Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   PUP.VShareRedir gefunden, Rechner versendet evtl. Spam-Mails (https://www.trojaner-board.de/122904-pup-vshareredir-gefunden-rechner-versendet-evtl-spam-mails.html)

puntaara 28.08.2012 08:37
PUP.VShareRedir gefunden, Rechner versendet evtl. Spam-Mails
 
Hallo,
nachdem ich schon zweimal für den Rechner meiner Freundin geschrieben habe, hat es mich nun erstmals auch erwischt... :headbang:

Habe vorgestern von einem Bekannten eine Geburtstagsemail erhalten, dieser hat kurz darauf eine Spam-Mail erhalten, in der sein richtiger Name auftaucht und zwar genau in der Schreibweise, wie er ihn in der Email verwendet hat. Es liegt also der Verdacht nahe, dass die Mail von meinem Rechner verschickt wurde. (Habe einen web.de Account, die Mails werden aber mit WindowsMail "abgeholt"). Sonst habe ich die letzten beiden Tage gemerkt, dass der Rechner auf Seiten mit Flash manchmal kurz einfriert. Sonst aber keine Probleme.

Habe mit Malwarebytes einen Vollscan gemacht (s.u.), außerdem den Defogger ausgeführt und einen OTL Scan durchgeführt.

Es wäre sehr nett, wenn sich jemand die Logs mal anschauen könnte.

Malwarebytes-Log:
Code:
Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.28.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
*** :: ******-PC [Administrator]

Schutz: Deaktiviert

28.08.2012 11:05:47
mbam-log-2012-08-28 (11-05-47).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 430855
Laufzeit: 3 Stunde(n), 32 Minute(n), 57 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 15
HKCR\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 2
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: VShareTB -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten:  -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bösartig: (hxxp://startsear.ch/?aff=1) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\Program Files\vShare.tv plugin\BarLcher.dll (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\CPUCooL\instser.exe (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\Downloads\SoftonicDownloader_fuer_pdfcreator.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\Downloads\SoftonicDownloader_fuer_spss.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
OTL.txt:
Code:
OTL logfile created on: 28.08.2012 15:53:24 - Run 1
OTL by OldTimer - Version 3.2.59.1    Folder = C:\Users\***\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,20 Gb Available Physical Memory | 59,97% Memory free
4,00 Gb Paging File | 2,94 Gb Available in Paging File | 73,48% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 88,31 Gb Total Space | 10,94 Gb Free Space | 12,39% Space Free | Partition Type: NTFS
Drive D: | 88,00 Gb Total Space | 1,12 Gb Free Space | 1,28% Space Free | Partition Type: NTFS
 
Computer Name: ******-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.08.28 15:52:54 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2012.08.13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.07.28 06:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.06.16 12:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ccsvchst.exe
PRC - [2012.05.15 19:27:34 | 000,857,920 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011.12.02 02:11:48 | 000,743,936 | ---- | M] () -- C:\Program Files\CPUCooL\CooLSRV.exe
PRC - [2011.07.09 06:32:14 | 000,666,696 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2011.06.24 14:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.05.04 12:52:32 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\ShellfireVPN\jre6\bin\java.exe
PRC - [2011.02.25 15:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 22:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.07 04:34:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2009.01.27 00:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.01.03 14:33:50 | 000,372,736 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Program Files\SamSung\MagicKBD\MagicKBD.exe
PRC - [2008.01.03 02:40:14 | 000,348,160 | ---- | M] (SAMSUNG Electronics co., LTD.) -- C:\Program Files\SamSung\EBM\EasyBatteryMgr3.exe
PRC - [2007.12.28 19:44:10 | 000,565,248 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\SamSung\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2007.10.17 16:28:08 | 000,692,224 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\SamSung\Easy Display Manager\dmhkcore.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2006.09.19 09:52:46 | 000,028,672 | ---- | M] () -- C:\Program Files\SamSung\Easy Display Manager\WinMove.dll
MOD - [2006.08.12 21:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\SamSung\EasySpeedUpManager\HookDllPS2.dll
MOD - [2006.08.12 12:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\SamSung\Easy Display Manager\HookDllPS2.dll
MOD - [2005.07.12 16:34:22 | 000,045,056 | ---- | M] () -- C:\Program Files\SamSung\MagicKBD\EasyBoxDll.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2012.08.13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.07.28 06:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.19 14:38:28 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.07.03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.06.16 12:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe -- (NIS)
SRV - [2011.12.02 02:11:48 | 000,743,936 | ---- | M] () [Auto | Running] -- C:\Program Files\CPUCooL\CooLSRV.exe -- (CPUCooLServer)
SRV - [2011.09.01 11:13:02 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011.07.09 06:32:14 | 000,666,696 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2011.07.05 10:25:08 | 002,428,968 | ---- | M] (mobile concepts GmbH) [On_Demand | Stopped] -- C:\Program Files\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc)
SRV - [2011.06.08 13:02:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011.05.04 12:52:32 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\ShellfireVPN\jre6\bin\java.exe -- (ShellfireVPN2Service)
SRV - [2010.11.07 04:34:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2009.07.14 11:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 11:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 11:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 11:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.06.29 03:54:42 | 000,073,728 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\SamSung\Samsung Update Plus\SLUBackgroundService.exe -- (Samsung Update Plus)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\***\AppData\Local\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\***\AppData\Local\Temp\__Samsung_Update\ADDMEM.SYS -- (ADDMEM)
DRV - [2012.08.22 12:05:07 | 000,386,208 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120825.001\IDSvix86.sys -- (IDSVix86)
DRV - [2012.08.21 11:39:34 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120827.016\NAVEX15.SYS -- (NAVEX15)
DRV - [2012.08.21 11:39:34 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120827.016\NAVENG.SYS -- (NAVENG)
DRV - [2012.08.11 10:25:14 | 000,995,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120823.005\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012.08.09 15:54:24 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012.08.09 15:54:23 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012.07.06 12:17:57 | 000,574,112 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\NIS\1308000.00E\srtsp.sys -- (SRTSP)
DRV - [2012.07.06 12:17:57 | 000,032,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1308000.00E\srtspx.sys -- (SRTSPX)
DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.06.07 14:43:43 | 000,132,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1308000.00E\ccsetx86.sys -- (ccSet_NIS)
DRV - [2012.05.22 11:37:12 | 000,924,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1308000.00E\symefa.sys -- (SymEFA)
DRV - [2012.05.15 20:26:00 | 011,354,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012.04.18 12:13:32 | 000,318,584 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1308000.00E\symnets.sys -- (SymNetS)
DRV - [2012.04.18 11:42:14 | 000,149,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1308000.00E\ironx86.sys -- (SymIRON)
DRV - [2012.03.27 10:32:31 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011.08.19 00:46:06 | 000,026,112 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tapoas.sys -- (tapoas)
DRV - [2011.07.26 04:18:36 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NIS\1308000.00E\symds.sys -- (SymDS)
DRV - [2011.07.01 19:46:40 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2011.05.18 10:12:38 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011.05.18 10:12:36 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011.05.18 10:12:32 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011.05.18 10:12:28 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010.11.20 22:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 22:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 22:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 20:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 19:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 19:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 19:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.11.12 05:19:24 | 000,021,080 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\ntiopnp.sys -- (ntiopnp)
DRV - [2010.11.07 04:36:22 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2010.11.07 04:36:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2010.11.07 04:36:22 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2010.11.07 04:34:12 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2010.11.07 04:01:27 | 000,243,840 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmc302.sys -- (VMC302)
DRV - [2009.12.09 23:10:40 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2009.09.28 18:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009.07.14 10:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009.07.14 10:14:49 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2009.07.14 08:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009.06.23 05:01:02 | 000,112,128 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009.06.23 04:38:24 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.06.23 04:26:06 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009.03.02 22:12:10 | 000,038,400 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2009.03.02 22:12:10 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.04.05 03:34:26 | 000,014,208 | ---- | M] (MAGIX) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\disksec.sys -- (DiskSec)
DRV - [2007.09.26 22:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2006.11.14 18:11:54 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO)
DRV - [2000.08.24 10:19:38 | 000,004,300 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\MEMIO.SYS -- (DOSMEMIO)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{12458CC8-5583-49A9-8F64-0951EB59D6C9}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.spiegel.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DF CA C6 BA 62 DC CB 01  [binary data]
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://startsear.ch/?aff=1&q={searchTerms}
IE - HKCU\..\SearchScopes\{12458CC8-5583-49A9-8F64-0951EB59D6C9}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{822D8992-2E48-49BA-B3E2-E2946D8B5C98}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.spiegel.de/"
FF - prefs.js..keyword.URL: "hxxp://startsear.ch/?aff=1&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012.02.01 08:43:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2012.08.28 15:33:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.19 14:38:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.16 00:02:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.09.25 16:44:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.19 14:38:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.16 00:02:20 | 000,000,000 | ---D | M]
 
