Check ==========
 
[2011.09.14 15:58:22 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\5025
[2012.08.04 22:36:01 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\AirportMadness4
[2011.05.04 16:38:10 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Amazon
[2012.08.05 12:22:32 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Azureus
[2009.02.08 21:40:39 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\DAEMON Tools
[2010.11.09 19:02:21 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\DAEMON Tools Lite
[2009.02.08 21:40:39 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\DAEMON Tools Pro
[2012.08.08 18:08:15 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Dropbox
[2011.10.01 23:48:44 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\DVDVideoSoft
[2011.10.01 23:48:33 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.04.06 11:33:23 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\GrabPro
[2009.02.22 20:02:56 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Helios
[2012.02.23 23:49:22 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\ICQ
[2011.09.14 15:58:08 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\kock
[2010.03.13 20:09:04 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Leadertech
[2010.09.29 18:23:22 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\LolClient
[2012.03.05 14:47:53 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\OpenOffice.org
[2012.05.27 13:58:41 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Orbit
[2012.01.16 10:45:30 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\PDF Writer
[2009.02.20 20:45:39 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Red Alert 3
[2012.02.16 20:48:35 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Sony
[2011.08.14 13:59:45 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\SpeedSim
[2012.08.06 00:05:11 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Spotify
[2010.10.11 14:35:03 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\temp
[2011.02.27 16:29:48 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\The Creative Assembly
[2009.02.10 17:09:34 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Thunderbird
[2012.03.14 00:05:58 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Tropico 3
[2012.06.27 19:42:11 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\TS3Client
[2012.02.23 22:57:37 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\TuneUp Software
[2009.06.29 17:36:22 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Ubisoft
[2012.08.08 18:08:24 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\uTorrent
[2011.06.22 22:00:26 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\wargaming.net
[2010.01.05 03:06:31 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\WordToPDF
[2012.05.14 17:12:45 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\WOTModInstaller
[2012.05.14 17:12:29 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\WoT_StartPack
[2011.09.14 15:58:12 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\xmldm
[2012.08.08 18:16:33 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.10.19 17:40:16 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{9D31A6BA-0F1A-4645-9F5B-77B0634D8E33}.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 487 bytes -> C:\ProgramData\TEMP:05EE1EEF

< End of report >
OTL Extras.txt
Code:
OTL Extras logfile created on: 08.08.2012 18:20:39 - Run 1
OTL by OldTimer - Version 3.2.56.0    Folder = E:\DOWNLOADS
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,80 Gb Available Physical Memory | 70,15% Memory free
8,16 Gb Paging File | 6,99 Gb Available in Paging File | 85,59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58,59 Gb Total Space | 7,54 Gb Free Space | 12,87% Space Free | Partition Type: NTFS
Drive D: | 358,33 Gb Total Space | 145,16 Gb Free Space | 40,51% Space Free | Partition Type: NTFS
Drive E: | 48,83 Gb Total Space | 8,10 Gb Free Space | 16,59% Space Free | Partition Type: NTFS
 
Computer Name: ***** | User Name: Besitzer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- E:\Programme\Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "E:\Programme\Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "E:\Programme\Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "E:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "E:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "E:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "E:\Programme\Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "E:\Programme\Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "E:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "E:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "E:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
"VistaSp2" = CF 5D 18 51 78 32 CD 01  [binary data]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R)
"{80D3CFFD-4CB5-47A1-8779-11A720A9ADB2}" = HP Deskjet D2600 Printer Driver Software 13.0 Rel .5
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 296.10
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 7.2.0.1338
"CCleaner" = CCleaner
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Shop for HP Supplies" = Shop for HP Supplies
"Win2PDF_is1" = Win2PDF 7
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{11202615-E557-4ECF-9B86-F59C81E52909}" = FIFA 10
"{137D91E1-2347-4EAC-BB0B-CC06C6B92A52}_is1" = Men of War (Remove Only)
"{137D91E1-2347-4EAC-BB0B-CC06C6B92A52}_update1.11.3.1" = Update &1 für Spiel Men of War
"{15292416-A464-4FBA-BB96-7298EAACFC07}" = Zoo Tycoon 2 - Extinct Animals
"{167A1F6A-9BF2-4B24-83DB-C6D659F680EA}" = Media Go
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1A9C3B2E-360E-4353-8E17-312342E24194}" = Speed-Link SL-6535 USB Pad
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks v.0.7.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{203E564A-51E6-44E5-9DF9-8D0AD66E401D}" = DJ_SF_05_D2600_Software_Min
"{20D0FE9A-816F-4218-9F5E-67B4198052FF}" = MOUSE Editor
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Red Alert™ 3
"{2CBE667E-1193-47DC-852E-2CB4747C12E3}" = Blazing Angels Squadrons of WWII
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{395AB8C5-F3A8-4380-8718-7A11EC5829F6}" = iCON 210
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{415030B8-3E8B-462A-8C03-41D95AA3AB3B}" = Medal of Honor (TM)
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6E36A172-06FB-4BC8-B7FC-D30D219E6776}" = Tom Clancy's H.A.W.X
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R)
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{775290AD-C54E-418C-9564-A10836F42C1C}" = D2600
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7D085D60-7F9B-FA8C-EA39-A4558BF7CBE9}" = AirportMadness4
"{81224655-3922-439F-BBFE-51D9D46C6F5D}" = NETGEAR MA111v2 802.11b Wireless USB Adapter
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{94240445-6D61-4985-B240-9027DCA7193E}_is1" = Men of War: Red Tide (Remove Only)
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A4D58206-7E8F-41F2-BD94-85009F3AEA28}" = NWZ-E460 WALKMAN Guide
"{A89FDE8E-91B5-4A09-AB00-5F4B5207B6D9}_is1" = Airport-Tower-Simulator 2012 Version 1.0
"{A8DB611A-D80E-450D-85F6-3ACDD164BE31}" = Pro Evolution Soccer 2009
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC61C594-5F86-4BE9-ABAF-763C6A8E2302}" = Silent Hunter 5
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B89933C8-E38D-44BE-B3DB-96657D11338F}" = Hooligans - Storm over Europe
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{de2f2d9c-53e2-40ee-8209-74da63cb060e}" = Python 3.0.1
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{EF3E420F-2DCF-4C24-8E37-896801901031}" = Nero 7 Essentials
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FEFAF112-4DA8-479C-89E2-7DE25091711A}" = Call of Juarez - Bound in Blood
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AIDA64 Extreme Edition_is1" = AIDA64 Extreme Edition v2.30
"AirportMadness4" = AirportMadness4
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"BH - RT" = Blitzkrieg Anthology: BH - RT
"Blitzkrieg" = Blitzkrieg Anthology: Blitzkrieg
"Call of Duty: Black Ops_is1" = Call of Duty: Black Ops
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Diablo III" = Diablo III
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DokanLibrary" = Dokan Library 0.6.0
"EA Download Manager" = EA Download Manager
"FLV Player" = FLV Player 2.0 (build 25)
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923
"FUSSBALL MANAGER 11" = FUSSBALL MANAGER 11
"heroes in the sky" = heroes in the sky
"InstallShield_{15292416-A464-4FBA-BB96-7298EAACFC07}" = Zoo Tycoon 2 - Extinct Animals
"InstallShield_{20D0FE9A-816F-4218-9F5E-67B4198052FF}" = Mouse Editor
"InstallShield_{81224655-3922-439F-BBFE-51D9D46C6F5D}" = NETGEAR MA111v2 802.11b Wireless USB Adapter
"InstallShield_{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla
"InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"InstallShield_{FEFAF112-4DA8-479C-89E2-7DE25091711A}" = Call of Juarez - Bound in Blood
"JDownloader" = JDownloader
"La Plata SP Gold. for Anthology" = La Plata SP Gold. for Anthology 1.00a
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"mIRC" = mIRC
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Natural Selection_is1" = Natural Selection 3.2
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Orbit_is1" = Orbit Downloader
"PunkBusterSvc" = PunkBuster Services
"S4Uninst" = Die Siedler IV
"SopCast" = SopCast 3.2.4
"SpeedSim" = SpeedSim
"StarCraft II" = StarCraft II
"Steam App 10" = Counter-Strike
"Steam App 10500" = Empire: Total War
"Steam App 10600" = Empire: Total War - Special Forces Unit
"Steam App 10601" = Empire: Total War - Dahomey Amazons Unit
"Steam App 30" = Day of Defeat
"Steam App 34030" = Napoleon: Total War
"Steam App 34330" = Total War: SHOGUN 2
"Steam App 50130" = Mafia II
"Steam App 70" = Half-Life
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Tropico3" = Tropico 3 1.00
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV 0.9.18
"Veoh Web Player Beta" = Veoh Web Player
"Vuze" = Vuze
"Winamp" = Winamp
"Winload Toolbar" = Winload Toolbar
"WinRAR archiver" = WinRAR
"WordToPDF_is1" = WordToPDF 2.4
"Zoo Tycoon 1.0" = Zoo Tycoon: Complete Collection
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Spotify" = Spotify
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 08.08.2012 12:09:35 | Computer Name = Brocks | Source = WinMgmt | ID = 10
Description =
 
Error - 08.08.2012 12:12:59 | Computer Name = Brocks | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel
 0x47918b89, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x7549a57d,  Prozess-ID 0xea8, Anwendungsstartzeit
 01cd7580aa132412.
 
Error - 08.08.2012 12:14:09 | Computer Name = Brocks | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel
 0x47918b89, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x7549a57d,  Prozess-ID 0xa48, Anwendungsstartzeit
 01cd7580d783d4d2.
 
Error - 08.08.2012 12:15:14 | Computer Name = Brocks | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel
 0x47918b89, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x7549a57d,  Prozess-ID 0x304, Anwendungsstartzeit
 01cd7580fe0836a2.
 
Error - 08.08.2012 12:16:19 | Computer Name = Brocks | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel
 0x47918b89, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x7549a57d,  Prozess-ID 0xfa0, Anwendungsstartzeit
 01cd758124bfb662.
 
Error - 08.08.2012 12:18:27 | Computer Name = Brocks | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 08.08.2012 12:19:41 | Computer Name = Brocks | Source = WinMgmt | ID = 10
Description =
 
Error - 08.08.2012 12:23:05 | Computer Name = Brocks | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel
 0x47918b89, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x7531a57d,  Prozess-ID 0xf98, Anwendungsstartzeit
 01cd7582135cf274.
 
Error - 08.08.2012 12:24:18 | Computer Name = Brocks | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel
 0x47918b89, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x7531a57d,  Prozess-ID 0xd30, Anwendungsstartzeit
 01cd7582425b57b4.
 
Error - 08.08.2012 12:25:23 | Computer Name = Brocks | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel
 0x47918b89, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x7531a57d,  Prozess-ID 0xe78, Anwendungsstartzeit
 01cd758268ded6f4.
 
Error - 08.08.2012 12:26:32 | Computer Name = Brocks | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel
 0x47918b89, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x7531a57d,  Prozess-ID 0xefc, Anwendungsstartzeit
 01cd7582926cb7d4.
 
[ System Events ]
Error - 08.08.2012 12:09:36 | Computer Name = Brocks | Source = Service Control Manager | ID = 7023
Description =
 
Error - 08.08.2012 12:09:36 | Computer Name = Brocks | Source = Service Control Manager | ID = 7003
Description =
 
Error - 08.08.2012 12:09:36 | Computer Name = Brocks | Source = Service Control Manager | ID = 7003
Description =
 
Error - 08.08.2012 12:09:36 | Computer Name = Brocks | Source = Service Control Manager | ID = 7003
Description =
 
Error - 08.08.2012 12:09:36 | Computer Name = Brocks | Source = Service Control Manager | ID = 7026
Description =
 
Error - 08.08.2012 12:19:42 | Computer Name = Brocks | Source = Service Control Manager | ID = 7023
Description =
 
Error - 08.08.2012 12:19:42 | Computer Name = Brocks | Source = Service Control Manager | ID = 7003
Description =
 
Error - 08.08.2012 12:19:42 | Computer Name = Brocks | Source = Service Control Manager | ID = 7003
Description =
 
Error - 08.08.2012 12:19:42 | Computer Name = Brocks | Source = Service Control Manager | ID = 7003
Description =
 
Error - 08.08.2012 12:19:42 | Computer Name = Brocks | Source = Service Control Manager | ID = 7026
Description =
 
 
< End of report >
Malwarebytes
Code:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.05.07

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 7.0.6002.18005
Besitzer :: **** [Administrator]

08.08.2012 18:39:38
mbam-log-2012-08-08 (18-42-52).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 220101
Laufzeit: 35 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Windows\Installer\{8d85f97b-1311-281b-17d2-05b2700438bc}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Keine Aktion durchgeführt.
C:\Windows\Installer\{8d85f97b-1311-281b-17d2-05b2700438bc}\U\000000cb.@ (Rootkit.0Access) -> Keine Aktion durchgeführt.
C:\Windows\Installer\{8d85f97b-1311-281b-17d2-05b2700438bc}\U\80000032.@ (Rootkit.0Access) -> Keine Aktion durchgeführt.

(Ende)

cosinus 15.08.2012 15:30
Bitte erstmal routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

Granade 16.08.2012 21:09
Moin,
Danke für die Antwort und deine Hilfe!
Führe deine Anweisungen morgen Nachmittag aus und poste die Ergebnisse hier.
Geht leider nicht früher, da ich diese Woche unterwegs bin!

Grüße

Granade 19.08.2012 18:05
Moin, hier die geforderten Scan-Ergebnisse.
Malware
Code:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.19.03

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 7.0.6002.18005
Besitzer :: ***** [Administrator]

19.08.2012 11:18:44
mbam-log-2012-08-19 (13-02-13).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 524719
Laufzeit: 1 Stunde(n), 34 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Windows\Installer\{8d85f97b-1311-281b-17d2-05b2700438bc}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Keine Aktion durchgeführt.
C:\Windows\Installer\{8d85f97b-1311-281b-17d2-05b2700438bc}\U\000000cb.@ (Rootkit.0Access) -> Keine Aktion durchgeführt.
C:\Windows\Installer\{8d85f97b-1311-281b-17d2-05b2700438bc}\U\80000032.@ (Rootkit.0Access) -> Keine Aktion durchgeführt.

(Ende)
Eset
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=6cc20a0a32537c4d9ab17d11894afe77
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-19 04:56:48
# local_time=2012-08-19 06:56:48 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 26345834 26345834 0 0
# compatibility_mode=5892 16776574 66 56 1288474 182898507 0 0
# compatibility_mode=8192 67108863 100 0 224 224 0 0
# scanned=317710
# found=5
# cleaned=0
# scan_time=20806
C:\Windows\Installer\{8d85f97b-1311-281b-17d2-05b2700438bc}\U\00000008.@        Win64/Agent.BA trojan (unable to clean)        00000000000000000000000000000000        I
C:\Windows\Installer\{8d85f97b-1311-281b-17d2-05b2700438bc}\U\000000cb.@        Win64/Conedex.B trojan (unable to clean)        00000000000000000000000000000000        I
C:\Windows\Installer\{8d85f97b-1311-281b-17d2-05b2700438bc}\U\80000000.@        Win64/Sirefef.AP trojan (unable to clean)        00000000000000000000000000000000        I
C:\Windows\Installer\{8d85f97b-1311-281b-17d2-05b2700438bc}\U\80000032.@        a variant of Win32/Sirefef.FD trojan (unable to clean)        00000000000000000000000000000000        I
${Memory}        a variant of Win32/Sirefef.EZ trojan        00000000000000000000000000000000        I

cosinus 20.08.2012 21:04
Zitat:
Keine Aktion durchgeführt.
-> No action taken.
Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! Bitte nachholen falls noch nicht getan!