[2011.07.17 18:02:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.08.10 23:33:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\17f4qzsw.default\extensions
[2012.04.01 07:41:13 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\17f4qzsw.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.05.23 14:47:26 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\17f4qzsw.default\extensions\foxyproxy@eric.h.jung
[2012.07.10 10:48:26 | 000,000,853 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\17f4qzsw.default\searchplugins\11-suche.xml
[2012.07.10 10:48:26 | 000,002,209 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\17f4qzsw.default\searchplugins\englische-ergebnisse.xml
[2012.07.10 10:48:26 | 000,010,506 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\17f4qzsw.default\searchplugins\gmx-suche.xml
[2012.07.10 10:48:26 | 000,002,368 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\17f4qzsw.default\searchplugins\lastminute.xml
[2011.07.12 04:04:02 | 000,000,633 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\17f4qzsw.default\searchplugins\startsear.xml
[2011.09.10 21:13:30 | 000,001,565 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\17f4qzsw.default\searchplugins\web-search.xml
[2012.07.10 10:48:26 | 000,005,489 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\17f4qzsw.default\searchplugins\webde-suche.xml
[2012.06.11 20:17:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.08.24 20:49:10 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.02.01 08:43:34 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPLGN
[2012.07.19 14:38:28 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.08.31 20:38:58 | 000,082,944 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2012.06.25 13:24:55 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.25 13:24:55 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.25 13:24:55 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.25 13:24:55 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.25 13:24:55 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.25 13:24:55 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.08.25 16:25:26 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.8.0.14\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.8.0.14\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.8.0.14\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [MagicKeyboard] C:\Program Files\SamSung\MagicKBD\PreMKbd.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: []  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{09C68E53-34CD-4CC3-B251-22352C5969F1}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3865F505-6934-4437-ADDE-F80EE878262E}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{444AB6EB-4802-4F64-9945-107C1C941A0C}: DhcpNameServer = 139.7.30.125 139.7.30.126
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E8AC0218-C72D-4B60-9739-E8B62587AD30}: DhcpNameServer = 213.133.98.98 213.133.100.100
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.11 07:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{53d02919-c40c-11e1-b90e-0002787565a0}\Shell - "" = AutoRun
O33 - MountPoints2\{53d02919-c40c-11e1-b90e-0002787565a0}\Shell\AutoRun\command - "" = F:\iStudio.exe
O33 - MountPoints2\{6c24c42d-ea56-11df-aaa6-0002787565a0}\Shell - "" = AutoRun
O33 - MountPoints2\{6c24c42d-ea56-11df-aaa6-0002787565a0}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{fe502f8a-e8d2-11df-af29-0002787565a0}\Shell - "" = AutoRun
O33 - MountPoints2\{fe502f8a-e8d2-11df-af29-0002787565a0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.28 15:52:53 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.08.28 11:04:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.28 11:04:02 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.08.28 11:04:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.08.26 11:11:17 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\fotos marlies
[2012.08.25 16:29:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShellfireVPN
[2012.08.24 10:48:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012.08.24 10:47:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2012.08.23 10:18:38 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2012.08.23 10:18:27 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012.08.22 19:40:51 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\eeepc
[2012.08.22 16:21:57 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\fotos heiner
[2012.08.16 02:51:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\e-academy Inc
[2012.08.16 02:51:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\e-academy Inc
[2012.08.13 01:41:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.08.13 01:39:10 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012.08.12 19:56:41 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Software EEE PC
[2012.08.12 18:29:33 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\2012_08_12 Auslagerung USB-Stick
[2012.08.09 22:02:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2012.08.09 22:02:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\pdfforge
[2012.08.09 22:02:53 | 000,081,920 | ---- | C] (pdfforge GbR) -- C:\Windows\System32\pdfcmon.dll
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.28 15:52:54 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.08.28 15:45:46 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.08.28 15:44:44 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2012.08.28 15:39:15 | 000,014,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.28 15:39:15 | 000,014,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.28 15:31:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.28 15:31:31 | 1609,375,744 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.28 11:04:05 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.08.26 21:16:49 | 000,196,922 | ---- | M] () -- C:\Users\***\Desktop\Handyrechnung.pdf
[2012.08.25 16:29:02 | 000,000,982 | ---- | M] () -- C:\Users\Public\Desktop\ShellfireVPN.lnk
[2012.08.25 15:20:33 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.08.25 15:20:33 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.08.25 15:20:33 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.08.25 15:20:33 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.08.25 08:25:32 | 000,315,272 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.08.24 01:44:43 | 000,000,493 | ---- | M] () -- C:\Users\***\Desktop\Energieoptionen - Verknüpfung.lnk
[2012.08.23 10:20:39 | 001,514,572 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1308000.00E\Cat.DB
[2012.08.18 20:58:16 | 000,074,325 | ---- | M] () -- C:\Users\***\Desktop\mhtml_{6BC759DB-AAAD-4564-9B77-71BD4CBBAEE8}mid___00000002_.pdf
[2012.08.17 17:41:46 | 000,103,635 | ---- | M] () -- C:\Users\***\Desktop\antrag_de_fz_pdf.pdf
[2012.08.17 17:40:16 | 000,103,635 | ---- | M] () -- C:\Users\***\Desktop\antrag_de_fz_ausgefuellt.pdf
[2012.08.16 05:06:51 | 000,008,942 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1308000.00E\VT20120731.038
[2012.08.16 02:51:56 | 000,003,153 | ---- | M] () -- C:\Users\***\Desktop\Secure Download Manager.lnk
[2012.08.15 23:55:59 | 000,002,383 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012.08.10 15:28:35 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1308000.00E\isolate.ini
[2012.08.09 22:02:58 | 000,001,122 | ---- | M] () -- C:\Users\Public\Desktop\PDFArchitect.lnk
[2012.08.09 22:02:58 | 000,000,953 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.28 15:45:46 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.08.28 15:44:43 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2012.08.28 11:04:05 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.08.26 21:16:49 | 000,196,922 | ---- | C] () -- C:\Users\***\Desktop\Handyrechnung.pdf
[2012.08.24 01:44:43 | 000,000,493 | ---- | C] () -- C:\Users\***\Desktop\Energieoptionen - Verknüpfung.lnk
[2012.08.23 09:39:00 | 000,011,190 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2012.08.18 20:58:12 | 000,074,325 | ---- | C] () -- C:\Users\***\Desktop\mhtml_{6BC759DB-AAAD-4564-9B77-71BD4CBBAEE8}mid___00000002_.pdf
[2012.08.17 17:41:44 | 000,103,635 | ---- | C] () -- C:\Users\***\Desktop\antrag_de_fz_pdf.pdf
[2012.08.17 17:40:12 | 000,103,635 | ---- | C] () -- C:\Users\***\Desktop\antrag_de_fz_ausgefuellt.pdf
[2012.08.16 02:51:56 | 000,003,153 | ---- | C] () -- C:\Users\***\Desktop\Secure Download Manager.lnk
[2012.08.09 22:02:58 | 000,001,122 | ---- | C] () -- C:\Users\Public\Desktop\PDFArchitect.lnk
[2012.08.09 22:02:58 | 000,000,953 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2012.05.23 17:01:03 | 813,785,088 | ---- | C] () -- C:\Users\***\Polizeiruf_110-Bullenklatschen-format282349.f4v.flv
[2012.05.02 12:15:05 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini
[2012.05.02 12:15:05 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini
[2012.05.02 12:09:19 | 000,003,425 | ---- | C] () -- C:\Windows\System32\KBDR.INI
[2012.05.02 12:09:19 | 000,002,699 | ---- | C] () -- C:\Windows\System32\KBDO.INI
[2012.05.02 12:09:19 | 000,002,236 | ---- | C] () -- C:\Windows\System32\KBDQ.INI
[2012.05.02 12:09:19 | 000,001,885 | ---- | C] () -- C:\Windows\System32\KBDP.INI
[2012.05.02 12:09:19 | 000,001,857 | ---- | C] () -- C:\Windows\System32\KBDUU.INI
[2012.05.02 12:09:19 | 000,001,835 | ---- | C] () -- C:\Windows\System32\KBDA.INI
[2012.05.02 12:09:19 | 000,001,834 | ---- | C] () -- C:\Windows\System32\KBDU.INI
[2012.05.02 12:09:19 | 000,001,819 | ---- | C] () -- C:\Windows\System32\KBDN.INI
[2012.05.02 12:09:19 | 000,001,699 | ---- | C] () -- C:\Windows\System32\KBDT.INI
[2012.05.02 12:09:19 | 000,001,697 | ---- | C] () -- C:\Windows\System32\KBDV.INI
[2012.05.02 12:09:19 | 000,001,522 | ---- | C] () -- C:\Windows\System32\KBDS.INI
[2012.05.02 12:09:19 | 000,001,476 | ---- | C] () -- C:\Windows\System32\KBDF.INI
[2012.05.02 12:09:18 | 000,002,741 | ---- | C] () -- C:\Windows\System32\KBDD.INI
[2012.05.02 12:09:18 | 000,002,699 | ---- | C] () -- C:\Windows\System32\KBDC.INI
[2012.05.02 12:09:18 | 000,002,606 | ---- | C] () -- C:\Windows\System32\KBDB.INI
[2012.05.02 12:09:18 | 000,001,956 | ---- | C] () -- C:\Windows\System32\KBDE.INI
[2012.05.02 12:09:18 | 000,001,835 | ---- | C] () -- C:\Windows\System32\KBDG.INI
[2012.02.28 14:54:34 | 000,200,468 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2011.11.27 15:27:56 | 000,000,839 | ---- | C] () -- C:\Users\***\.recently-used.xbel
[2011.07.17 18:05:04 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.07.15 08:38:09 | 000,022,723 | ---- | C] () -- C:\Windows\System32\SSGR3l3.dll
[2011.07.02 01:53:55 | 000,008,192 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.06.26 09:34:31 | 000,000,600 | ---- | C] () -- C:\Users\***\AppData\Local\PUTTY.RND
[2011.06.26 07:38:07 | 000,000,600 | ---- | C] () -- C:\Users\***\AppData\Roaming\winscp.rnd
[2011.06.25 01:23:52 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.06.07 10:45:11 | 000,001,024 | ---- | C] () -- C:\Windows\System32\clauth2.dll
[2011.06.07 10:45:11 | 000,001,024 | ---- | C] () -- C:\Windows\System32\clauth1.dll
[2011.06.07 10:45:11 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ssprs.dll
[2011.06.07 10:45:11 | 000,000,000 | ---- | C] () -- C:\Windows\System32\serauth2.dll
[2011.06.07 10:45:11 | 000,000,000 | ---- | C] () -- C:\Windows\System32\serauth1.dll
[2011.06.07 10:45:11 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nsprs.dll
[2011.03.14 09:37:35 | 000,001,520 | ---- | C] () -- C:\Windows\System32\MagicKBD.INI
[2011.03.14 09:36:15 | 000,004,300 | ---- | C] () -- C:\Windows\System32\MEMIO.SYS
[2011.03.11 03:46:04 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2011.03.11 03:46:04 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2011.02.24 19:27:30 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.02.05 23:02:38 | 000,007,605 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2011.01.17 08:54:14 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2010.12.29 09:57:54 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2010.12.20 07:46:48 | 000,043,653 | ---- | C] () -- C:\Users\***\AppData\Roaming\nvModes.001
[2010.12.20 07:46:30 | 000,043,653 | ---- | C] () -- C:\Users\***\AppData\Roaming\nvModes.dat
[2010.12.03 06:45:07 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll
[2010.11.29 22:59:23 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.11.12 05:19:24 | 000,021,080 | ---- | C] () -- C:\Windows\System32\drivers\ntiopnp.sys
[2010.11.06 09:45:54 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== LOP Check ==========
 