NICHTS voreilig aus der Quarantäne löschen!

Granade 21.08.2012 17:33
Moin, habe die Funde schon häufiger gelöscht. Die sind nach einem Neustart immer wieder da!

cosinus 30.08.2012 12:21
adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

Granade 31.08.2012 22:59
Moin Cosinus,

anbei der Log.

Gruß

Code:
# AdwCleaner v2.000 - Datei am 08/31/2012 um 23:55:28 erstellt
# Aktualisiert am 30/08/2012 von Xplode
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Benutzer : Besitzer - ******
# Normaler Modus : Normal
# Ausgeführt unter : C:\Users\Besitzer\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\e9xqhlp5.default\searchplugins\Conduit.xml
Datei Gefunden : C:\Windows\Utils.dll
Ordner Gefunden : C:\Program Files (x86)\Conduit
Ordner Gefunden : C:\Program Files (x86)\Winload
Ordner Gefunden : C:\Users\Besitzer\AppData\Local\Conduit
Ordner Gefunden : C:\Users\Besitzer\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\Besitzer\AppData\LocalLow\Winload
Ordner Gefunden : C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\e9xqhlp5.default\Smartbar

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Winload
Schlüssel Gefunden : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2319825
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4D494D9D-1436-41D8-AC95-35AA4F4AEFAF}
Schlüssel Gefunden : HKLM\Software\Orbit\OpenCandy
Schlüssel Gefunden : HKLM\Software\Winload
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4D494D9D-1436-41D8-AC95-35AA4F4AEFAF}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{795A7172-6CC0-47E2-9D06-99D32F9879A0}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8213B672-89AE-4FC3-8072-D63B37789907}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C058A63F-E3D9-4720-8219-F53C6843D5A3}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Winload Toolbar
Schlüssel Gefunden : HKU\S-1-5-21-1030270869-327165798-2241316676-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKU\S-1-5-21-1030270869-327165798-2241316676-1002\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{40C3CC16-7269-4B32-9531-17F2950FB06F}]

***** [Internet Browser] *****

-\\ Internet Explorer v7.0.6002.18005

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825

-\\ Mozilla Firefox v14.0.1 (de)

Profilname : default
Datei : C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\e9xqhlp5.default\prefs.js

Gefunden : user_pref("CT2319825.1000082.isPlayDisplay", "true");
Gefunden : user_pref("CT2319825.1000082.state", "{\"state\":\"stopped\",\"text\":\"1Live\",\"description\":\"1L[...]
Gefunden : user_pref("CT2319825.1000234.TWC_TMP_city", "BERLIN");
Gefunden : user_pref("CT2319825.1000234.TWC_TMP_country", "DE");
Gefunden : user_pref("CT2319825.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gefunden : user_pref("CT2319825.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Gefunden : user_pref("CT2319825.FirstTime", "true");
Gefunden : user_pref("CT2319825.FirstTimeFF3", "true");
Gefunden : user_pref("CT2319825.ID", "48182593");
Gefunden : user_pref("CT2319825.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT231[...]
Gefunden : user_pref("CT2319825.UserID", "UN79165558367881938");
Gefunden : user_pref("CT2319825.addressBarTakeOverEnabledInHidden", "true");
Gefunden : user_pref("CT2319825.autoDisableScopes", -1);
Gefunden : user_pref("CT2319825.browser.search.defaultthis.engineName", true);
Gefunden : user_pref("CT2319825.defaultSearch", "true");
Gefunden : user_pref("CT2319825.embeddedsData", "[{\"appId\":\"128898076802619666\",\"apiPermissions\":{\"cross[...]
Gefunden : user_pref("CT2319825.enableAlerts", "always");
Gefunden : user_pref("CT2319825.enableSearchFromAddressBar", "true");
Gefunden : user_pref("CT2319825.firstTimeDialogOpened", "true");
Gefunden : user_pref("CT2319825.fixPageNotFoundError", "true");
Gefunden : user_pref("CT2319825.fixPageNotFoundErrorInHidden", "true");
Gefunden : user_pref("CT2319825.fixUrls", true);
Gefunden : user_pref("CT2319825.installId", "ConduitNSISIntegration");
Gefunden : user_pref("CT2319825.installType", "ConduitNSISIntegration");
Gefunden : user_pref("CT2319825.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gefunden : user_pref("CT2319825.isNewTabEnabled", true);
Gefunden : user_pref("CT2319825.isPerformedSmartBarTransition", "true");
Gefunden : user_pref("CT2319825.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Gefunden : user_pref("CT2319825.keyword", true);
Gefunden : user_pref("CT2319825.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.spiegel.de%2[...]
Gefunden : user_pref("CT2319825.openThankYouPage", "false");
Gefunden : user_pref("CT2319825.openUninstallPage", "true");
Gefunden : user_pref("CT2319825.search.searchAppId", "128898076802619666");
Gefunden : user_pref("CT2319825.search.searchCount", "0");
Gefunden : user_pref("CT2319825.searchInNewTabEnabledInHidden", "true");
Gefunden : user_pref("CT2319825.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gefunden : user_pref("CT2319825.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Gefunden : user_pref("CT2319825.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"2\[...]
Gefunden : user_pref("CT2319825.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Gefunden : user_pref("CT2319825.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Gefunden : user_pref("CT2319825.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Gefunden : user_pref("CT2319825.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Gefunden : user_pref("CT2319825.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Gefunden : user_pref("CT2319825.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1344103761988");
Gefunden : user_pref("CT2319825.serviceLayer_services_appTracking_lastUpdate", "1344103764604");
Gefunden : user_pref("CT2319825.serviceLayer_services_appsMetadata_lastUpdate", "1344103761983");
Gefunden : user_pref("CT2319825.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1344103763565");
Gefunden : user_pref("CT2319825.serviceLayer_services_login_10.10.20.14_lastUpdate", "1344103764443");
Gefunden : user_pref("CT2319825.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1344103763607");
Gefunden : user_pref("CT2319825.serviceLayer_services_searchAPI_lastUpdate", "1344103760883");
Gefunden : user_pref("CT2319825.serviceLayer_services_serviceMap_lastUpdate", "1344103760709");
Gefunden : user_pref("CT2319825.serviceLayer_services_toolbarContextMenu_lastUpdate", "1344103763588");
Gefunden : user_pref("CT2319825.serviceLayer_services_toolbarSettings_lastUpdate", "1344103760845");
Gefunden : user_pref("CT2319825.serviceLayer_services_translation_lastUpdate", "1344103761975");
Gefunden : user_pref("CT2319825.settingsINI", true);
Gefunden : user_pref("CT2319825.shouldFirstTimeDialog", "false");
Gefunden : user_pref("CT2319825.smartbar.CTID", "CT2319825");
Gefunden : user_pref("CT2319825.smartbar.Uninstall", "0");
Gefunden : user_pref("CT2319825.smartbar.homepage", true);
Gefunden : user_pref("CT2319825.smartbar.toolbarName", "Winload ");
Gefunden : user_pref("CT2319825.toolbarBornServerTime", "4-8-2012");
Gefunden : user_pref("CT2319825.toolbarCurrentServerTime", "4-8-2012");
Gefunden : user_pref("CT2319825.toolbarDisabled", "true");
Gefunden : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2319825&SearchSource=1[...]
Gefunden : user_pref("Smartbar.ConduitSearchEngineList", "Winload Customized Web Search");
Gefunden : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825[...]
Gefunden : user_pref("Smartbar.keywordURLSelectedCTID", "CT2319825");
Gefunden : user_pref("extensions.illimitux.ilx_pref_pt_veoh", true);
Gefunden : user_pref("extensions.veohsearchrecs.SupportedSites", "<?xml version=\"1.0\" ?>\r\n<results revision[...]
Gefunden : user_pref("extensions.veohsearchrecs.VeohVersion", "1.5.2");
Gefunden : user_pref("extensions.veohsearchrecs.id", "ed5d2a2cb-eece-cdbe-d643-e5425bee755");
Gefunden : user_pref("extensions.veohsearchrecs.lastsitedate", "29");
Gefunden : user_pref("extensions.veohsearchrecs.veohenabled", "false");
Gefunden : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=2&q=[...]

*************************

AdwCleaner[R1].txt - [10422 octets] - [31/08/2012 23:55:28]

########## EOF - C:\AdwCleaner[R1].txt - [10483 octets] ##########

cosinus 01.09.2012 10:42
adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

Granade 01.09.2012 12:11
Moin,
Code:
# AdwCleaner v2.000 - Datei am 09/01/2012 um 12:54:47 erstellt
# Aktualisiert am 30/08/2012 von Xplode
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Benutzer : Besitzer - *****
# Normaler Modus : Normal
# Ausgeführt unter : C:\Users\Besitzer\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\e9xqhlp5.default\searchplugins\Conduit.xml
Datei Gelöscht : C:\Windows\Utils.dll
Gelöscht mit Neustart : C:\Program Files (x86)\Conduit
Gelöscht mit Neustart : C:\Program Files (x86)\Winload
Gelöscht mit Neustart : C:\Users\Besitzer\AppData\Local\Conduit
Gelöscht mit Neustart : C:\Users\Besitzer\AppData\LocalLow\Conduit
Gelöscht mit Neustart : C:\Users\Besitzer\AppData\LocalLow\Winload
Gelöscht mit Neustart : C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\e9xqhlp5.default\Smartbar

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Winload
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2319825
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4D494D9D-1436-41D8-AC95-35AA4F4AEFAF}
Schlüssel Gelöscht : HKLM\Software\Orbit\OpenCandy
Schlüssel Gelöscht : HKLM\Software\Winload
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4D494D9D-1436-41D8-AC95-35AA4F4AEFAF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{795A7172-6CC0-47E2-9D06-99D32F9879A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8213B672-89AE-4FC3-8072-D63B37789907}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C058A63F-E3D9-4720-8219-F53C6843D5A3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Winload Toolbar
Schlüssel Gelöscht : HKU\S-1-5-21-1030270869-327165798-2241316676-1002\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{40C3CC16-7269-4B32-9531-17F2950FB06F}]

***** [Internet Browser] *****

-\\ Internet Explorer v7.0.6002.18005

Wiederhergestellt : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-21-1030270869-327165798-2241316676-1002\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825 --> hxxp://www.google.com

-\\ Mozilla Firefox v15.0 (de)

Profilname : default
Datei : C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\e9xqhlp5.default\prefs.js

C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\e9xqhlp5.default\user.js ... Gelöscht !

Gelöscht : user_pref("CT2319825.1000082.isPlayDisplay", "true");
Gelöscht : user_pref("CT2319825.1000082.state", "{\"state\":\"stopped\",\"text\":\"1Live\",\"description\":\"1L[...]
Gelöscht : user_pref("CT2319825.1000234.TWC_TMP_city", "BERLIN");
Gelöscht : user_pref("CT2319825.1000234.TWC_TMP_country", "DE");
Gelöscht : user_pref("CT2319825.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2319825.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Gelöscht : user_pref("CT2319825.FirstTime", "true");
Gelöscht : user_pref("CT2319825.FirstTimeFF3", "true");
Gelöscht : user_pref("CT2319825.ID", "48182593");
Gelöscht : user_pref("CT2319825.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT231[...]
Gelöscht : user_pref("CT2319825.UserID", "UN79165558367881938");
Gelöscht : user_pref("CT2319825.addressBarTakeOverEnabledInHidden", "true");
Gelöscht : user_pref("CT2319825.autoDisableScopes", -1);
Gelöscht : user_pref("CT2319825.browser.search.defaultthis.engineName", true);
Gelöscht : user_pref("CT2319825.defaultSearch", "true");
Gelöscht : user_pref("CT2319825.embeddedsData", "[{\"appId\":\"128898076802619666\",\"apiPermissions\":{\"cross[...]
Gelöscht : user_pref("CT2319825.enableAlerts", "always");
Gelöscht : user_pref("CT2319825.enableSearchFromAddressBar", "true");
Gelöscht : user_pref("CT2319825.firstTimeDialogOpened", "true");
Gelöscht : user_pref("CT2319825.fixPageNotFoundError", "true");
Gelöscht : user_pref("CT2319825.fixPageNotFoundErrorInHidden", "true");
Gelöscht : user_pref("CT2319825.fixUrls", true);
Gelöscht : user_pref("CT2319825.installId", "ConduitNSISIntegration");
Gelöscht : user_pref("CT2319825.installType", "ConduitNSISIntegration");
Gelöscht : user_pref("CT2319825.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2319825.isNewTabEnabled", true);
Gelöscht : user_pref("CT2319825.isPerformedSmartBarTransition", "true");
Gelöscht : user_pref("CT2319825.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Gelöscht : user_pref("CT2319825.keyword", true);
Gelöscht : user_pref("CT2319825.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.spiegel.de%2[...]
Gelöscht : user_pref("CT2319825.openThankYouPage", "false");
Gelöscht : user_pref("CT2319825.openUninstallPage", "true");
Gelöscht : user_pref("CT2319825.search.searchAppId", "128898076802619666");
Gelöscht : user_pref("CT2319825.search.searchCount", "0");
Gelöscht : user_pref("CT2319825.searchInNewTabEnabledInHidden", "true");
Gelöscht : user_pref("CT2319825.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2319825.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Gelöscht : user_pref("CT2319825.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"2\[...]
Gelöscht : user_pref("CT2319825.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Gelöscht : user_pref("CT2319825.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT2319825.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT2319825.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Gelöscht : user_pref("CT2319825.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Gelöscht : user_pref("CT2319825.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1344103761988");
Gelöscht : user_pref("CT2319825.serviceLayer_services_appTracking_lastUpdate", "1344103764604");
Gelöscht : user_pref("CT2319825.serviceLayer_services_appsMetadata_lastUpdate", "1344103761983");
Gelöscht : user_pref("CT2319825.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1344103763565");
Gelöscht : user_pref("CT2319825.serviceLayer_services_login_10.10.20.14_lastUpdate", "1344103764443");
Gelöscht : user_pref("CT2319825.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1344103763607");
Gelöscht : user_pref("CT2319825.serviceLayer_services_searchAPI_lastUpdate", "1344103760883");
Gelöscht : user_pref("CT2319825.serviceLayer_services_serviceMap_lastUpdate", "1344103760709");
Gelöscht : user_pref("CT2319825.serviceLayer_services_toolbarContextMenu_lastUpdate", "1344103763588");
Gelöscht : user_pref("CT2319825.serviceLayer_services_toolbarSettings_lastUpdate", "1344103760845");
Gelöscht : user_pref("CT2319825.serviceLayer_services_translation_lastUpdate", "1344103761975");
Gelöscht : user_pref("CT2319825.settingsINI", true);
Gelöscht : user_pref("CT2319825.shouldFirstTimeDialog", "false");
Gelöscht : user_pref("CT2319825.smartbar.CTID", "CT2319825");
Gelöscht : user_pref("CT2319825.smartbar.Uninstall", "0");
Gelöscht : user_pref("CT2319825.smartbar.homepage", true);
Gelöscht : user_pref("CT2319825.smartbar.toolbarName", "Winload ");
Gelöscht : user_pref("CT2319825.toolbarBornServerTime", "4-8-2012");
Gelöscht : user_pref("CT2319825.toolbarCurrentServerTime", "4-8-2012");
Gelöscht : user_pref("CT2319825.toolbarDisabled", "true");
Gelöscht : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2319825&SearchSource=1[...]
Gelöscht : user_pref("Smartbar.ConduitSearchEngineList", "Winload Customized Web Search");
Gelöscht : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825[...]
Gelöscht : user_pref("Smartbar.keywordURLSelectedCTID", "CT2319825");
Gelöscht : user_pref("extensions.illimitux.ilx_pref_pt_veoh", true);
Gelöscht : user_pref("extensions.veohsearchrecs.SupportedSites", "<?xml version=\"1.0\" ?>\r\n<results revision[...]
Gelöscht : user_pref("extensions.veohsearchrecs.VeohVersion", "1.5.2");
Gelöscht : user_pref("extensions.veohsearchrecs.id", "ed5d2a2cb-eece-cdbe-d643-e5425bee755");
Gelöscht : user_pref("extensions.veohsearchrecs.lastsitedate", "29");
Gelöscht : user_pref("extensions.veohsearchrecs.veohenabled", "false");
Gelöscht : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=2&q=[...]