[2011.06.28 08:16:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Azureus
[2011.03.18 19:42:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BOM
[2011.02.24 08:21:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe Limited
[2011.11.24 16:46:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon
[2012.04.13 10:53:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.unitedinternet.ums.sms-mms-manager
[2012.08.16 02:51:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\e-academy Inc
[2011.10.09 21:38:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\elsterformular
[2011.02.06 09:38:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2010.12.07 23:38:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GMX
[2011.11.27 15:27:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2011.07.11 08:02:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2010.11.06 10:04:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2012.04.22 18:33:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\JonDo
[2011.09.19 17:58:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Juniper Networks
[2011.10.19 18:07:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\lingenio
[2010.12.29 09:59:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX
[2011.09.25 16:55:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia
[2011.09.25 16:55:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia Ovi Suite
[2011.09.25 16:55:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite
[2012.08.09 22:03:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\pdfforge
[2011.10.27 20:06:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Publish Providers
[2012.04.27 22:02:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ShellfireVPN
[2011.09.28 14:10:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Simfy
[2011.10.27 22:50:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sony
[2012.08.24 08:48:04 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
Extras.txt:
Code:
OTL Extras logfile created on: 28.08.2012 15:53:24 - Run 1
OTL by OldTimer - Version 3.2.59.1    Folder = C:\Users\***\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,20 Gb Available Physical Memory | 59,97% Memory free
4,00 Gb Paging File | 2,94 Gb Available in Paging File | 73,48% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 88,31 Gb Total Space | 10,94 Gb Free Space | 12,39% Space Free | Partition Type: NTFS
Drive D: | 88,00 Gb Total Space | 1,12 Gb Free Space | 1,28% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A7C7F16-E5A0-4BAC-9A7D-758138BE71A4}" = lport=137 | protocol=17 | dir=in | app=system |
"{0ABDA680-A496-476B-9DAD-68DA5D42CDC4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{13FD707A-1264-482D-BC08-D8D2C2E04C6A}" = rport=137 | protocol=17 | dir=out | app=system |
"{1495B7F0-E205-402F-96D5-D02F0FC0F583}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{17FD2C91-8AE7-4F78-BCBB-17FE58F299DF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1971336E-6119-4A34-8ADC-144DC95D3A04}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1A75B7C3-69F7-4958-9191-CA7B3605CD87}" = rport=138 | protocol=17 | dir=out | app=system |
"{1BF2F9CD-8347-490C-A656-6AE29D835EBF}" = lport=445 | protocol=6 | dir=in | app=system |
"{238D8748-7706-4DAF-B98E-F78F181956B1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{23B77F0A-CA90-4BE7-87E0-8C977A3DE9CC}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{2C9C4584-D2E9-4F22-8FD9-E81A772DED32}" = rport=139 | protocol=6 | dir=out | app=system |
"{34C9532F-C5C8-4CD2-874F-2B5598CB2BB8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{40DE7555-1EEC-4BD2-B421-B8F1AFF7E4C0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{44AAD4F5-5E19-4DFF-8228-00427B1C880E}" = rport=10243 | protocol=6 | dir=out | app=system |
"{46F38758-1C73-475A-9CB7-A3351DC5BCB5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{680ADCFC-4B48-4303-8361-E1DBC8AF5548}" = lport=2869 | protocol=6 | dir=in | app=system |
"{70F11505-594E-427F-BC1B-C4B44A26085B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{98361A0A-46A2-4217-99D4-52A2EBB61DD6}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B9D12506-D6B3-4C8C-B06A-5CC817AFA3B5}" = lport=139 | protocol=6 | dir=in | app=system |
"{C1A7783F-5264-4C31-B898-D5F4C9C51463}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C4BB5C4E-9291-4714-9D6E-BCF802997AF3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C7749988-5F85-45B2-89BF-2D57589A3E64}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{DD0C717F-3555-49FA-9A43-E10E562489EF}" = rport=445 | protocol=6 | dir=out | app=system |
"{F337BF2F-6152-4D65-925A-56C5B1773268}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F9785B87-FEDF-4AE1-ADED-31977E3B12E9}" = lport=138 | protocol=17 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FD430C1-84C3-4540-B729-6A55C94D1AA2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{136541BD-0626-481B-9C1E-051F5036C72A}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{1ED1BE54-A659-401F-A623-5C3A2FFC4795}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{290CDE27-23C3-4AB2-A8D5-4E17193CD7AE}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{2E9DE4AE-595E-4FCF-8F93-F0134A18982F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{369442B1-4B4A-424B-9FA5-2A76B579E504}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{369F4475-6658-416D-BA44-858902E26715}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{37E45C19-46ED-4DED-9B23-FD236EE608E7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{47DECB10-B6F5-4035-B1AD-6ECE59B0ACEC}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{4E0F2925-2258-418E-A0D3-05FB221164D5}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{52E81BC0-1CC9-4038-8DC2-261889137424}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{579B66DB-02E2-48E6-A47B-2A75797BD4A5}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{5F2F3B75-B8CC-4ED5-96AE-561F035F919B}" = protocol=6 | dir=out | app=system |
"{5F8EB2B8-A114-48C3-BBF1-BD8F9FBDD9E5}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{62E19E75-B86B-45CE-9DFE-AE12217CC77F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{635D9415-9E9A-4925-A5BD-08AB739B2928}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{679ABACE-76F3-42F7-93DF-83FCA14038B4}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{682A6EEC-966A-494A-ADCD-E9DD820F51C9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6B14605E-F858-43E5-BE59-82630C8283F3}" = dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"{7CB3D0FE-C5A2-4E8F-B549-A544104226AB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7E866AE1-11E1-4E16-B54C-573B45B18632}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{89AF97AB-E474-4CEA-ACE5-26A2C19CECC7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{9988F4EF-96CB-4086-A9C1-1D444B76F37C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9D250DB9-47CE-44C2-B856-314233EDD3C2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A96C673F-07D7-4751-A0A7-7B377A7FF08E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AC2D3314-7CB2-4C57-9C40-293570F1B593}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B378BE6E-ED0C-43B5-ADF4-ED5CABCEDDBE}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B493B492-4282-4124-8146-12E8FDDE220A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D332D624-DD24-4856-A226-539D1E78FC68}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D3EF8419-0ED0-4AE1-883E-37402E0D9620}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{D76661EA-E9DD-417B-BFA5-B6800F4E6F4D}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"{DD550B7B-D5A0-42DA-80CD-45B0C2CAF0D8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DED7864C-DE3F-4F87-8A86-A24B91C68AE2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{DF9494A0-533B-4213-947E-CF5D002E8498}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E5763934-6421-4A79-9224-6A875D5E51AE}" = protocol=6 | dir=in | app=c:\program files\veetle\player\veetlenet.exe |
"{E9C4D3AB-A7B6-4D25-AF01-4B89081DECB6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{FBFA020C-3211-4D19-BB11-984643C25BA4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.6300
"{07D77970-B205-460C-84E4-263F30455597}" = Nokia Ovi Suite
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D3CECCA-A589-ECCA-EC0B-2F98F2789F60}" = simfy
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series" = Canon MP560 series MP Drivers
"{12451AF7-EFF8-4B5B-8255-282D7CC7CAEE}" = OviMPlatform
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution II
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{2CC53A53-44F4-4667-8584-2FFC9ACB2242}" = Ovi Desktop Sync Engine
"{2D99A593-C841-43A7-B7C9-D6F3AE70B756}" = Nokia Connectivity Cable Driver
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D9B9CF3-1E9C-45B6-B41E-5CF568605556}" = SPSS 15.0 für Windows [Auswertung Version]
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71A51B09-E7D3-11DB-A386-005056C00008}" = Vimicro UVC Camera
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{804F1285-8CBF-408D-8CDC-D4D40003B2E4}" = PlayCamera
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.5.2
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PRJPROR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PRJPROR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PRJPROR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PRJPROR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PRJPROR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PRJPROR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2010
"{90140000-00B4-0407-0000-0000000FF1CE}_Office14.PRJPROR_{86D01646-1942-4253-B11F-68F5ED259B17}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010
"{91140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPROR_{8A8F117F-8EDB-440D-B679-F08909D729F7}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{9268B41D-6045-4F5F-A14E-3F8E51CD2666}" = Secure Download Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A12EA295-32EA-42BB-8442-2C2BE852D4AA}" = inSSIDer 2.0
"{A8F7FCEF-3CA6-4CE9-8FEA-8BB18F8686F0}" = Nokia Ovi Suite Software Updater
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BD723E53-A42C-4702-AA04-1D74A0311590}" = Magic Keyboard
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C373F7C4-05D2-4047-96D1-6AF30661C6AA}" = PC Connectivity Solution
"{C5DA59CF-2BB8-48D5-8E5B-17F2E0F0FEE4}" = System Requirements Lab for Intel
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7EC8A27-CDA2-46AE-8A26-4104A04FA5BE}" = 32 Bit HP CIO Components Installer
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E492D84D-F8CB-48C7-A78C-D62537D5AE46}" = GMX SMS-Manager
"{E6F012B0-E930-11E0-A67A-F04DA23A5C58}" = Vegas Pro 11.0
"{E9627240-E930-11E0-8690-F04DA23A5C58}" = MSVCRT Redists
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Biet-O-Matic v2.14.8" = Biet-O-Matic v2.14.8
"BILDmobil" = BILDmobil
"BTEIK_14_674328" = Business - Sprachkurs English
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon My Printer
"com.unitedinternet.ums.sms-mms-manager" = GMX SMS-Manager
"CPUCooL" = CPUCooL (remove only)
"CyberGhost VPN_is1" = CyberGhost VPN
"ElsterFormular 13.2.0.8623p" = ElsterFormular
"ElsterFormular für Privatanwender 12.2.0.6412p" = ElsterFormular-Update
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON SX600FW Series" = Druckerdeinstallation für EPSON SX600FW Series
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FileZilla Client" = FileZilla Client 3.3.5.1
"Fotosizer" = Fotosizer 1.32
"GMX ProfiFax" = GMX ProfiFax
"GPL Ghostscript 9.05" = GPL Ghostscript
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IrfanView" = IrfanView (remove only)
"Juniper Network Connect 6.5.0" = Juniper Networks Network Connect 6.5.0
"Juniper Network Connect 7.0.0" = Juniper Networks Network Connect 7.0.0
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"KTE_14_669070" = Business - Kommunikationstrainer English
"MAGIX PC Check & Tuning 2010 Download-Version D" = MAGIX PC Check & Tuning 2010 Download-Version 5.0.25.701 (D)
"MAGIX Screenshare D" = MAGIX Screenshare
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MiKTeX 2.9" = MiKTeX 2.9
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NIS" = Norton Internet Security
"Nokia Ovi Suite" = Nokia Ovi Suite
"office wörterbuch pro 3" = office wörterbuch pro 3
"Office14.PRJPROR" = Microsoft Project Professional 2010
"PDF Blender" = PDF Blender
"ProInst" = Intel(R) PROSet/Wireless Software
"Samsung SCX-4100 Series" = Samsung SCX-4100 Series
"ShellfireVPN" = ShellfireVPN 2.1
"Simfy" = simfy
"SPE_14_669073" = Business - Sprachführer English
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"Veetle TV" = Veetle TV
"VLC media player" = VLC media player 2.0.1
"vShare.tv plugin" = vShare.tv plugin 1.3
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"winscp3_is1" = WinSCP 4.3.3
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{4E97552A-D0D2-47E3-B4A0-82E5A57A4198}_is1" = Bild Albelli Fotoservice
"DrKawashima" = Dr Kawashima
"Juniper_Setup_Client" = Juniper Networks Setup Client
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11.02.2012 05:09:48 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6986458
 
Error - 11.02.2012 05:09:48 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6986458
 
Error - 11.02.2012 05:09:49 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 11.02.2012 05:09:49 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6987487
 
Error - 11.02.2012 05:09:49 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6987487
 
Error - 11.02.2012 05:09:50 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 11.02.2012 05:09:50 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6988486
 
Error - 11.02.2012 05:09:50 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6988486
 
Error - 11.02.2012 05:17:42 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 11.02.2012 05:17:42 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1856
 
[ OSession Events ]
Error - 22.06.2011 02:45:39 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 58797
 seconds with 13380 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 25.08.2012 18:46:52 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%20
 
Error - 25.08.2012 18:48:19 | Computer Name = ***-PC | Source = DCOM | ID = 10016
Description =
 
Error - 26.08.2012 18:08:43 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%20
 
Error - 26.08.2012 18:09:57 | Computer Name = ***-PC | Source = DCOM | ID = 10016
Description =
 
Error - 27.08.2012 08:02:17 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%20
 
Error - 27.08.2012 08:03:30 | Computer Name = ***-PC | Source = DCOM | ID = 10016
Description =
 
Error - 27.08.2012 18:57:02 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%20
 
Error - 27.08.2012 18:58:16 | Computer Name = ***-PC | Source = DCOM | ID = 10016
Description =
 
Error - 28.08.2012 01:31:49 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%20
 
Error - 28.08.2012 01:33:03 | Computer Name = ***-PC | Source = DCOM | ID = 10016
Description =
 
 
< End of report >

cosinus 30.08.2012 20:58
Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

puntaara 31.08.2012 00:22
Habe leider keine älteren Logs mehr.

Hatte es vor ca. nem Jahr zwar schonmal installiert und gescannt, weil mein Rechner etwas lahm war. Dies hat sich aber als Hardwareproblem herausgestellt und der Malwarebytes hatte auch nichts gefunden. Daraufhin hatte ich es wieder deinstalliert.

cosinus 31.08.2012 10:50
Führ bitte auch ESET aus, danach sehen wir weiter.