*************************

AdwCleaner[S1].txt - [11181 octets] - [01/09/2012 12:54:47]

########## EOF - C:\AdwCleaner[S1].txt - [11242 octets] ##########

cosinus 01.09.2012 12:48
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Granade 06.09.2012 21:42
Moin,
entschuldige bitte die späte Rückmeldung. Hier der OTL-Log:

OTL Logfile:
Code:
OTL logfile created on: 06.09.2012 21:35:47 - Run 2
OTL by OldTimer - Version 3.2.61.0    Folder = C:\Users\Besitzer\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,83 Gb Available Physical Memory | 70,74% Memory free
8,22 Gb Paging File | 6,93 Gb Available in Paging File | 84,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58,59 Gb Total Space | 7,62 Gb Free Space | 13,00% Space Free | Partition Type: NTFS
Drive D: | 358,33 Gb Total Space | 144,91 Gb Free Space | 40,44% Space Free | Partition Type: NTFS
Drive E: | 48,83 Gb Total Space | 11,95 Gb Free Space | 24,48% Space Free | Partition Type: NTFS
 
Computer Name: ****** | User Name: Besitzer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.06 21:34:34 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Besitzer\Desktop\OTL(1).exe
PRC - [2012.08.31 23:59:17 | 001,193,176 | ---- | M] () -- C:\Users\Besitzer\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012.08.09 21:33:33 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.09 08:58:28 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.09 08:58:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.03.01 02:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2011.01.10 14:49:52 | 000,014,848 | ---- | M] () -- C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
PRC - [2009.02.18 19:20:07 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.08.31 23:59:17 | 001,193,176 | ---- | M] () -- C:\Users\Besitzer\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
MOD - [2009.04.10 23:28:24 | 000,223,232 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.05.29 13:09:50 | 000,035,680 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV - [2012.09.01 10:44:34 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.08.16 19:31:28 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.29 13:09:52 | 002,143,072 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012.05.29 13:09:50 | 000,029,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2012.05.09 08:58:28 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.09 08:58:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.03.01 02:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.02.29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.01.12 10:44:32 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.01.10 14:49:52 | 000,014,848 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe -- (DokanMounter)
SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.03.29 21:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.02.18 19:20:07 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2007.12.20 01:04:00 | 000,364,544 | R--- | M] (AVM Berlin) [Disabled | Stopped] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.09 08:58:28 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.09 08:58:28 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.10.11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.01.10 14:51:40 | 000,120,408 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\dokan.sys -- (Dokan)
DRV:64bit: - [2010.11.09 18:59:09 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009.06.29 17:33:30 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:64bit: - [2009.06.29 17:33:29 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009.02.03 17:37:50 | 000,075,384 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfdrv01.sys -- (sfdrv01)
DRV:64bit: - [2008.11.18 17:27:10 | 000,118,016 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\gtstusbser_64.sys -- (gtstusbser_64)
DRV:64bit: - [2008.02.14 08:56:14 | 000,160,768 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008.01.21 04:51:07 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2008.01.21 04:47:28 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2007.04.23 14:15:48 | 000,031,016 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\rtlprot.sys -- (RtlProt)
DRV:64bit: - [2007.02.08 19:47:24 | 000,107,384 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfvfs02.sys -- (sfvfs02)
DRV:64bit: - [2006.12.28 01:00:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fwlanusb.sys -- (FWLANUSB)
DRV:64bit: - [2006.12.28 01:00:00 | 000,014,120 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject)
DRV:64bit: - [2006.09.18 23:27:33 | 000,055,640 | ---- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Rtnic64.sys -- (RTL8023x64)
DRV:64bit: - [2006.07.11 09:32:40 | 000,052,120 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfsync03.sys -- (sfsync03)
DRV:64bit: - [2006.06.14 16:58:10 | 000,014,192 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfhlp02.sys -- (sfhlp02)
DRV - [2012.02.01 14:24:02 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.02.04 12:59:34 | 000,020,544 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2008.11.18 17:27:10 | 000,118,016 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\gtstusbser_64.sys -- (gtstusbser_64)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-21-1030270869-327165798-2241316676-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1030270869-327165798-2241316676-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1030270869-327165798-2241316676-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1030270869-327165798-2241316676-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-1030270869-327165798-2241316676-1000\..\SearchScopes\{65008CED-E5F6-4583-92DF-63632298B982}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-1030270869-327165798-2241316676-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1030270869-327165798-2241316676-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
 
IE - HKU\S-1-5-21-1030270869-327165798-2241316676-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.prisma-ct.com/
IE - HKU\S-1-5-21-1030270869-327165798-2241316676-1002\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1030270869-327165798-2241316676-1002\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found
IE - HKU\S-1-5-21-1030270869-327165798-2241316676-1002\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1030270869-327165798-2241316676-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-1030270869-327165798-2241316676-1002\..\SearchScopes\{65008CED-E5F6-4583-92DF-63632298B982}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-1030270869-327165798-2241316676-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1030270869-327165798-2241316676-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.spiegel.de/"
FF - prefs.js..extensions.enabledAddons: illimitux@illimitux.net:4.0
FF - prefs.js..extensions.enabledAddons: {5B52016C-D097-4aec-BE61-9F129D8FDDBA}:2.0
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.6
FF - prefs.js..extensions.enabledAddons: {184AA5E6-741D-464a-820E-94B3ABC2F3B4}:1.0
FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:4.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.4
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {5B52016C-D097-4aec-BE61-9F129D8FDDBA}:2.0
FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.5.2
FF - prefs.js..extensions.enabledItems: {184AA5E6-741D-464a-820E-94B3ABC2F3B4}:1.0
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 9666
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 9666
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: E:\Programme\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: E:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: E:\Programme\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: E:\Programme\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.06.14 10:13:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Besitzer\AppData\Roaming\5025 [2011.09.14 15:58:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: E:\Programme\Firefox\components [2012.09.01 10:44:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: E:\Programme\Firefox\plugins [2012.03.05 14:45:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.06.14 10:13:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Besitzer\AppData\Roaming\5025 [2011.09.14 15:58:22 | 000,000,000 | ---D | M]
 
[2009.02.06 18:20:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Extensions
[2012.08.04 20:10:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\e9xqhlp5.default\extensions
[2010.06.14 16:00:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\e9xqhlp5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.03.21 16:49:27 | 000,000,000 | ---D | M] ("UltraSurf Firefox Tool") -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\e9xqhlp5.default\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA}
[2010.08.01 21:16:13 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\e9xqhlp5.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.01.23 16:59:09 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\e9xqhlp5.default\extensions\firefox@tvunetworks.com
[2010.05.26 22:06:19 | 000,000,000 | ---D | M] (Illimitux) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\e9xqhlp5.default\extensions\illimitux@illimitux.net
[2010.02.14 18:38:25 | 000,000,000 | ---D | M] (Veoh Video Compass) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\e9xqhlp5.default\extensions\searchrecs@veoh.com
[2012.08.04 14:25:23 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Besitzer\AppData\Roaming\mozilla\firefox\profiles\e9xqhlp5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011.09.14 15:58:22 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\BESITZER\APPDATA\ROAMING\5025
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - E:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O3 - HKU\S-1-5-21-1030270869-327165798-2241316676-1002\..\Toolbar\WebBrowser: (no name) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1030270869-327165798-2241316676-1000..\Run: [Spotify Web Helper] C:\Users\Besitzer\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKU\S-1-5-21-1030270869-327165798-2241316676-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - HKU\S-1-5-21-1030270869-327165798-2241316676-1002..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1030270869-327165798-2241316676-1002..\Run: [Spotify Web Helper] C:\Users\Besitzer\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKU\S-1-5-21-1030270869-327165798-2241316676-1002..\Run: [uTorrent] E:\Programme\utorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-1030270869-327165798-2241316676-1002..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1030270869-327165798-2241316676-1002..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-1030270869-327165798-2241316676-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-21-1030270869-327165798-2241316676-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O8:64bit: - Extra context menu item: &Download by Orbit - E:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: &Grab video by Orbit - E:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - E:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Down&load all by Orbit - E:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Besitzer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - E:\Programme\Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: &Download by Orbit - E:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - E:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - E:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - E:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Besitzer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - E:\Programme\Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Programme\Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\PartyGaming\PartyPoker\RunApp.exe File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0EAE83B7-8094-4692-A9E6-3A97A46A9E38}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3B58B8DD-8186-42F4-B143-79CB626579D5}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7EFDA025-EAD5-4794-8B5F-26A3AF6E4D2B}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D2D43118-0F76-4CE2-8698-5585CB5C8AB5}: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FAF0B3C3-A88A-4957-8ADF-B13D20A35A6F}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1030270869-327165798-2241316676-1000 Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1030270869-327165798-2241316676-1000 Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1030270869-327165798-2241316676-1002 Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1030270869-327165798-2241316676-1002 Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{040c36de-f618-11dd-9fe6-001c4afb1eb1}\Shell - "" = AutoRun
O33 - MountPoints2\{040c36de-f618-11dd-9fe6-001c4afb1eb1}\Shell\AutoRun\command - "" = H:\autorun.exe
O33 - MountPoints2\{2924aa87-f2a0-11dd-a264-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{2924aa87-f2a0-11dd-a264-806e6f6e6963}\Shell\AutoRun\command - "" = "F:\Diablo III Setup.exe"
O33 - MountPoints2\{33517676-6a73-11df-b509-001fd0a136cb}\Shell - "" = AutoRun
O33 - MountPoints2\{33517676-6a73-11df-b509-001fd0a136cb}\Shell\AutoRun\command - "" = J:\QsSetup.exe
O33 - MountPoints2\{3542e24a-f466-11dd-bfbd-001fd0a136cb}\Shell - "" = AutoRun
O33 - MountPoints2\{3542e24a-f466-11dd-bfbd-001fd0a136cb}\Shell\AutoRun\command - "" = G:\pushinst.exe
O33 - MountPoints2\{5b4480e5-f996-11de-a893-001fd0a136cb}\Shell\AutoRun\command - "" = c2e.exe
O33 - MountPoints2\{5b4480e5-f996-11de-a893-001fd0a136cb}\Shell\open\Command - "" = c2e.exe
O33 - MountPoints2\{b18640d1-5c62-11df-9658-001fd0a136cb}\Shell - "" = AutoRun
O33 - MountPoints2\{b18640d1-5c62-11df-9658-001fd0a136cb}\Shell\AutoRun\command - "" = G:\QsSetup.exe
O33 - MountPoints2\{d14e2a7f-ec22-11df-9344-001fd0a136cb}\Shell - "" = AutoRun
O33 - MountPoints2\{d14e2a7f-ec22-11df-9344-001fd0a136cb}\Shell\AutoRun\command - "" = H:\autorun.exe
O33 - MountPoints2\{d14e2a7f-ec22-11df-9344-001fd0a136cb}\Shell\setup\command - "" = H:\setup.exe
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\QsSetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: WinDefend - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: BFE - Service
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: WinDefend - Service
SafeBootNet:64bit: WudfPf - Driver
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: BFE - Service
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MPSSvc - C:\Windows\SysWOW64\wbem\mpssvc.mof ()
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - Service
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.2
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\SysWow64\lhacm.acm (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: vidc.i420 - C:\Windows\SysWow64\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.06 21:34:48 | 000,599,040 | ---- | C] (OldTimer Tools) -- C:\Users\Besitzer\Desktop\OTL(1).exe
[2012.08.17 15:51:26 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Oberon Media
[2012.08.17 15:51:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oberon Media
[2012.08.17 15:51:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oberon Media
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.06 21:36:00 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.06 21:34:34 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Besitzer\Desktop\OTL(1).exe
[2012.09.06 21:31:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.06 21:09:57 | 001,418,632 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.09.06 21:09:57 | 000,618,204 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.09.06 21:09:57 | 000,586,980 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.09.06 21:09:57 | 000,122,636 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.09.06 21:09:57 | 000,101,052 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.09.06 21:03:16 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.06 21:03:15 | 000,003,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.06 21:03:15 | 000,003,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.06 21:03:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.31 23:54:59 | 000,511,265 | ---- | M] () -- C:\Users\Besitzer\Desktop\adwcleaner.exe
[2012.08.08 19:55:11 | 000,111,928 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
 
========== Files Created - No Company Name ==========
 
[2012.09.05 19:49:30 | 000,090,624 | ---- | C] () -- C:\Windows\Installer\{8d85f97b-1311-281b-17d2-05b2700438bc}\U\80000032.@
[2012.09.05 19:49:30 | 000,077,824 | ---- | C] () -- C:\Windows\Installer\{8d85f97b-1311-281b-17d2-05b2700438bc}\U\80000064.@
[2012.09.01 12:54:34 | 000,511,265 | ---- | C] () -- C:\Users\Besitzer\Desktop\adwcleaner.exe
[2012.08.19 19:44:50 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{8d85f97b-1311-281b-17d2-05b2700438bc}\U\00000008.@
[2012.08.19 19:44:27 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{8d85f97b-1311-281b-17d2-05b2700438bc}\U\000000cb.@
[2012.08.08 23:06:27 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{8d85f97b-1311-281b-17d2-05b2700438bc}\U\80000000.@
[2012.08.08 23:06:26 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{8d85f97b-1311-281b-17d2-05b2700438bc}\U\00000004.@
[2012.08.06 21:22:05 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{8d85f97b-1311-281b-17d2-05b2700438bc}\L\00000004.@
[2012.05.15 10:14:37 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012.05.15 10:14:19 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2012.05.15 10:13:27 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2012.05.09 18:26:11 | 001,368,464 | ---- | C] () -- C:\Windows\gdfdata.dll
[2012.05.09 18:26:11 | 000,034,753 | ---- | C] () -- C:\Windows\data2.bin
[2012.05.09 18:26:08 | 001,771,424 | ---- | C] () -- C:\Windows\SH_NClient.dll
[2012.05.09 18:26:08 | 000,992,168 | ---- | C] () -- C:\Windows\MissionTerrain.dll
[2012.05.09 18:26:08 | 000,736,160 | ---- | C] () -- C:\Windows\SimData.dll
[2012.05.09 18:26:08 | 000,419,752 | ---- | C] () -- C:\Windows\grannyloader.dll
[2012.05.09 18:26:08 | 000,362,904 | ---- | C] () -- C:\Windows\kernel.dll
[2012.05.09 18:26:08 | 000,181,664 | ---- | C] () -- C:\Windows\GDSScene.dll
[2012.05.09 18:26:08 | 000,135,072 | ---- | C] () -- C:\Windows\DrawLib.dll
[2012.05.09 18:26:08 | 000,133,544 | ---- | C] () -- C:\Windows\MissionEngine.dll
[2012.05.09 18:26:08 | 000,124,328 | ---- | C] () -- C:\Windows\Plug_Behavior.dll
[2012.05.09 18:26:08 | 000,117,672 | ---- | C] () -- C:\Windows\AIFramework.dll
[2012.05.09 18:26:08 | 000,114,600 | ---- | C] () -- C:\Windows\GDSViewerCtrl.dll
[2012.05.09 18:26:08 | 000,095,672 | ---- | C] () -- C:\Windows\PropertyUserInterface.dll
[2012.05.09 18:26:08 | 000,083,368 | ---- | C] () -- C:\Windows\StateMachine.dll
[2012.05.09 18:26:08 | 000,081,320 | ---- | C] () -- C:\Windows\FileManager.dll
[2012.05.09 18:26:08 | 000,074,144 | ---- | C] () -- C:\Windows\MessageNet.dll
[2012.05.09 18:26:08 | 000,073,136 | ---- | C] () -- C:\Windows\GoblinEditorApp.exe
[2012.05.09 18:26:08 | 000,069,040 | ---- | C] () -- C:\Windows\MisTerrViewCtrl.dll
[2012.05.09 18:26:08 | 000,067,000 | ---- | C] () -- C:\Windows\ScriptManagerNative.dll
[2012.05.09 18:26:08 | 000,065,432 | ---- | C] () -- C:\Windows\zlib1.dll
[2012.05.09 18:26:08 | 000,051,624 | ---- | C] () -- C:\Windows\SH_NProtocol.dll
[2012.05.09 18:26:08 | 000,039,328 | ---- | C] () -- C:\Windows\property.dll
[2012.05.09 18:26:08 | 000,033,696 | ---- | C] () -- C:\Windows\Plug_Zones.dll
[2012.05.09 18:26:08 | 000,031,656 | ---- | C] () -- C:\Windows\Plug_Commons.dll
[2012.05.09 18:26:08 | 000,023,464 | ---- | C] () -- C:\Windows\LowLevelUtils.dll
[2012.05.09 18:26:08 | 000,014,240 | ---- | C] () -- C:\Windows\TuningTool.dll
[2012.04.01 12:06:24 | 000,000,366 | ---- | C] () -- C:\Windows\XIIIHooligans.ini
[2012.03.16 18:40:45 | 000,000,680 | ---- | C] () -- C:\Users\Besitzer\AppData\Local\d3d9caps.dat
[2012.02.29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.01.16 10:39:12 | 000,150,816 | ---- | C] () -- C:\Windows\SysWow64\WIN2PDFS.DLL
[2012.01.16 10:39:11 | 000,000,002 | ---- | C] () -- C:\Windows\1way.ini
[2011.10.19 15:10:23 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{8d85f97b-1311-281b-17d2-05b2700438bc}\@
[2011.09.14 15:58:18 | 000,000,000 | ---- | C] () -- C:\Users\Besitzer\AppData\Roaming\blckdom.res
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.03.27 21:45:55 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2011.01.10 14:49:52 | 000,035,840 | ---- | C] () -- C:\Windows\SysWow64\dokan.dll
[2010.09.30 16:46:08 | 000,122,608 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010.03.21 16:46:18 | 000,000,600 | ---- | C] () -- C:\Users\Besitzer\PUTTY.RND
[2009.02.06 20:14:00 | 000,049,664 | ---- | C] () -- C:\Users\Besitzer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== LOP Check ==========
 
[2011.09.14 15:58:22 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\5025
[2012.08.04 22:36:01 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\AirportMadness4
[2011.05.04 16:38:10 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Amazon
[2012.08.05 12:22:32 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Azureus
[2009.02.08 21:40:39 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\DAEMON Tools
[2010.11.09 19:02:21 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\DAEMON Tools Lite
[2009.02.08 21:40:39 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\DAEMON Tools Pro
[2012.08.08 18:08:15 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Dropbox
[2011.10.01 23:48:44 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\DVDVideoSoft
[2011.10.01 23:48:33 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.04.06 11:33:23 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\GrabPro
[2009.02.22 20:02:56 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Helios
[2012.02.23 23:49:22 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\ICQ
[2011.09.14 15:58:08 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\kock
[2010.03.13 20:09:04 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Leadertech
[2010.09.29 18:23:22 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\LolClient
[2012.03.05 14:47:53 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\OpenOffice.org
[2012.08.10 22:53:51 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Orbit
[2012.01.16 10:45:30 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\PDF Writer
[2009.02.20 20:45:39 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Red Alert 3
[2012.02.16 20:48:35 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Sony
[2011.08.14 13:59:45 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\SpeedSim
[2012.08.31 23:59:22 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Spotify
[2010.10.11 14:35:03 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\temp
[2011.02.27 16:29:48 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\The Creative Assembly
[2009.02.10 17:09:34 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Thunderbird
[2012.03.14 00:05:58 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Tropico 3
[2012.06.27 19:42:11 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\TS3Client
[2012.02.23 22:57:37 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\TuneUp Software
[2009.06.29 17:36:22 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Ubisoft
[2012.08.08 18:08:24 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\uTorrent
[2011.06.22 22:00:26 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\wargaming.net
[2010.01.05 03:06:31 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\WordToPDF
[2012.05.14 17:12:45 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\WOTModInstaller
[2012.05.14 17:12:29 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\WoT_StartPack
[2011.09.14 15:58:12 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\xmldm
[2012.09.05 23:19:43 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.10.19 17:40:16 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{9D31A6BA-0F1A-4645-9F5B-77B0634D8E33}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.09.14 15:58:22 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\5025
[2010.03.13 20:12:11 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Adobe
[2009.02.05 09:48:14 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Ahead
[2012.08.04 22:36:01 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\AirportMadness4
[2011.05.04 16:38:10 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Amazon
[2011.10.19 14:53:25 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Avira
[2012.08.05 12:22:32 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Azureus
[2009.02.25 15:54:24 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\CyberLink
[2009.02.08 21:40:39 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\DAEMON Tools
[2010.11.09 19:02:21 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\DAEMON Tools Lite
[2009.02.08 21:40:39 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\DAEMON Tools Pro
[2010.09.29 11:37:49 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\DivX
[2012.08.08 18:08:15 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Dropbox
[2011.10.01 23:48:44 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\DVDVideoSoft
[2011.10.01 23:48:33 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.04.06 11:33:23 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\GrabPro
[2009.02.22 20:02:56 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Helios
[2010.06.14 10:23:19 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\HP
[2012.03.15 10:16:38 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\HpUpdate
[2012.02.23 23:49:22 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\ICQ
[2009.02.04 14:36:24 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Identities
[2012.02.23 23:46:43 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\InstallShield
[2011.09.14 15:58:08 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\kock
[2010.03.13 20:09:04 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Leadertech
[2010.09.29 18:23:22 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\LolClient
[2009.02.06 14:55:32 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Macromedia
[2012.05.26 18:19:16 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Malwarebytes
[2006.11.02 17:07:25 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Media Center Programs
[2012.08.07 20:49:55 | 000,000,000 | --SD | M] -- C:\Users\Besitzer\AppData\Roaming\Microsoft
[2012.08.05 23:05:21 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Microsoft Games
[2009.11.11 21:02:31 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\mIRC
[2009.02.10 17:09:34 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Mozilla
[2012.08.08 19:57:29 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\NVIDIA
[2012.03.05 14:47:53 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\OpenOffice.org
[2012.08.10 22:53:51 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Orbit
[2012.01.16 10:45:30 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\PDF Writer
[2011.03.27 21:23:14 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Real
[2009.02.20 20:45:39 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Red Alert 3
[2009.02.08 18:01:16 | 000,000,000 | RH-D | M] -- C:\Users\Besitzer\AppData\Roaming\SecuROM
[2012.06.16 15:11:47 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Skype
[2012.02.16 20:48:35 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Sony
[2012.02.16 20:49:25 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Sony Corporation
[2011.08.14 13:59:45 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\SpeedSim
[2012.08.31 23:59:22 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Spotify
[2009.02.10 17:09:36 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Talkback
[2009.07.24 22:17:01 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\teamspeak2
[2010.10.11 14:35:03 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\temp
[2011.02.27 16:29:48 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\The Creative Assembly
[2009.02.10 17:09:34 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Thunderbird
[2012.03.14 00:05:58 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Tropico 3
[2012.06.27 19:42:11 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\TS3Client
[2012.02.23 22:57:37 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\TuneUp Software
[2009.06.29 17:36:22 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Ubisoft
[2012.08.08 18:08:24 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\uTorrent
[2011.06.22 22:00:26 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\wargaming.net
[2012.02.24 21:00:58 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Winamp
[2009.02.08 18:24:18 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\WinRAR
[2010.01.05 03:06:31 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\WordToPDF
[2012.05.14 17:12:45 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\WOTModInstaller
[2012.05.14 17:12:29 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\WoT_StartPack
[2011.09.14 15:58:12 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\xmldm
 
< %APPDATA%\*.exe /s >
[2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Besitzer\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2012.05.24 20:39:24 | 000,872,144 | ---- | M] (Dropbox, Inc.) -- C:\Users\Besitzer\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe
[2012.05.24 20:39:56 | 000,177,280 | ---- | M] (Dropbox, Inc.) -- C:\Users\Besitzer\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2012.01.31 10:25:55 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Besitzer\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011.06.18 14:10:42 | 003,082,400 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Besitzer\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
[2010.12.16 21:25:21 | 000,348,160 | ---- | M] (Octoshape ApS) -- C:\Users\Besitzer\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
[2012.08.31 23:59:18 | 005,576,408 | ---- | M] (Spotify Ltd) -- C:\Users\Besitzer\AppData\Roaming\Spotify\spotify.exe
[2012.08.31 23:59:18 | 000,114,904 | ---- | M] () -- C:\Users\Besitzer\AppData\Roaming\Spotify\SpotifyLauncher.exe
[2012.08.31 23:59:17 | 001,193,176 | ---- | M] () -- C:\Users\Besitzer\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\SysNative\drivers\AGP440.sys
[2008.01.21 04:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008.01.21 04:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.01.21 04:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009.04.11 09:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
[2009.04.11 00:15:02 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SysNative\drivers\atapi.sys
[2009.04.11 00:15:02 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 13:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\SysNative\cngaudit.dll
[2006.11.02 13:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2008.01.21 04:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.01.21 04:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009.04.11 09:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2009.04.11 00:11:18 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SysNative\netlogon.dll
[2009.04.11 00:11:18 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008.01.21 04:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2008.01.21 04:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\SysNative\drivers\nvstor.sys
[2008.01.21 04:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008.01.21 04:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009.04.11 09:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll
[2009.04.11 00:11:24 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SysNative\scecli.dll
[2009.04.11 00:11:24 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 04:48:29 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=32B87D215905F648EBE36A621978442C -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_295707c525b9f068\user32.dll
[2008.01.21 04:49:14 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_33abb2175a1ab263\user32.dll
[2009.04.11 08:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll
[2009.04.10 23:26:46 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SysWOW64\user32.dll
[2009.04.10 23:26:46 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll
[2009.04.11 09:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=F3F5549E69AE8509342E67E4F972CA1C -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll
[2009.04.11 00:11:28 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysNative\user32.dll
[2009.04.11 00:11:28 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008.01.21 04:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008.01.21 04:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008.01.21 04:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe
[2008.01.21 04:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008.01.21 04:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe
[2008.01.21 04:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2009.04.11 00:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009.04.11 00:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008.01.21 04:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.01.21 04:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2008.01.21 04:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_aba53c58802b1777\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 487 bytes -> C:\ProgramData\TEMP:05EE1EEF

< End of report >
--- --- ---
[/code]

cosinus 07.09.2012 10:14
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.5.2
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 9666
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 9666
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
O3 - HKU\S-1-5-21-1030270869-327165798-2241316676-1002\..\Toolbar\WebBrowser: (no name) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-1030270869-327165798-2241316676-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-21-1030270869-327165798-2241316676-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\PartyGaming\PartyPoker\RunApp.exe File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{040c36de-f618-11dd-9fe6-001c4afb1eb1}\Shell - "" = AutoRun
O33 - MountPoints2\{040c36de-f618-11dd-9fe6-001c4afb1eb1}\Shell\AutoRun\command - "" = H:\autorun.exe
O33 - MountPoints2\{2924aa87-f2a0-11dd-a264-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{2924aa87-f2a0-11dd-a264-806e6f6e6963}\Shell\AutoRun\command - "" = "F:\Diablo III Setup.exe"
O33 - MountPoints2\{33517676-6a73-11df-b509-001fd0a136cb}\Shell - "" = AutoRun
O33 - MountPoints2\{33517676-6a73-11df-b509-001fd0a136cb}\Shell\AutoRun\command - "" = J:\QsSetup.exe
O33 - MountPoints2\{3542e24a-f466-11dd-bfbd-001fd0a136cb}\Shell - "" = AutoRun
O33 - MountPoints2\{3542e24a-f466-11dd-bfbd-001fd0a136cb}\Shell\AutoRun\command - "" = G:\pushinst.exe
O33 - MountPoints2\{5b4480e5-f996-11de-a893-001fd0a136cb}\Shell\AutoRun\command - "" = c2e.exe
O33 - MountPoints2\{5b4480e5-f996-11de-a893-001fd0a136cb}\Shell\open\Command - "" = c2e.exe
O33 - MountPoints2\{b18640d1-5c62-11df-9658-001fd0a136cb}\Shell - "" = AutoRun
O33 - MountPoints2\{b18640d1-5c62-11df-9658-001fd0a136cb}\Shell\AutoRun\command - "" = G:\QsSetup.exe
O33 - MountPoints2\{d14e2a7f-ec22-11df-9344-001fd0a136cb}\Shell - "" = AutoRun
O33 - MountPoints2\{d14e2a7f-ec22-11df-9344-001fd0a136cb}\Shell\AutoRun\command - "" = H:\autorun.exe
O33 - MountPoints2\{d14e2a7f-ec22-11df-9344-001fd0a136cb}\Shell\setup\command - "" = H:\setup.exe
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\QsSetup.exe
@Alternate Data Stream - 487 bytes -> C:\ProgramData\TEMP:05EE1EEF
:Files
C:\Windows\Installer\{8d85f97b-1311-281b-17d2-05b2700438bc}
C:\Users\Besitzer\AppData\Roaming\50??
C:\Users\Besitzer\AppData\Roaming\kock
C:\Users\Besitzer\AppData\Roaming\UAs
C:\Users\Besitzer\AppData\Roaming\xmldm
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Granade 07.09.2012 13:51
Moin,
sieht schon ganz gut aus. Malware Bytes und Antivir melden keine Funde mehr.