Hinweis: ESET zeigt durchaus öfter ein paar Fehlalarme. Deswegen soll auch von ESET immer nur erst das Log gepostet und nichts entfernt werden.

ESET Online Scanner
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen
  • Dein Anti-Virus-Programm während des Scans deaktivieren.

    Im als Administrator geöffneten Browser diesen Link aufrufen => ESET Online Scanner
    • Firefox-User:
      Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
    • IE-User:
      müssen das Installieren eines ActiveX Elements erlauben.
  • Setze den einen Haken bei Yes, i accept the Terms of Use.
  • Drücke den http://img707.imageshack.us/img707/687/starteg.jpg Button.
  • Warte bis die Komponenten herunter geladen wurden.
  • Setze einen Haken bei "Scan archives".
  • Gehe sicher das bei Remove Found Threats kein Hacken gesetzt ist.
  • http://img707.imageshack.us/img707/687/starteg.jpg drücken.
  • Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.
Wenn der Scan beendet wurde
  • Klicke Finish.
  • Browser schließen.
Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + R Taste und kopiere folgenden Text in das Ausführen Fenster.
Code:
"%PROGRAMFILES%\Eset\Eset Online Scanner\log.txt"
Hinweis: Falls du ein 64-Bit-Windows einsetzt, lautet der Pfad so:

Code:
"%PROGRAMFILES(X86)%\Eset\Eset Online Scanner\log.txt"
Poste nun den Inhalt der log.txt.


Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

puntaara 31.08.2012 23:33
Habe den Scan durchgeführt mit folgendem Ergebnis:

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=41b6c67cb52f3f40873e4fd9173d952a
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-31 02:50:16
# local_time=2012-09-01 12:50:16 (+1000, Ostaustralische Normalzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3588 16777214 85 70 0 15113335 0 0
# compatibility_mode=5893 16776574 100 94 47033076 98044810 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=244471
# found=3
# cleaned=0
# scan_time=14596
C:\Users\***\Downloads\fsSetup132.exe        Win32/Toolbar.Widgi application (unable to clean)        00000000000000000000000000000000        I
C:\Users\***\Downloads\installer_sunbird_german.exe        Win32/Toggle application (unable to clean)        00000000000000000000000000000000        I
C:\Users\***\Downloads\PDFCreator-1_2_3_setup.exe        Win32/Toolbar.Widgi application (unable to clean)        00000000000000000000000000000000        I

cosinus 01.09.2012 10:44
adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

puntaara 01.09.2012 11:23
Hier das Ergebnis vom AdwCleaner:

Code:
# AdwCleaner v2.000 - Datei am 09/01/2012 um 20:19:43 erstellt
# Aktualisiert am 30/08/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : *** - ******-PC
# Normaler Modus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Program Files\Mozilla Firefox\Plugins\npvsharetvplg.dll
Datei Gefunden : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\17f4qzsw.default\searchplugins\Startsear.xml
Datei Gefunden : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\17f4qzsw.default\searchplugins\web-search.xml
Ordner Gefunden : C:\Program Files\vShare.tv plugin
Ordner Gefunden : C:\Users\***\AppData\Local\Conduit
Ordner Gefunden : C:\Users\***\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\***\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\StartSearch
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B}
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gefunden : HKLM\SOFTWARE\Software

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v15.0 (de)

Profilname : default [Profil par défaut]
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\17f4qzsw.default\prefs.js

Gefunden : user_pref("browser.search.defaultengine", "Web Search");
Gefunden : user_pref("browser.search.defaultenginename", "Web Search");
Gefunden : user_pref("browser.search.order.1", "Web Search");
Gefunden : user_pref("keyword.URL", "hxxp://startsear.ch/?aff=1&q=");
Gefunden : user_pref("vshare.install.fresh", "true");

*************************

AdwCleaner[R1].txt - [3267 octets] - [01/09/2012 20:19:43]

########## EOF - C:\AdwCleaner[R1].txt - [3327 octets] ##########

cosinus 01.09.2012 12:22
adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

puntaara 01.09.2012 12:51
AdwCleaner[S1].txt

Code:
# AdwCleaner v2.000 - Datei am 09/01/2012 um 21:41:31 erstellt
# Aktualisiert am 30/08/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : *** - ******-PC
# Normaler Modus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files\Mozilla Firefox\Plugins\npvsharetvplg.dll
Datei Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\17f4qzsw.default\searchplugins\Startsear.xml
Datei Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\17f4qzsw.default\searchplugins\web-search.xml
Ordner Gelöscht : C:\Program Files\vShare.tv plugin
Ordner Gelöscht : C:\Users\***\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\***\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\***\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\StartSearch
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Software

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0 (de)

Profilname : default [Profil par défaut]
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\17f4qzsw.default\prefs.js

Gelöscht : user_pref("browser.search.defaultengine", "Web Search");
Gelöscht : user_pref("browser.search.defaultenginename", "Web Search");
Gelöscht : user_pref("browser.search.order.1", "Web Search");
Gelöscht : user_pref("keyword.URL", "hxxp://startsear.ch/?aff=1&q=");
Gelöscht : user_pref("vshare.install.fresh", "true");

*************************

AdwCleaner[R1].txt - [3396 octets] - [01/09/2012 20:19:43]
AdwCleaner[S1].txt - [3586 octets] - [01/09/2012 21:41:31]

########## EOF - C:\AdwCleaner[S1].txt - [3646 octets] ##########

cosinus 01.09.2012 12:55
Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

puntaara 01.09.2012 13:26
Windows läuft meiner Meinung nach normal.

Auch im Startmenü schein nichts zu fehlen, kann jedenfalls keine leeren Ordner entdecken.

cosinus 01.09.2012 13:48
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

puntaara 01.09.2012 14:26
Hier der Inhalt von OTL.txt:

Code:
OTL logfile created on: 01.09.2012 22:57:57 - Run 2
OTL by OldTimer - Version 3.2.59.1    Folder = C:\Users\***\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,28 Gb Available Physical Memory | 63,83% Memory free
4,00 Gb Paging File | 2,87 Gb Available in Paging File | 71,78% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 88,31 Gb Total Space | 7,66 Gb Free Space | 8,67% Space Free | Partition Type: NTFS
Drive D: | 88,00 Gb Total Space | 1,12 Gb Free Space | 1,28% Space Free | Partition Type: NTFS
Drive E: | 6,13 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: ******-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.01 22:55:23 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\otl.exe
PRC - [2012.08.13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.08.03 16:06:06 | 001,086,376 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
PRC - [2012.08.01 16:07:16 | 000,724,888 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2012.08.01 16:07:06 | 000,174,488 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2012.08.01 16:06:58 | 000,148,888 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
PRC - [2012.07.28 06:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.06.16 12:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ccsvchst.exe
PRC - [2012.05.15 19:27:34 | 000,857,920 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011.12.02 02:11:48 | 000,743,936 | ---- | M] () -- C:\Program Files\CPUCooL\CooLSRV.exe
PRC - [2011.07.09 06:32:14 | 000,666,696 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2011.06.24 14:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.05.04 12:52:32 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\ShellfireVPN\jre6\bin\java.exe
PRC - [2011.02.25 15:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 22:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.07 04:34:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2009.01.27 00:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.01.03 14:33:50 | 000,372,736 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Program Files\SamSung\MagicKBD\MagicKBD.exe
PRC - [2008.01.03 02:40:14 | 000,348,160 | ---- | M] (SAMSUNG Electronics co., LTD.) -- C:\Program Files\SamSung\EBM\EasyBatteryMgr3.exe
PRC - [2007.12.28 19:44:10 | 000,565,248 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\SamSung\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2007.10.17 16:28:08 | 000,692,224 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\SamSung\Easy Display Manager\dmhkcore.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.08.03 16:07:06 | 000,276,392 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\phonon4.dll
MOD - [2012.08.03 16:06:50 | 002,652,584 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtXmlPatterns4.dll
MOD - [2012.08.03 16:06:50 | 000,363,944 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtXml4.dll
MOD - [2012.08.03 16:06:48 | 011,166,120 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtWebKit4.dll
MOD - [2012.08.03 16:06:46 | 000,205,736 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtSql4.dll
MOD - [2012.08.03 16:06:44 | 001,346,472 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtScript4.dll
MOD - [2012.08.03 16:06:44 | 000,720,296 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtOpenGL4.dll
MOD - [2012.08.03 16:06:42 | 008,506,792 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtGui4.dll
MOD - [2012.08.03 16:06:42 | 001,013,672 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtNetwork4.dll
MOD - [2012.08.03 16:06:42 | 000,520,104 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtMultimediaKit1.dll
MOD - [2012.08.03 16:06:40 | 002,480,552 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtDeclarative4.dll
MOD - [2012.08.03 16:06:40 | 002,353,576 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtCore4.dll
MOD - [2012.08.03 16:06:36 | 000,445,864 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll
MOD - [2012.08.03 16:06:32 | 000,206,760 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\Imageformats\qjpeg4.dll
MOD - [2012.08.03 16:06:32 | 000,035,240 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\Imageformats\qico4.dll
MOD - [2012.08.03 16:06:30 | 000,032,680 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\Imageformats\qgif4.dll
MOD - [2012.08.03 16:06:02 | 000,437,672 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\NService.dll
MOD - [2012.08.03 16:05:24 | 000,604,072 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\CommonUpdateChecker.dll
MOD - [2012.07.02 11:29:08 | 000,391,600 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\ssoengine.dll
MOD - [2012.07.02 11:29:08 | 000,059,280 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\securestorage.dll
MOD - [2012.07.02 11:28:20 | 000,110,080 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\mediaservice\dsengine.dll
MOD - [2006.09.19 09:52:46 | 000,028,672 | ---- | M] () -- C:\Program Files\SamSung\Easy Display Manager\WinMove.dll
MOD - [2006.08.12 21:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\SamSung\EasySpeedUpManager\HookDllPS2.dll
MOD - [2006.08.12 12:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\SamSung\Easy Display Manager\HookDllPS2.dll
MOD - [2005.07.12 16:34:22 | 000,045,056 | ---- | M] () -- C:\Program Files\SamSung\MagicKBD\EasyBoxDll.dll
MOD - [2003.07.11 11:09:28 | 000,048,192 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\Web Folders\1031\NSEXTINT.DLL
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2012.08.31 09:08:33 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.08.13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.08.01 16:07:16 | 000,724,888 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012.07.28 06:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.07.03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.06.16 12:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe -- (NIS)
SRV - [2011.12.02 02:11:48 | 000,743,936 | ---- | M] () [Auto | Running] -- C:\Program Files\CPUCooL\CooLSRV.exe -- (CPUCooLServer)
SRV - [2011.09.01 11:13:02 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011.07.09 06:32:14 | 000,666,696 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2011.07.05 10:25:08 | 002,428,968 | ---- | M] (mobile concepts GmbH) [On_Demand | Stopped] -- C:\Program Files\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc)
SRV - [2011.05.04 12:52:32 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\ShellfireVPN\jre6\bin\java.exe -- (ShellfireVPN2Service)
SRV - [2010.11.07 04:34:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2009.07.14 11:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 11:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 11:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 11:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.06.29 03:54:42 | 000,073,728 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\SamSung\Samsung Update Plus\SLUBackgroundService.exe -- (Samsung Update Plus)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\***\AppData\Local\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\***\AppData\Local\Temp\__Samsung_Update\ADDMEM.SYS -- (ADDMEM)
DRV - [2012.08.22 12:05:07 | 000,386,208 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120831.001\IDSvix86.sys -- (IDSVix86)
DRV - [2012.08.21 11:39:34 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120831.032\NAVEX15.SYS -- (NAVEX15)
DRV - [2012.08.21 11:39:34 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120831.032\NAVENG.SYS -- (NAVENG)
DRV - [2012.08.09 15:54:24 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012.08.09 15:54:23 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012.07.06 12:17:57 | 000,574,112 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\NIS\1308000.00E\srtsp.sys -- (SRTSP)
DRV - [2012.07.06 12:17:57 | 000,032,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1308000.00E\srtspx.sys -- (SRTSPX)
DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.06.27 15:18:52 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2012.06.19 10:01:16 | 000,821,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120823.007\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012.06.07 14:43:43 | 000,132,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1308000.00E\ccsetx86.sys -- (ccSet_NIS)
DRV - [2012.05.22 11:37:12 | 000,924,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1308000.00E\symefa.sys -- (SymEFA)
DRV - [2012.05.15 20:26:00 | 011,354,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012.04.18 12:13:32 | 000,318,584 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1308000.00E\symnets.sys -- (SymNetS)
DRV - [2012.04.18 11:42:14 | 000,149,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1308000.00E\ironx86.sys -- (SymIRON)
DRV - [2012.03.27 10:32:31 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012.01.09 17:28:20 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2012.01.09 17:28:20 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2012.01.09 17:28:20 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2012.01.09 17:28:20 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2012.01.09 17:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2012.01.09 17:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011.08.19 00:46:06 | 000,026,112 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tapoas.sys -- (tapoas)
DRV - [2011.07.26 04:18:36 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NIS\1308000.00E\symds.sys -- (SymDS)
DRV - [2011.07.01 19:46:40 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2010.11.20 22:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 22:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 22:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 20:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 19:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 19:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 19:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.11.12 05:19:24 | 000,021,080 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\ntiopnp.sys -- (ntiopnp)
DRV - [2010.11.07 04:36:22 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2010.11.07 04:36:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2010.11.07 04:36:22 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2010.11.07 04:34:12 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2010.11.07 04:01:27 | 000,243,840 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmc302.sys -- (VMC302)
DRV - [2009.12.09 23:10:40 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2009.09.28 18:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009.07.14 10:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009.07.14 10:14:49 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2009.07.14 08:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009.06.23 05:01:02 | 000,112,128 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009.06.23 04:38:24 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.06.23 04:26:06 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009.03.02 22:12:10 | 000,038,400 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2009.03.02 22:12:10 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2008.04.05 03:34:26 | 000,014,208 | ---- | M] (MAGIX) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\disksec.sys -- (DiskSec)
DRV - [2007.09.26 22:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2006.11.14 18:11:54 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO)
DRV - [2000.08.24 10:19:38 | 000,004,300 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\MEMIO.SYS -- (DOSMEMIO)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{12458CC8-5583-49A9-8F64-0951EB59D6C9}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-21-2791256138-4108016520-4061832491-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.spiegel.de/
IE - HKU\S-1-5-21-2791256138-4108016520-4061832491-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2791256138-4108016520-4061832491-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2791256138-4108016520-4061832491-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DF CA C6 BA 62 DC CB 01  [binary data]
IE - HKU\S-1-5-21-2791256138-4108016520-4061832491-1001\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKU\S-1-5-21-2791256138-4108016520-4061832491-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2791256138-4108016520-4061832491-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://startsear.ch/?aff=1&q={searchTerms}
IE - HKU\S-1-5-21-2791256138-4108016520-4061832491-1001\..\SearchScopes\{12458CC8-5583-49A9-8F64-0951EB59D6C9}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2791256138-4108016520-4061832491-1001\..\SearchScopes\{822D8992-2E48-49BA-B3E2-E2946D8B5C98}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}
IE - HKU\S-1-5-21-2791256138-4108016520-4061832491-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2791256138-4108016520-4061832491-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.spiegel.de/"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012.02.01 08:43:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2012.09.01 21:46:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.31 09:08:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.01 21:41:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.31 09:08:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.01 21:41:33 | 000,000,000 | ---D | M]
 