Code:
All processes killed
========== OTL ==========
Prefs.js: searchrecs@veoh.com:1.5.2 removed from extensions.enabledItems
Prefs.js: "localhost" removed from network.proxy.http
Prefs.js: 9666 removed from network.proxy.http_port
Prefs.js: "localhost" removed from network.proxy.socks
Prefs.js: 9050 removed from network.proxy.socks_port
Prefs.js: true removed from network.proxy.socks_remote_dns
Prefs.js: "localhost" removed from network.proxy.ssl
Prefs.js: 9666 removed from network.proxy.ssl_port
Prefs.js: 0 removed from network.proxy.type
Registry value HKEY_USERS\S-1-5-21-1030270869-327165798-2241316676-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{40C3CC16-7269-4B32-9531-17F2950FB06F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40C3CC16-7269-4B32-9531-17F2950FB06F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1030270869-327165798-2241316676-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDesktop deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1030270869-327165798-2241316676-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDesktop deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{040c36de-f618-11dd-9fe6-001c4afb1eb1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{040c36de-f618-11dd-9fe6-001c4afb1eb1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{040c36de-f618-11dd-9fe6-001c4afb1eb1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{040c36de-f618-11dd-9fe6-001c4afb1eb1}\ not found.
File H:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2924aa87-f2a0-11dd-a264-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2924aa87-f2a0-11dd-a264-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2924aa87-f2a0-11dd-a264-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2924aa87-f2a0-11dd-a264-806e6f6e6963}\ not found.
File "F:\Diablo III Setup.exe" not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{33517676-6a73-11df-b509-001fd0a136cb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33517676-6a73-11df-b509-001fd0a136cb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{33517676-6a73-11df-b509-001fd0a136cb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33517676-6a73-11df-b509-001fd0a136cb}\ not found.
File J:\QsSetup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3542e24a-f466-11dd-bfbd-001fd0a136cb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3542e24a-f466-11dd-bfbd-001fd0a136cb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3542e24a-f466-11dd-bfbd-001fd0a136cb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3542e24a-f466-11dd-bfbd-001fd0a136cb}\ not found.
File G:\pushinst.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5b4480e5-f996-11de-a893-001fd0a136cb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5b4480e5-f996-11de-a893-001fd0a136cb}\ not found.
File c2e.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5b4480e5-f996-11de-a893-001fd0a136cb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5b4480e5-f996-11de-a893-001fd0a136cb}\ not found.
File c2e.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b18640d1-5c62-11df-9658-001fd0a136cb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b18640d1-5c62-11df-9658-001fd0a136cb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b18640d1-5c62-11df-9658-001fd0a136cb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b18640d1-5c62-11df-9658-001fd0a136cb}\ not found.
File G:\QsSetup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d14e2a7f-ec22-11df-9344-001fd0a136cb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d14e2a7f-ec22-11df-9344-001fd0a136cb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d14e2a7f-ec22-11df-9344-001fd0a136cb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d14e2a7f-ec22-11df-9344-001fd0a136cb}\ not found.
File H:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d14e2a7f-ec22-11df-9344-001fd0a136cb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d14e2a7f-ec22-11df-9344-001fd0a136cb}\ not found.
File H:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J\ not found.
File J:\QsSetup.exe not found.
ADS C:\ProgramData\TEMP:05EE1EEF deleted successfully.
========== FILES ==========
C:\Windows\Installer\{8d85f97b-1311-281b-17d2-05b2700438bc}\U folder moved successfully.
C:\Windows\Installer\{8d85f97b-1311-281b-17d2-05b2700438bc}\L folder moved successfully.
C:\Windows\Installer\{8d85f97b-1311-281b-17d2-05b2700438bc} folder moved successfully.
C:\Users\Besitzer\AppData\Roaming\5025\components folder moved successfully.
C:\Users\Besitzer\AppData\Roaming\5025 folder moved successfully.
C:\Users\Besitzer\AppData\Roaming\kock folder moved successfully.
File\Folder C:\Users\Besitzer\AppData\Roaming\UAs not found.
C:\Users\Besitzer\AppData\Roaming\xmldm folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Besitzer\Desktop\cmd.bat deleted successfully.
C:\Users\Besitzer\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: AppData
 
User: Besitzer
->Temp folder emptied: 83511215 bytes
->Temporary Internet Files folder emptied: 636810 bytes
->Java cache emptied: 96485315 bytes
->FireFox cache emptied: 603850359 bytes
->Flash cache emptied: 4421010 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Sam
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 691869 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 22453588 bytes
 
Total Files Cleaned = 775,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: AppData
 
User: Besitzer
->Flash cache emptied: 0 bytes
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Sam
 
User: UpdatusUser
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.61.0 log created on 09072012_144206

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

cosinus 10.09.2012 11:53
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtg4nzy0ywy5/settings_2012-09-04.png

Granade 14.09.2012 16:28
Moin, hier das LOG:

Code:
17:24:26.0380 3612  TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
17:24:26.0410 3612  ============================================================
17:24:26.0410 3612  Current date / time: 2012/09/14 17:24:26.0410
17:24:26.0410 3612  SystemInfo:
17:24:26.0410 3612 
17:24:26.0410 3612  OS Version: 6.0.6002 ServicePack: 2.0
17:24:26.0410 3612  Product type: Workstation
17:24:26.0410 3612  ComputerName: ******
17:24:26.0410 3612  UserName: Besitzer
17:24:26.0410 3612  Windows directory: C:\Windows
17:24:26.0410 3612  System windows directory: C:\Windows
17:24:26.0410 3612  Running under WOW64
17:24:26.0410 3612  Processor architecture: Intel x64
17:24:26.0410 3612  Number of processors: 4
17:24:26.0410 3612  Page size: 0x1000
17:24:26.0410 3612  Boot type: Normal boot
17:24:26.0410 3612  ============================================================
17:24:27.0140 3612  Drive \Device\Harddisk0\DR0 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:24:27.0140 3612  ============================================================
17:24:27.0140 3612  \Device\Harddisk0\DR0:
17:24:27.0140 3612  MBR partitions:
17:24:27.0140 3612  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x7530000
17:24:27.0160 3612  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x7531000, BlocksNum 0x2CCAB800
17:24:27.0170 3612  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x341DD000, BlocksNum 0x61A7800
17:24:27.0170 3612  ============================================================
17:24:27.0210 3612  C: <-> \Device\Harddisk0\DR0\Partition1
17:24:27.0250 3612  D: <-> \Device\Harddisk0\DR0\Partition2
17:24:27.0280 3612  E: <-> \Device\Harddisk0\DR0\Partition3
17:24:27.0280 3612  ============================================================
17:24:27.0280 3612  Initialize success
17:24:27.0280 3612  ============================================================
17:25:21.0808 1908  ============================================================
17:25:21.0808 1908  Scan started
17:25:21.0808 1908  Mode: Manual; SigCheck; TDLFS;
17:25:21.0808 1908  ============================================================
17:25:22.0338 1908  ================ Scan system memory ========================
17:25:22.0338 1908  System memory - ok
17:25:22.0338 1908  ================ Scan services =============================
17:25:22.0447 1908  [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI            C:\Windows\system32\drivers\acpi.sys
17:25:22.0541 1908  ACPI - ok
17:25:22.0650 1908  [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:25:22.0666 1908  AdobeFlashPlayerUpdateSvc - ok
17:25:22.0728 1908  [ F14215E37CF124104575073F782111D2 ] adp94xx        C:\Windows\system32\drivers\adp94xx.sys
17:25:22.0744 1908  adp94xx - ok
17:25:22.0775 1908  [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci        C:\Windows\system32\drivers\adpahci.sys
17:25:22.0791 1908  adpahci - ok
17:25:22.0806 1908  [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
17:25:22.0822 1908  adpu160m - ok
17:25:22.0822 1908  [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320        C:\Windows\system32\drivers\adpu320.sys
17:25:22.0837 1908  adpu320 - ok
17:25:22.0869 1908  [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
17:25:22.0900 1908  AeLookupSvc - ok
17:25:22.0931 1908  [ 0CC146C4ADDEA45791B18B1E2659F4A9 ] AFD            C:\Windows\system32\drivers\afd.sys
17:25:22.0962 1908  AFD - ok
17:25:22.0978 1908  [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440          C:\Windows\system32\drivers\agp440.sys
17:25:22.0993 1908  agp440 - ok
17:25:23.0009 1908  [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx        C:\Windows\system32\drivers\djsvs.sys
17:25:23.0025 1908  aic78xx - ok
17:25:23.0056 1908  [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG            C:\Windows\System32\alg.exe
17:25:23.0181 1908  ALG - ok
17:25:23.0196 1908  [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide          C:\Windows\system32\drivers\aliide.sys
17:25:23.0212 1908  aliide - ok
17:25:23.0212 1908  [ 970FA5059E61E30D25307B99903E991E ] amdide          C:\Windows\system32\drivers\amdide.sys
17:25:23.0227 1908  amdide - ok
17:25:23.0243 1908  [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8          C:\Windows\system32\drivers\amdk8.sys
17:25:23.0274 1908  AmdK8 - ok
17:25:23.0368 1908  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
17:25:23.0383 1908  AntiVirSchedulerService - ok
17:25:23.0415 1908  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
17:25:23.0415 1908  AntiVirService - ok
17:25:23.0430 1908  [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo        C:\Windows\System32\appinfo.dll
17:25:23.0461 1908  Appinfo - ok
17:25:23.0477 1908  [ BA8417D4765F3988FF921F30F630E303 ] arc            C:\Windows\system32\drivers\arc.sys
17:25:23.0493 1908  arc - ok
17:25:23.0493 1908  [ 9D41C435619733B34CC16A511E644B11 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
17:25:23.0508 1908  arcsas - ok
17:25:23.0524 1908  [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
17:25:23.0571 1908  AsyncMac - ok
17:25:23.0586 1908  [ E68D9B3A3905619732F7FE039466A623 ] atapi          C:\Windows\system32\drivers\atapi.sys
17:25:23.0602 1908  atapi - ok
17:25:23.0617 1908  [ FC0E8778C000291CAF60EB88C011E931 ] atksgt          C:\Windows\system32\DRIVERS\atksgt.sys
17:25:23.0664 1908  atksgt - ok
17:25:23.0695 1908  [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:25:23.0727 1908  AudioEndpointBuilder - ok
17:25:23.0727 1908  [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
17:25:23.0758 1908  AudioSrv - ok
17:25:23.0773 1908  [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
17:25:23.0789 1908  avgntflt - ok
17:25:23.0805 1908  [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
17:25:23.0805 1908  avipbb - ok
17:25:23.0836 1908  [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
17:25:23.0836 1908  avkmgr - ok
17:25:23.0867 1908  [ B5AB073A8EAA0024DFE4D6E2F7AC2924 ] AVM WLAN Connection Service C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
17:25:23.0898 1908  AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - warning
17:25:23.0898 1908  AVM WLAN Connection Service - detected UnsignedFile.Multi.Generic (1)
17:25:23.0914 1908  [ 1DC2F715792CF33428AD7993ACBD224D ] avmeject        C:\Windows\system32\drivers\avmeject.sys
17:25:23.0929 1908  avmeject - ok
17:25:23.0945 1908  [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
17:25:23.0976 1908  blbdrive - ok
17:25:23.0976 1908  [ 2348447A80920B2493A9B582A23E81E1 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
17:25:24.0007 1908  bowser - ok
17:25:24.0023 1908  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
17:25:24.0039 1908  BrFiltLo - ok
17:25:24.0070 1908  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
17:25:24.0085 1908  BrFiltUp - ok
17:25:24.0101 1908  [ A1B39DE453433B115B4EA69EE0343816 ] Browser        C:\Windows\System32\browser.dll
17:25:24.0148 1908  Browser - ok
17:25:24.0163 1908  [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid        C:\Windows\system32\drivers\brserid.sys
17:25:24.0288 1908  Brserid - ok
17:25:24.0304 1908  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
17:25:24.0366 1908  BrSerWdm - ok
17:25:24.0382 1908  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
17:25:24.0444 1908  BrUsbMdm - ok
17:25:24.0475 1908  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
17:25:24.0538 1908  BrUsbSer - ok
17:25:24.0538 1908  [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
17:25:24.0600 1908  BTHMODEM - ok
17:25:24.0616 1908  [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
17:25:24.0647 1908  cdfs - ok
17:25:24.0663 1908  [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom          C:\Windows\system32\DRIVERS\cdrom.sys
17:25:24.0694 1908  cdrom - ok
17:25:24.0709 1908  [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc    C:\Windows\System32\certprop.dll
17:25:24.0756 1908  CertPropSvc - ok
17:25:24.0756 1908  [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass        C:\Windows\system32\drivers\circlass.sys
17:25:24.0803 1908  circlass - ok
17:25:24.0819 1908  [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS            C:\Windows\system32\CLFS.sys
17:25:24.0834 1908  CLFS - ok
17:25:24.0897 1908  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:25:24.0897 1908  clr_optimization_v2.0.50727_32 - ok
17:25:24.0928 1908  [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:25:24.0943 1908  clr_optimization_v2.0.50727_64 - ok
17:25:24.0943 1908  [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
17:25:24.0959 1908  cmdide - ok
17:25:24.0975 1908  [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
17:25:24.0975 1908  Compbatt - ok
17:25:24.0975 1908  COMSysApp - ok
17:25:24.0990 1908  [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk        C:\Windows\system32\drivers\crcdisk.sys
17:25:24.0990 1908  crcdisk - ok
17:25:25.0006 1908  [ 18918613E63F387CDE4D95CA7D49DCF7 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
17:25:25.0053 1908  CryptSvc - ok
17:25:25.0084 1908  [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch      C:\Windows\system32\rpcss.dll
17:25:25.0131 1908  DcomLaunch - ok
17:25:25.0146 1908  [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
17:25:25.0162 1908  DfsC - ok
17:25:25.0240 1908  [ C647F468F7DE343DF8C143655C5557D4 ] DFSR            C:\Windows\system32\DFSR.exe
17:25:25.0380 1908  DFSR - ok
17:25:25.0411 1908  [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
17:25:25.0443 1908  Dhcp - ok
17:25:25.0458 1908  [ B0107E40ECDB5FA692EBF832F295D905 ] disk            C:\Windows\system32\drivers\disk.sys
17:25:25.0474 1908  disk - ok
17:25:25.0489 1908  [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
17:25:25.0505 1908  Dnscache - ok
17:25:25.0536 1908  [ 3AF44F260A3B04203E9F3F593E979F77 ] Dokan          C:\Windows\system32\drivers\dokan.sys
17:25:25.0552 1908  Dokan - ok
17:25:25.0583 1908  [ 7F5C325B16A5A237F2DF6932BF853621 ] DokanMounter    C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
17:25:25.0599 1908  DokanMounter ( UnsignedFile.Multi.Generic ) - warning
17:25:25.0599 1908  DokanMounter - detected UnsignedFile.Multi.Generic (1)
17:25:25.0614 1908  [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc        C:\Windows\System32\dot3svc.dll
17:25:25.0630 1908  dot3svc - ok
17:25:25.0677 1908  [ 74C02B1717740C3B8039539E23E4B53F ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
17:25:25.0708 1908  Dot4 - ok
17:25:25.0723 1908  [ 08321D1860235BF42CF2854234337AEA ] Dot4Print      C:\Windows\system32\DRIVERS\Dot4Prt.sys
17:25:25.0755 1908  Dot4Print - ok
17:25:25.0770 1908  [ 4ADCCF0124F2B6911D3786A5D0E779E5 ] dot4usb        C:\Windows\system32\DRIVERS\dot4usb.sys
17:25:25.0801 1908  dot4usb - ok
17:25:25.0817 1908  [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS            C:\Windows\system32\dps.dll
17:25:25.0848 1908  DPS - ok
17:25:25.0864 1908  [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
17:25:25.0895 1908  drmkaud - ok
17:25:25.0942 1908  [ E828CDCA431D1F98D33501DFC390079A ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
17:25:25.0989 1908  DXGKrnl - ok
17:25:26.0004 1908  [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60          C:\Windows\system32\DRIVERS\E1G6032E.sys
17:25:26.0051 1908  E1G60 - ok
17:25:26.0051 1908  EagleX64 - ok
17:25:26.0067 1908  [ C2303883FD9BE49DC36A6400643002EA ] EapHost        C:\Windows\System32\eapsvc.dll
17:25:26.0098 1908  EapHost - ok
17:25:26.0113 1908  [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache          C:\Windows\system32\drivers\ecache.sys
17:25:26.0129 1908  Ecache - ok
17:25:26.0160 1908  [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
17:25:26.0207 1908  ehRecvr - ok
17:25:26.0223 1908  [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched        C:\Windows\ehome\ehsched.exe
17:25:26.0238 1908  ehSched - ok
17:25:26.0254 1908  [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart        C:\Windows\ehome\ehstart.dll
17:25:26.0285 1908  ehstart - ok
17:25:26.0316 1908  [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor        C:\Windows\system32\drivers\elxstor.sys
17:25:26.0332 1908  elxstor - ok
17:25:26.0347 1908  [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt        C:\Windows\system32\emdmgmt.dll
17:25:26.0394 1908  EMDMgmt - ok
17:25:26.0410 1908  [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev          C:\Windows\system32\drivers\errdev.sys
17:25:26.0441 1908  ErrDev - ok
17:25:26.0457 1908  [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem    C:\Windows\system32\es.dll
17:25:26.0503 1908  EventSystem - ok
17:25:26.0519 1908  [ 486844F47B6636044A42454614ED4523 ] exfat          C:\Windows\system32\drivers\exfat.sys
17:25:26.0550 1908  exfat - ok
17:25:26.0566 1908  [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat        C:\Windows\system32\drivers\fastfat.sys
17:25:26.0597 1908  fastfat - ok
17:25:26.0613 1908  [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc            C:\Windows\system32\DRIVERS\fdc.sys
17:25:26.0644 1908  fdc - ok
17:25:26.0675 1908  [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost        C:\Windows\system32\fdPHost.dll
17:25:26.0706 1908  fdPHost - ok
17:25:26.0706 1908  [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub        C:\Windows\system32\fdrespub.dll
17:25:26.0769 1908  FDResPub - ok
17:25:26.0784 1908  [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
17:25:26.0800 1908  FileInfo - ok
17:25:26.0815 1908  [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
17:25:26.0847 1908  Filetrace - ok
17:25:26.0862 1908  [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
17:25:26.0909 1908  flpydisk - ok
17:25:26.0925 1908  [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
17:25:26.0940 1908  FltMgr - ok
17:25:26.0971 1908  [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:25:26.0987 1908  FontCache3.0.0.0 - ok
17:25:27.0003 1908  [ 29D99E860A1CA0A03C6A733FDD0DA703 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
17:25:27.0034 1908  Fs_Rec - ok
17:25:27.0049 1908  [ 444534CBA693DD23C1CC589681E01656 ] FWLANUSB        C:\Windows\system32\DRIVERS\fwlanusb.sys
17:25:27.0096 1908  FWLANUSB - ok
17:25:27.0112 1908  [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
17:25:27.0127 1908  gagp30kx - ok
17:25:27.0143 1908  [ F51FB25E1328FA14F446A8B24AC52709 ] gdrv            C:\Windows\gdrv.sys
17:25:27.0143 1908  gdrv - ok
17:25:27.0174 1908  [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc          C:\Windows\System32\gpsvc.dll
17:25:27.0237 1908  gpsvc - ok
17:25:27.0315 1908  [ FD2A394CFDE457EA844EA9954C7A1974 ] gtstusbser_64  C:\Windows\system32\DRIVERS\gtstusbser_64.sys
17:25:27.0330 1908  gtstusbser_64 - ok
17:25:27.0377 1908  [ F02A533F517EB38333CB12A9E8963773 ] gupdate        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:25:27.0393 1908  gupdate - ok
17:25:27.0408 1908  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:25:27.0424 1908  gupdatem - ok
17:25:27.0439 1908  [ DF45F8142DC6DF9D18C39B3EFFBD0409 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:25:27.0517 1908  HdAudAddService - ok
17:25:27.0533 1908  [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
17:25:27.0595 1908  HDAudBus - ok
17:25:27.0611 1908  [ B4881C84A180E75B8C25DC1D726C375F ] HidBth          C:\Windows\system32\drivers\hidbth.sys
17:25:27.0673 1908  HidBth - ok
17:25:27.0705 1908  [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr          C:\Windows\system32\drivers\hidir.sys
17:25:27.0767 1908  HidIr - ok
17:25:27.0814 1908  [ 59361D38A297755D46A540E450202B2A ] hidserv        C:\Windows\system32\hidserv.dll
17:25:27.0861 1908  hidserv - ok
17:25:27.0876 1908  [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
17:25:27.0892 1908  HidUsb - ok
17:25:27.0907 1908  [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc          C:\Windows\system32\kmsvc.dll
17:25:27.0954 1908  hkmsvc - ok
17:25:27.0954 1908  [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs        C:\Windows\system32\drivers\hpcisss.sys
17:25:27.0970 1908  HpCISSs - ok
17:25:28.0017 1908  [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
17:25:28.0032 1908  hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
17:25:28.0032 1908  hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
17:25:28.0048 1908  [ F3F72A2A86C22610BCA5439FA789DD52 ] hpqddsvc        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
17:25:28.0063 1908  hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
17:25:28.0063 1908  hpqddsvc - detected UnsignedFile.Multi.Generic (1)
17:25:28.0079 1908  [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
17:25:28.0141 1908  HTTP - ok
17:25:28.0157 1908  [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp          C:\Windows\system32\drivers\i2omp.sys
17:25:28.0173 1908  i2omp - ok
17:25:28.0188 1908  [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
17:25:28.0204 1908  i8042prt - ok
17:25:28.0219 1908  [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV        C:\Windows\system32\drivers\iastorv.sys
17:25:28.0235 1908  iaStorV - ok
17:25:28.0313 1908  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
17:25:28.0329 1908  IDriverT ( UnsignedFile.Multi.Generic ) - warning
17:25:28.0329 1908  IDriverT - detected UnsignedFile.Multi.Generic (1)
17:25:28.0375 1908  [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc          C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:25:28.0407 1908  idsvc - ok
17:25:28.0422 1908  [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp          C:\Windows\system32\drivers\iirsp.sys
17:25:28.0438 1908  iirsp - ok
17:25:28.0453 1908  [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT          C:\Windows\System32\ikeext.dll
17:25:28.0500 1908  IKEEXT - ok
17:25:28.0625 1908  [ D7DC70EB652BD2FBA1E3CB6290A63452 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
17:25:28.0719 1908  IntcAzAudAddService - ok
17:25:28.0719 1908  [ DF797A12176F11B2D301C5B234BB200E ] intelide        C:\Windows\system32\drivers\intelide.sys
17:25:28.0734 1908  intelide - ok
17:25:28.0750 1908  [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
17:25:28.0797 1908  intelppm - ok
17:25:28.0812 1908  [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
17:25:28.0843 1908  IPBusEnum - ok
17:25:28.0859 1908  [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:25:28.0906 1908  IpFilterDriver - ok
17:25:28.0906 1908  IpInIp - ok
17:25:28.0906 1908  [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV        C:\Windows\system32\drivers\ipmidrv.sys
17:25:28.0953 1908  IPMIDRV - ok
17:25:28.0968 1908  [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT          C:\Windows\system32\DRIVERS\ipnat.sys
17:25:28.0999 1908  IPNAT - ok
17:25:29.0015 1908  [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
17:25:29.0062 1908  IRENUM - ok
17:25:29.0062 1908  [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
17:25:29.0077 1908  isapnp - ok
17:25:29.0109 1908  [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
17:25:29.0109 1908  iScsiPrt - ok
17:25:29.0124 1908  [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
17:25:29.0140 1908  iteatapi - ok
17:25:29.0140 1908  [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid        C:\Windows\system32\drivers\iteraid.sys
17:25:29.0155 1908  iteraid - ok
17:25:29.0155 1908  [ 423696F3BA6472DD17699209B933BC26 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
17:25:29.0171 1908  kbdclass - ok
17:25:29.0171 1908  [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
17:25:29.0202 1908  kbdhid - ok
17:25:29.0233 1908  [ 40348DCEC0712ED42231C5F90A69A690 ] KeyIso          C:\Windows\system32\lsass.exe
17:25:29.0265 1908  KeyIso - ok
17:25:29.0280 1908  [ 476E2C1DCEA45895994BEF11C2A98715 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
17:25:29.0311 1908  KSecDD - ok
17:25:29.0311 1908  [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk        C:\Windows\system32\drivers\ksthunk.sys
17:25:29.0343 1908  ksthunk - ok
17:25:29.0358 1908  [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm          C:\Windows\system32\msdtckrm.dll
17:25:29.0421 1908  KtmRm - ok
17:25:29.0467 1908  [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer    C:\Windows\system32\srvsvc.dll
17:25:29.0483 1908  LanmanServer - ok
17:25:29.0499 1908  [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:25:29.0530 1908  LanmanWorkstation - ok
17:25:29.0577 1908  [ 156AB2E56DC3CA0B582E3362E07CDED7 ] lirsgt          C:\Windows\system32\DRIVERS\lirsgt.sys
17:25:29.0577 1908  lirsgt - ok
17:25:29.0592 1908  [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
17:25:29.0639 1908  lltdio - ok
17:25:29.0639 1908  [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc        C:\Windows\System32\lltdsvc.dll
17:25:29.0686 1908  lltdsvc - ok
17:25:29.0701 1908  [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts        C:\Windows\System32\lmhsvc.dll
17:25:29.0748 1908  lmhosts - ok
17:25:29.0748 1908  [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
17:25:29.0764 1908  LSI_FC - ok
17:25:29.0779 1908  [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS        C:\Windows\system32\drivers\lsi_sas.sys
17:25:29.0795 1908  LSI_SAS - ok
17:25:29.0811 1908  [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
17:25:29.0811 1908  LSI_SCSI - ok
17:25:29.0826 1908  [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv          C:\Windows\system32\drivers\luafv.sys
17:25:29.0873 1908  luafv - ok
17:25:29.0889 1908  [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
17:25:29.0889 1908  Mcx2Svc - ok
17:25:29.0935 1908  [ 11F714F85530A2BD134074DC30E99FCA ] MDM            C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
17:25:29.0951 1908  MDM - ok
17:25:29.0951 1908  [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas        C:\Windows\system32\drivers\megasas.sys
17:25:29.0967 1908  megasas - ok
17:25:29.0982 1908  [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
17:25:30.0013 1908  MegaSR - ok
17:25:30.0013 1908  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS          C:\Windows\system32\mmcss.dll
17:25:30.0045 1908  MMCSS - ok
17:25:30.0060 1908  [ 59848D5CC74606F0EE7557983BB73C2E ] Modem          C:\Windows\system32\drivers\modem.sys
17:25:30.0091 1908  Modem - ok
17:25:30.0107 1908  [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
17:25:30.0138 1908  monitor - ok
17:25:30.0154 1908  [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
17:25:30.0169 1908  mouclass - ok
17:25:30.0185 1908  [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
17:25:30.0216 1908  mouhid - ok
17:25:30.0216 1908  [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
17:25:30.0232 1908  MountMgr - ok
17:25:30.0263 1908  [ E8D79312373F254DC13F3965BDB3D521 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:25:30.0263 1908  MozillaMaintenance - ok
17:25:30.0279 1908  [ F8276EB8698142884498A528DFEA8478 ] mpio            C:\Windows\system32\drivers\mpio.sys
17:25:30.0294 1908  mpio - ok
17:25:30.0294 1908  [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
17:25:30.0325 1908  mpsdrv - ok
17:25:30.0357 1908  [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
17:25:30.0357 1908  Mraid35x - ok
17:25:30.0388 1908  [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
17:25:30.0403 1908  MRxDAV - ok
17:25:30.0419 1908  [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
17:25:30.0450 1908  mrxsmb - ok
17:25:30.0466 1908  [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:25:30.0481 1908  mrxsmb10 - ok
17:25:30.0481 1908  [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:25:30.0497 1908  mrxsmb20 - ok
17:25:30.0497 1908  [ 1AC860612B85D8E85EE257D372E39F4D ] msahci          C:\Windows\system32\drivers\msahci.sys
17:25:30.0513 1908  msahci - ok
17:25:30.0528 1908  [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm          C:\Windows\system32\drivers\msdsm.sys
17:25:30.0544 1908  msdsm - ok
17:25:30.0544 1908  [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC          C:\Windows\System32\msdtc.exe
17:25:30.0591 1908  MSDTC - ok
17:25:30.0591 1908  [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs            C:\Windows\system32\drivers\Msfs.sys
17:25:30.0637 1908  Msfs - ok
17:25:30.0637 1908  [ 00EBC952961664780D43DCA157E79B27 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
17:25:30.0653 1908  msisadrv - ok
17:25:30.0669 1908  [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
17:25:30.0715 1908  MSiSCSI - ok
17:25:30.0715 1908  msiserver - ok
17:25:30.0731 1908  [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
17:25:30.0762 1908  MSKSSRV - ok
17:25:30.0793 1908  [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
17:25:30.0825 1908  MSPCLOCK - ok
17:25:30.0840 1908  [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
17:25:30.0871 1908  MSPQM - ok
17:25:30.0903 1908  [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
17:25:30.0918 1908  MsRPC - ok
17:25:30.0934 1908  [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
17:25:30.0949 1908  mssmbios - ok
17:25:30.0949 1908  [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
17:25:30.0996 1908  MSTEE - ok
17:25:31.0012 1908  [ 0CC49F78D8ACA0877D885F149084E543 ] Mup            C:\Windows\system32\Drivers\mup.sys
17:25:31.0027 1908  Mup - ok
17:25:31.0043 1908  [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent        C:\Windows\system32\qagentRT.dll
17:25:31.0074 1908  napagent - ok
17:25:31.0090 1908  [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
17:25:31.0105 1908  NativeWifiP - ok
17:25:31.0199 1908  [ 5836B9E91863A00EC1B8E785EFD86ECB ] NBService      C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
17:25:31.0230 1908  NBService - ok
17:25:31.0261 1908  [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS            C:\Windows\system32\drivers\ndis.sys
17:25:31.0277 1908  NDIS - ok
17:25:31.0324 1908  [ 64DF698A425478E321981431AC171334 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
17:25:31.0339 1908  NdisTapi - ok
17:25:31.0355 1908  [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
17:25:31.0402 1908  Ndisuio - ok
17:25:31.0417 1908  [ F8158771905260982CE724076419EF19 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
17:25:31.0433 1908  NdisWan - ok
17:25:31.0449 1908  [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
17:25:31.0464 1908  NDProxy - ok
17:25:31.0511 1908  [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
17:25:31.0527 1908  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
17:25:31.0527 1908  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
17:25:31.0527 1908  [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
17:25:31.0573 1908  NetBIOS - ok
17:25:31.0589 1908  [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt          C:\Windows\system32\DRIVERS\netbt.sys
17:25:31.0605 1908  netbt - ok
17:25:31.0620 1908  [ 40348DCEC0712ED42231C5F90A69A690 ] Netlogon        C:\Windows\system32\lsass.exe
17:25:31.0636 1908  Netlogon - ok
17:25:31.0651 1908  [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman          C:\Windows\System32\netman.dll
17:25:31.0698 1908  Netman - ok
17:25:31.0714 1908  [ 7846D0136CC2B264926A73047BA7688A ] netprofm        C:\Windows\System32\netprofm.dll
17:25:31.0745 1908  netprofm - ok
17:25:31.0761 1908  [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:25:31.0776 1908  NetTcpPortSharing - ok
17:25:31.0792 1908  [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960        C:\Windows\system32\drivers\nfrd960.sys
17:25:31.0792 1908  nfrd960 - ok
17:25:31.0807 1908  [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc          C:\Windows\System32\nlasvc.dll
17:25:31.0839 1908  NlaSvc - ok
17:25:31.0885 1908  [ A328A46D87BB92CE4D8A4528E9D84787 ] NMIndexingService C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
17:25:31.0885 1908  NMIndexingService - ok
17:25:31.0901 1908  [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
17:25:31.0932 1908  Npfs - ok
17:25:31.0948 1908  [ ACB62BAA1C319B17752553DF3026EEEB ] nsi            C:\Windows\system32\nsisvc.dll
17:25:31.0995 1908  nsi - ok
17:25:31.0995 1908  [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
17:25:32.0026 1908  nsiproxy - ok
17:25:32.0057 1908  [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
17:25:32.0135 1908  Ntfs - ok
17:25:32.0166 1908  [ DD5D684975352B85B52E3FD5347C20CB ] Null            C:\Windows\system32\drivers\Null.sys
17:25:32.0197 1908  Null - ok
17:25:33.0024 1908  [ 0EB204639119370F5F8F2871FBF4E14B ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:25:33.0477 1908  nvlddmkm - ok
17:25:33.0508 1908  [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
17:25:33.0523 1908  nvraid - ok
17:25:33.0523 1908  [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor          C:\Windows\system32\drivers\nvstor.sys
17:25:33.0539 1908  nvstor - ok
17:25:33.0570 1908  [ 32FF8EE6DCEE5C0CB91FF892FB1CA364 ] nvsvc          C:\Windows\system32\nvvsvc.exe
17:25:33.0586 1908  nvsvc - ok
17:25:33.0648 1908  [ BD012DC22C78BE1071BC21EB125D782F ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
17:25:33.0726 1908  nvUpdatusService - ok
17:25:33.0757 1908  [ 19067CA93075EF4823E3938A686F532F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
17:25:33.0773 1908  nv_agp - ok
17:25:33.0789 1908  NwlnkFlt - ok
17:25:33.0789 1908  NwlnkFwd - ok
17:25:33.0804 1908  [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
17:25:33.0835 1908  ohci1394 - ok
17:25:33.0851 1908  [ 5A432A042DAE460ABE7199B758E8606C ] ose            C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:25:33.0867 1908  ose - ok
17:25:33.0898 1908  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc        C:\Windows\system32\p2psvc.dll
17:25:33.0960 1908  p2pimsvc - ok
17:25:33.0991 1908  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc          C:\Windows\system32\p2psvc.dll
17:25:34.0023 1908  p2psvc - ok
17:25:34.0023 1908  [ 4C6A7FD04DDF4DB88791048382E3EDB1 ] Parport        C:\Windows\system32\DRIVERS\parport.sys
17:25:34.0054 1908  Parport - ok
17:25:34.0085 1908  [ F9B5EDA4C17A2BE7663F064DBF0FE254 ] partmgr        C:\Windows\system32\drivers\partmgr.sys
17:25:34.0101 1908  partmgr - ok
17:25:34.0116 1908  [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc          C:\Windows\System32\pcasvc.dll
17:25:34.0147 1908  PcaSvc - ok
17:25:34.0163 1908  [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci            C:\Windows\system32\drivers\pci.sys
17:25:34.0194 1908  pci - ok
17:25:34.0194 1908  [ 2657F6C0B78C36D95034BE109336E382 ] pciide          C:\Windows\system32\drivers\pciide.sys
17:25:34.0210 1908  pciide - ok
17:25:34.0225 1908  [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
17:25:34.0241 1908  pcmcia - ok
17:25:34.0257 1908  [ 58865916F53592A61549B04941BFD80D ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
17:25:34.0350 1908  PEAUTH - ok
17:25:34.0740 1908  [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
17:25:34.0803 1908  PerfHost - ok
17:25:34.0943 1908  [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla            C:\Windows\system32\pla.dll
17:25:35.0021 1908  pla - ok
17:25:35.0052 1908  [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
17:25:35.0083 1908  PlugPlay - ok
17:25:35.0115 1908  [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
17:25:35.0115 1908  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
17:25:35.0115 1908  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
17:25:35.0115 1908  PnkBstrA - ok
17:25:35.0146 1908  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg    C:\Windows\system32\p2psvc.dll
17:25:35.0177 1908  PNRPAutoReg - ok
17:25:35.0208 1908  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc        C:\Windows\system32\p2psvc.dll
17:25:35.0224 1908  PNRPsvc - ok
17:25:35.0302 1908  [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
17:25:35.0395 1908  PolicyAgent - ok
17:25:35.0427 1908  [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
17:25:35.0458 1908  PptpMiniport - ok
17:25:35.0473 1908  [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor      C:\Windows\system32\drivers\processr.sys
17:25:35.0505 1908  Processor - ok
17:25:35.0536 1908  [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc        C:\Windows\system32\profsvc.dll
17:25:35.0583 1908  ProfSvc - ok
17:25:35.0598 1908  [ 40348DCEC0712ED42231C5F90A69A690 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:25:35.0614 1908  ProtectedStorage - ok
17:25:35.0645 1908  [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
17:25:35.0661 1908  PSched - ok
17:25:35.0692 1908  [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300          C:\Windows\system32\drivers\ql2300.sys
17:25:35.0754 1908  ql2300 - ok
17:25:35.0770 1908  [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
17:25:35.0785 1908  ql40xx - ok
17:25:35.0817 1908  [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE          C:\Windows\system32\qwave.dll
17:25:35.0832 1908  QWAVE - ok
17:25:35.0848 1908  [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
17:25:35.0863 1908  QWAVEdrv - ok
17:25:35.0879 1908  [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
17:25:35.0910 1908  RasAcd - ok
17:25:35.0926 1908  [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto        C:\Windows\System32\rasauto.dll
17:25:35.0973 1908  RasAuto - ok
17:25:35.0988 1908  [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
17:25:36.0019 1908  Rasl2tp - ok
17:25:36.0035 1908  [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan          C:\Windows\System32\rasmans.dll
17:25:36.0082 1908  RasMan - ok
17:25:36.0082 1908  [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
17:25:36.0097 1908  RasPppoe - ok
17:25:36.0113 1908  [ C6A593B51F34C33E5474539544072527 ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
17:25:36.0113 1908  RasSstp - ok
17:25:36.0144 1908  [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
17:25:36.0175 1908  rdbss - ok
17:25:36.0175 1908  [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
17:25:36.0207 1908  RDPCDD - ok
17:25:36.0222 1908  [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr          C:\Windows\system32\drivers\rdpdr.sys
17:25:36.0269 1908  rdpdr - ok
17:25:36.0269 1908  [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
17:25:36.0300 1908  RDPENCDD - ok
17:25:36.0331 1908  [ B1D741C87CEA8D7282146366CC9C3F81 ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
17:25:36.0347 1908  RDPWD - ok
17:25:36.0363 1908  [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess    C:\Windows\System32\mprdim.dll
17:25:36.0394 1908  RemoteAccess - ok
17:25:36.0409 1908  [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
17:25:36.0425 1908  RemoteRegistry - ok
17:25:36.0472 1908  [ 06A49B7BDC36CFBF97DD90804F833369 ] RichVideo      C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
17:25:36.0472 1908  RichVideo - ok
17:25:36.0487 1908  [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator      C:\Windows\system32\locator.exe
17:25:36.0519 1908  RpcLocator - ok
17:25:36.0534 1908  [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs          C:\Windows\system32\rpcss.dll
17:25:36.0565 1908  RpcSs - ok
17:25:36.0597 1908  [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
17:25:36.0643 1908  rspndr - ok
17:25:36.0643 1908  [ F389399FD2204C94C4DA16A00AAB68F2 ] RTL8023x64      C:\Windows\system32\DRIVERS\Rtnic64.sys
17:25:36.0706 1908  RTL8023x64 - ok
17:25:36.0737 1908  [ 82B66ABF055611024E5DBB9FA556C11D ] RTL8169        C:\Windows\system32\DRIVERS\Rtlh64.sys
17:25:36.0768 1908  RTL8169 - ok
17:25:36.0768 1908  RTL8192su - ok
17:25:36.0799 1908  [ D1664991A07ACF2703D4A4E5BE4B6C80 ] RtlProt        C:\Windows\system32\DRIVERS\rtlprot.sys
17:25:36.0799 1908  RtlProt - ok
17:25:36.0815 1908  [ 40348DCEC0712ED42231C5F90A69A690 ] SamSs          C:\Windows\system32\lsass.exe
17:25:36.0815 1908  SamSs - ok
17:25:36.0831 1908  [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
17:25:36.0831 1908  sbp2port - ok
17:25:36.0955 1908  [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService  E:\Programme\Spybot - Search & Destroy\SDWinSec.exe
17:25:37.0018 1908  SBSDWSCService - ok
17:25:37.0065 1908  [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr        C:\Windows\System32\SCardSvr.dll
17:25:37.0127 1908  SCardSvr - ok
17:25:37.0174 1908  [ 0F838C811AD295D2A4489B9993096C63 ] Schedule        C:\Windows\system32\schedsvc.dll
17:25:37.0221 1908  Schedule - ok
17:25:37.0252 1908  [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc    C:\Windows\System32\certprop.dll
17:25:37.0267 1908  SCPolicySvc - ok
17:25:37.0314 1908  [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
17:25:37.0330 1908  SDRSVC - ok
17:25:37.0345 1908  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
17:25:37.0408 1908  secdrv - ok
17:25:37.0423 1908  [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon        C:\Windows\system32\seclogon.dll
17:25:37.0455 1908  seclogon - ok
17:25:37.0455 1908  [ 90973A64B96CD647FF81C79443618EED ] SENS            C:\Windows\System32\sens.dll
17:25:37.0501 1908  SENS - ok
17:25:37.0517 1908  [ 2449316316411D65BD2C761A6FFB2CE2 ] Serenum        C:\Windows\system32\DRIVERS\serenum.sys
17:25:37.0564 1908  Serenum - ok
17:25:37.0564 1908  [ 4B438170BE2FC8E0BD35EE87A960F84F ] Serial          C:\Windows\system32\DRIVERS\serial.sys
17:25:37.0611 1908  Serial - ok
17:25:37.0626 1908  [ A842F04833684BCEEA7336211BE478DF ] sermouse        C:\Windows\system32\drivers\sermouse.sys
17:25:37.0657 1908  sermouse - ok
17:25:37.0657 1908  [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv      C:\Windows\system32\sessenv.dll
17:25:37.0689 1908  SessionEnv - ok
17:25:37.0720 1908  [ 4FCACE92BB0345D58BB96ADBD69F5237 ] sfdrv01        C:\Windows\system32\drivers\sfdrv01.sys
17:25:37.0735 1908  sfdrv01 - ok
17:25:37.0735 1908  [ 14D4B4465193A87C127933978E8C4106 ] sffdisk        C:\Windows\system32\drivers\sffdisk.sys
17:25:37.0767 1908  sffdisk - ok
17:25:37.0782 1908  [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
17:25:37.0813 1908  sffp_mmc - ok
17:25:37.0829 1908  [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd        C:\Windows\system32\drivers\sffp_sd.sys
17:25:37.0860 1908  sffp_sd - ok
17:25:37.0876 1908  [ 17F6BD95BF04B924F4C05CE78BEF8AE6 ] sfhlp02        C:\Windows\system32\drivers\sfhlp02.sys
17:25:37.0891 1908  sfhlp02 - ok
17:25:37.0907 1908  [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy        C:\Windows\system32\drivers\sfloppy.sys
17:25:37.0954 1908  sfloppy - ok
17:25:37.0954 1908  [ DC8059641CFCDD222175542439C6B601 ] sfsync03        C:\Windows\system32\drivers\sfsync03.sys
17:25:37.0969 1908  sfsync03 - ok
17:25:37.0985 1908  [ F3B72568A6FA36E5D63D30B8186D1C48 ] sfvfs02        C:\Windows\system32\drivers\sfvfs02.sys
17:25:38.0001 1908  sfvfs02 - ok
17:25:38.0032 1908  [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:25:38.0063 1908  ShellHWDetection - ok
17:25:38.0079 1908  [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
17:25:38.0094 1908  SiSRaid2 - ok
17:25:38.0110 1908  [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
17:25:38.0110 1908  SiSRaid4 - ok
17:25:38.0157 1908  [ C70AEBD3608ED9FCEA2A1BAE83567FFC ] SkypeUpdate    C:\Program Files (x86)\Skype\Updater\Updater.exe
17:25:38.0172 1908  SkypeUpdate - ok
17:25:38.0219 1908  [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc          C:\Windows\system32\SLsvc.exe
17:25:38.0359 1908  slsvc - ok
17:25:38.0359 1908  [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify      C:\Windows\system32\SLUINotify.dll
17:25:38.0391 1908  SLUINotify - ok
17:25:38.0406 1908  [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb            C:\Windows\system32\DRIVERS\smb.sys
17:25:38.0437 1908  Smb - ok
17:25:38.0437 1908  [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
17:25:38.0469 1908  SNMPTRAP - ok
17:25:38.0469 1908  [ 386C3C63F00A7040C7EC5E384217E89D ] spldr          C:\Windows\system32\drivers\spldr.sys
17:25:38.0484 1908  spldr - ok
17:25:38.0515 1908  [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler        C:\Windows\System32\spoolsv.exe
17:25:38.0531 1908  Spooler - ok
17:25:38.0562 1908  [ 602884696850C86434530790B110E8EB ] sptd            C:\Windows\system32\Drivers\sptd.sys
17:25:38.0562 1908  Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850C86434530790B110E8EB
17:25:38.0562 1908  sptd ( LockedFile.Multi.Generic ) - warning
17:25:38.0562 1908  sptd - detected LockedFile.Multi.Generic (1)
17:25:38.0578 1908  [ 880A57FCCB571EBD063D4DD50E93E46D ] srv            C:\Windows\system32\DRIVERS\srv.sys
17:25:38.0609 1908  srv - ok
17:25:38.0625 1908  [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
17:25:38.0640 1908  srv2 - ok
17:25:38.0656 1908  [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
17:25:38.0671 1908  srvnet - ok
17:25:38.0687 1908  [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
17:25:38.0734 1908  SSDPSRV - ok
17:25:38.0749 1908  [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc        C:\Windows\system32\sstpsvc.dll
17:25:38.0749 1908  SstpSvc - ok
17:25:38.0765 1908  Steam Client Service - ok
17:25:38.0827 1908  [ FC0A58529A02B1EED55DDC58696B7908 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
17:25:38.0874 1908  Stereo Service - ok
17:25:38.0905 1908  [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc          C:\Windows\System32\wiaservc.dll
17:25:38.0937 1908  stisvc - ok
17:25:38.0952 1908  [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
17:25:38.0968 1908  swenum - ok
17:25:38.0983 1908  [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv          C:\Windows\System32\swprv.dll
17:25:39.0030 1908  swprv - ok
17:25:39.0046 1908  [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx        C:\Windows\system32\drivers\symc8xx.sys
17:25:39.0061 1908  Symc8xx - ok
17:25:39.0061 1908  [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
17:25:39.0077 1908  Sym_hi - ok
17:25:39.0093 1908  [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
17:25:39.0108 1908  Sym_u3 - ok
17:25:39.0124 1908  [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain        C:\Windows\system32\sysmain.dll
17:25:39.0202 1908  SysMain - ok
17:25:39.0217 1908  [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:25:39.0249 1908  TabletInputService - ok
17:25:39.0280 1908  [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv        C:\Windows\System32\tapisrv.dll
17:25:39.0311 1908  TapiSrv - ok
17:25:39.0311 1908  [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS            C:\Windows\System32\tbssvc.dll
17:25:39.0358 1908  TBS - ok
17:25:39.0389 1908  [ E52F99B1160A1A1DE83223379D2C1828 ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
17:25:39.0467 1908  Tcpip - ok
17:25:39.0514 1908  [ E52F99B1160A1A1DE83223379D2C1828 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
17:25:39.0561 1908  Tcpip6 - ok
17:25:39.0576 1908  [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
17:25:39.0607 1908  tcpipreg - ok
17:25:39.0623 1908  [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
17:25:39.0654 1908  TDPIPE - ok
17:25:39.0670 1908  [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
17:25:39.0732 1908  TDTCP - ok
17:25:39.0732 1908  [ 458919C8C42E398DC4802178D5FFEE27 ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
17:25:39.0763 1908  tdx - ok
17:25:39.0779 1908  [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
17:25:39.0795 1908  TermDD - ok
17:25:39.0826 1908  [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService    C:\Windows\System32\termsrv.dll
17:25:39.0857 1908  TermService - ok
17:25:39.0888 1908  [ 56793271ECDEDD350C5ADD305603E963 ] Themes          C:\Windows\system32\shsvcs.dll
17:25:39.0904 1908  Themes - ok
17:25:39.0904 1908  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER    C:\Windows\system32\mmcss.dll
17:25:39.0935 1908  THREADORDER - ok
17:25:39.0966 1908  [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks          C:\Windows\System32\trkwks.dll
17:25:40.0029 1908  TrkWks - ok
17:25:40.0060 1908  [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:25:40.0091 1908  TrustedInstaller - ok
17:25:40.0107 1908  [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
17:25:40.0153 1908  tssecsrv - ok
17:25:40.0231 1908  [ 811A229718C85356BC81EB20F35EB7F6 ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
17:25:40.0325 1908  TuneUp.UtilitiesSvc - ok
17:25:40.0356 1908  [ DCC94C51D27C7EC0DADECA8F64C94FCF ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys
17:25:40.0356 1908  TuneUpUtilitiesDrv - ok
17:25:40.0372 1908  [ 89EC74A9E602D16A75A4170511029B3C ] tunmp          C:\Windows\system32\DRIVERS\tunmp.sys
17:25:40.0403 1908  tunmp - ok
17:25:40.0419 1908  [ F6A4FBA7C03AC2EFD00F3301C0C1E067 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
17:25:40.0434 1908  tunnel - ok
17:25:40.0450 1908  [ FEC266EF401966311744BD0F359F7F56 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
17:25:40.0465 1908  uagp35 - ok
17:25:40.0465 1908  [ FAF2640A2A76ED03D449E443194C4C34 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
17:25:40.0512 1908  udfs - ok
17:25:40.0528 1908  [ 060507C4113391394478F6953A79EEDC ] UI0Detect      C:\Windows\system32\UI0Detect.exe
17:25:40.0559 1908  UI0Detect - ok
17:25:40.0575 1908  [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
17:25:40.0575 1908  uliagpkx - ok
17:25:40.0606 1908  [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci        C:\Windows\system32\drivers\uliahci.sys
17:25:40.0621 1908  uliahci - ok
17:25:40.0637 1908  [ 31707F09846056651EA2C37858F5DDB0 ] UlSata          C:\Windows\system32\drivers\ulsata.sys
17:25:40.0653 1908  UlSata - ok
17:25:40.0668 1908  [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2        C:\Windows\system32\drivers\ulsata2.sys
17:25:40.0684 1908  ulsata2 - ok
17:25:40.0699 1908  [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus          C:\Windows\system32\DRIVERS\umbus.sys
17:25:40.0746 1908  umbus - ok
17:25:40.0762 1908  [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost        C:\Windows\System32\upnphost.dll
17:25:40.0809 1908  upnphost - ok
17:25:40.0824 1908  [ 07E3498FC60834219D2356293DA0FECC ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
17:25:40.0855 1908  usbccgp - ok
17:25:40.0871 1908  [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
17:25:40.0933 1908  usbcir - ok
17:25:40.0965 1908  [ 827E44DE934A736EA31E91D353EB126F ] usbehci        C:\Windows\system32\DRIVERS\usbehci.sys
17:25:40.0996 1908  usbehci - ok
17:25:41.0027 1908  [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
17:25:41.0058 1908  usbhub - ok
17:25:41.0074 1908  [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci        C:\Windows\system32\drivers\usbohci.sys
17:25:41.0136 1908  usbohci - ok
17:25:41.0152 1908  [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
17:25:41.0183 1908  usbprint - ok
17:25:41.0199 1908  [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:25:41.0230 1908  USBSTOR - ok
17:25:41.0245 1908  [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci        C:\Windows\system32\DRIVERS\usbuhci.sys
17:25:41.0277 1908  usbuhci - ok
17:25:41.0292 1908  [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms          C:\Windows\System32\uxsms.dll
17:25:41.0323 1908  UxSms - ok
17:25:41.0355 1908  [ 5BF180F7F7C2F68ED6D5777840270BCE ] UxTuneUp        C:\Windows\System32\uxtuneup.dll
17:25:41.0355 1908  UxTuneUp - ok
17:25:41.0386 1908  [ 294945381DFA7CE58CECF0A9896AF327 ] vds            C:\Windows\System32\vds.exe
17:25:41.0417 1908  vds - ok
17:25:41.0433 1908  [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
17:25:41.0479 1908  vga - ok
17:25:41.0479 1908  [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave        C:\Windows\System32\drivers\vga.sys
17:25:41.0511 1908  VgaSave - ok
17:25:41.0526 1908  [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide          C:\Windows\system32\drivers\viaide.sys
17:25:41.0542 1908  viaide - ok
17:25:41.0542 1908  [ 2B7E885ED951519A12C450D24535DFCA ] volmgr          C:\Windows\system32\drivers\volmgr.sys
17:25:41.0557 1908  volmgr - ok
17:25:41.0589 1908  [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
17:25:41.0604 1908  volmgrx - ok
17:25:41.0620 1908  [ 5280AADA24AB36B01A84A6424C475C8D ] volsnap        C:\Windows\system32\drivers\volsnap.sys
17:25:41.0651 1908  volsnap - ok
17:25:41.0667 1908  [ A68F455ED2673835209318DD61BFBB0E ] vsmraid        C:\Windows\system32\drivers\vsmraid.sys
17:25:41.0682 1908  vsmraid - ok
17:25:41.0713 1908  [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS            C:\Windows\system32\vssvc.exe
17:25:41.0807 1908  VSS - ok
17:25:41.0838 1908  [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time        C:\Windows\system32\w32time.dll
17:25:41.0869 1908  W32Time - ok
17:25:41.0885 1908  [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
17:25:41.0932 1908  WacomPen - ok
17:25:41.0947 1908  [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
17:25:41.0979 1908  Wanarp - ok
17:25:41.0979 1908  [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
17:25:42.0010 1908  Wanarpv6 - ok
17:25:42.0025 1908  [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc        C:\Windows\System32\wcncsvc.dll
17:25:42.0057 1908  wcncsvc - ok
17:25:42.0088 1908  [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:25:42.0103 1908  WcsPlugInService - ok
17:25:42.0150 1908  [ 0C17A0816F65B89E362E682AD5E7266E ] Wd              C:\Windows\system32\drivers\wd.sys
17:25:42.0166 1908  Wd - ok
17:25:42.0181 1908  [ D02E7E4567DA1E7582FBF6A91144B0DF ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
17:25:42.0228 1908  Wdf01000 - ok
17:25:42.0244 1908  [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost  C:\Windows\system32\wdi.dll
17:25:42.0291 1908  WdiServiceHost - ok
17:25:42.0291 1908  [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost  C:\Windows\system32\wdi.dll
17:25:42.0337 1908  WdiSystemHost - ok
17:25:42.0369 1908  [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient      C:\Windows\System32\webclnt.dll
17:25:42.0369 1908  WebClient - ok
17:25:42.0400 1908  [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc          C:\Windows\system32\wecsvc.dll
17:25:42.0415 1908  Wecsvc - ok
17:25:42.0431 1908  [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport  C:\Windows\System32\wercplsupport.dll
17:25:42.0462 1908  wercplsupport - ok
17:25:42.0478 1908  [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc          C:\Windows\System32\WerSvc.dll
17:25:42.0509 1908  WerSvc - ok
17:25:42.0509 1908  WinHttpAutoProxySvc - ok
17:25:42.0540 1908  [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
17:25:42.0556 1908  Winmgmt - ok
17:25:42.0618 1908  [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM          C:\Windows\system32\WsmSvc.dll
17:25:42.0696 1908  WinRM - ok
17:25:42.0727 1908  [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc        C:\Windows\System32\wlansvc.dll
17:25:42.0759 1908  Wlansvc - ok
17:25:42.0961 1908  [ 98F138897EF4246381D197CB81846D62 ] wlidsvc        C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:25:43.0055 1908  wlidsvc - ok
17:25:43.0086 1908  [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi        C:\Windows\system32\drivers\wmiacpi.sys
17:25:43.0117 1908  WmiAcpi - ok
17:25:43.0133 1908  [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
17:25:43.0195 1908  wmiApSrv - ok
17:25:43.0211 1908  WMPNetworkSvc - ok
17:25:43.0227 1908  [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
17:25:43.0258 1908  WPCSvc - ok
17:25:43.0273 1908  [ A27C8F92D84E2DDC151978E4692C978E ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
17:25:43.0305 1908  WPDBusEnum - ok
17:25:43.0320 1908  [ 6329D1990DB931073B86AB5946D8E317 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
17:25:43.0351 1908  WpdUsb - ok
17:25:43.0367 1908  [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
17:25:43.0398 1908  ws2ifsl - ok
17:25:43.0398 1908  WSearch - ok
17:25:43.0429 1908  [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
17:25:43.0461 1908  WUDFRd - ok
17:25:43.0507 1908  [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
17:25:43.0554 1908  wudfsvc - ok
17:25:43.0570 1908  ================ Scan global ===============================
17:25:43.0601 1908  [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
17:25:43.0632 1908  [ E5E5E593D4850B0AA24CF58B552147F3 ] C:\Windows\system32\winsrv.dll
17:25:43.0648 1908  [ E5E5E593D4850B0AA24CF58B552147F3 ] C:\Windows\system32\winsrv.dll
17:25:43.0663 1908  [ B8844F93D2C5F1DCDB179AAA9AF134B7 ] C:\Windows\system32\services.exe
17:25:43.0663 1908  [Global] - ok
17:25:43.0663 1908  ================ Scan MBR ==================================
17:25:43.0679 1908  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
17:25:45.0738 1908  \Device\Harddisk0\DR0 - ok
17:25:45.0738 1908  ================ Scan VBR ==================================
17:25:45.0769 1908  [ 3004AA185B84445C0475D4541F5DE4E5 ] \Device\Harddisk0\DR0\Partition1
17:25:45.0785 1908  \Device\Harddisk0\DR0\Partition1 - ok
17:25:45.0816 1908  [ A7822D5BBD75C5BB925724C583874B1B ] \Device\Harddisk0\DR0\Partition2
17:25:45.0832 1908  \Device\Harddisk0\DR0\Partition2 - ok
17:25:45.0847 1908  [ 40E5D39202C540B4065DCB15132AB7D0 ] \Device\Harddisk0\DR0\Partition3
17:25:45.0863 1908  \Device\Harddisk0\DR0\Partition3 - ok
17:25:45.0863 1908  ============================================================
17:25:45.0863 1908  Scan finished
17:25:45.0863 1908  ============================================================
17:25:45.0863 3360  Detected object count: 8
17:25:45.0863 3360  Actual detected object count: 8
17:26:03.0132 3360  AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:26:03.0148 3360  AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:26:03.0148 3360  DokanMounter ( UnsignedFile.Multi.Generic ) - skipped by user
17:26:03.0148 3360  DokanMounter ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:26:03.0148 3360  hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
17:26:03.0148 3360  hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:26:03.0148 3360  hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
17:26:03.0148 3360  hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:26:03.0148 3360  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
17:26:03.0148 3360  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:26:03.0148 3360  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
17:26:03.0148 3360  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:26:03.0148 3360  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
17:26:03.0148 3360  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:26:03.0148 3360  sptd ( LockedFile.Multi.Generic ) - skipped by user
17:26:03.0148 3360  sptd ( LockedFile.Multi.Generic ) - User select action: Skip

cosinus 14.09.2012 22:05
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Granade 15.09.2012 16:48
Moin Cosinus,

eine Frage hätte ich noch. Bin bisher immer davon ausgeganen, dass wenn ich bei Antivir den Echtzeit Scanner ausgschalte, Antivir für die Suchläufe deaktiviert ist.
Combofix meldet aber, dass Antivir auch danach noch läuft und erkannt wird.

Wie deaktiviere ich es denn "richtig" für den Scan? Habe in den Optionen dafür nichts gefunden!

Gruß

cosinus 16.09.2012 15:47
Wenn der Regenschirm geschlossen ist reicht das aus.
AntiVir meldet eine Deaktivierung des Scanners nicht immer sauber ans Sicherheitscenter von Windows weiter. Und an den Status orientiert CF sich.

Granade 03.10.2012 15:18
Sorry Cosinus, bin im Urlaub gewesen und daher erst jetzt die Rückmeldung.

Genau da liegt das Problem, ich bekomme den "Regenschirm" nicht geschlossen, ich finde einfach die Option "Deaktivieren" nicht. Vermutlich bin ich aber auch einfach blind....

Es kommt leider noch ein weiteres Problem hinzu, tuneup meldet mir das meine Firewall ausgeschaltet ist. Gehe ich nun über Systemsteuerung --> Sicherheit--> Windows Firewall ein/auschalten meldet mir der Rechner "Aufgrund eines unbekannten Fehlers können die Einstellungen der Windows Firewall nicht angezeigt werden.

Woran könnte das liegen?

Gruß und einen schönen Feiertag!

cosinus 03.10.2012 19:35
Dann deinstallier Avira einfach
Wenn wir fertig sind gibt es einen Ersatz dafür


Alle Zeitangaben in WEZ +1. Es ist jetzt 15:29 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131