[2011.07.17 18:02:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.08.10 23:33:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\17f4qzsw.default\extensions
[2012.04.01 07:41:13 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\17f4qzsw.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.05.23 14:47:26 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\17f4qzsw.default\extensions\foxyproxy@eric.h.jung
[2012.07.10 10:48:26 | 000,000,853 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\17f4qzsw.default\searchplugins\11-suche.xml
[2012.07.10 10:48:26 | 000,002,209 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\17f4qzsw.default\searchplugins\englische-ergebnisse.xml
[2012.07.10 10:48:26 | 000,010,506 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\17f4qzsw.default\searchplugins\gmx-suche.xml
[2012.07.10 10:48:26 | 000,002,368 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\17f4qzsw.default\searchplugins\lastminute.xml
[2012.07.10 10:48:26 | 000,005,489 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\17f4qzsw.default\searchplugins\webde-suche.xml
[2012.06.11 20:17:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.08.24 20:49:10 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.02.01 08:43:34 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPLGN
[2012.08.31 09:08:33 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.25 13:24:55 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.31 09:08:32 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.25 13:24:55 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.25 13:24:55 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.25 13:24:55 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.25 13:24:55 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.08.25 16:25:26 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.8.0.14\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.8.0.14\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-2791256138-4108016520-4061832491-1001\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.8.0.14\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [MagicKeyboard] C:\Program Files\SamSung\MagicKBD\PreMKbd.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-2791256138-4108016520-4061832491-1001..\Run: []  File not found
O4 - HKU\S-1-5-21-2791256138-4108016520-4061832491-1001..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-2791256138-4108016520-4061832491-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.133.98.98 213.133.100.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{09C68E53-34CD-4CC3-B251-22352C5969F1}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3865F505-6934-4437-ADDE-F80EE878262E}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{444AB6EB-4802-4F64-9945-107C1C941A0C}: DhcpNameServer = 139.7.30.125 139.7.30.126
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E8AC0218-C72D-4B60-9739-E8B62587AD30}: DhcpNameServer = 213.133.98.98 213.133.100.100
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.11 07:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{53d02919-c40c-11e1-b90e-0002787565a0}\Shell - "" = AutoRun
O33 - MountPoints2\{53d02919-c40c-11e1-b90e-0002787565a0}\Shell\AutoRun\command - "" = F:\iStudio.exe
O33 - MountPoints2\{6c24c42d-ea56-11df-aaa6-0002787565a0}\Shell - "" = AutoRun
O33 - MountPoints2\{6c24c42d-ea56-11df-aaa6-0002787565a0}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{fe502f8a-e8d2-11df-af29-0002787565a0}\Shell - "" = AutoRun
O33 - MountPoints2\{fe502f8a-e8d2-11df-af29-0002787565a0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe - (Broadcom Corporation.)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: CanonMyPrinter - hkey= - key= - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
MsConfig - StartUpReg: GMX SMS-Manager - hkey= - key= -  File not found
MsConfig - StartUpReg: IJNetworkScanUtility - hkey= - key= - C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
MsConfig - StartUpReg: Malwarebytes' Anti-Malware - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
MsConfig - StartUpReg: Malwarebytes' Anti-Malware (reboot) - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: NokiaMServer - hkey= - key= -  File not found
MsConfig - StartUpReg: NokiaOviSuite2 - hkey= - key= -  File not found
MsConfig - StartUpReg: PC Suite Tray - hkey= - key= -  File not found
MsConfig - StartUpReg: PDFPrint - hkey= - key= - C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH)
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 2
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.01 22:55:23 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\otl.exe
[2012.08.31 20:40:28 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.08.31 20:40:14 | 002,322,184 | ---- | C] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe
[2012.08.30 19:06:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Nokia Suite
[2012.08.30 18:41:24 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Nokia Suite
[2012.08.30 18:27:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia
[2012.08.30 18:22:33 | 000,019,072 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys
[2012.08.30 18:22:24 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2012.08.28 11:04:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.28 11:04:02 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.08.28 11:04:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.08.26 11:11:17 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\fotos marlies
[2012.08.25 16:29:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShellfireVPN
[2012.08.24 10:48:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012.08.24 10:47:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2012.08.23 10:18:38 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2012.08.23 10:18:27 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012.08.22 19:40:51 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\eeepc
[2012.08.22 16:21:57 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\fotos heiner
[2012.08.16 02:51:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\e-academy Inc
[2012.08.16 02:51:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\e-academy Inc
[2012.08.13 01:41:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.08.13 01:39:10 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012.08.12 19:56:41 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Software EEE PC
[2012.08.12 18:29:33 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\2012_08_12 Auslagerung USB-Stick
[2012.08.09 22:02:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2012.08.09 22:02:53 | 000,081,920 | ---- | C] (pdfforge GbR) -- C:\Windows\System32\pdfcmon.dll
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.01 22:55:23 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\otl.exe
[2012.09.01 21:53:11 | 000,014,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.01 21:53:11 | 000,014,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.01 21:44:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.01 21:44:18 | 1609,375,744 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.01 20:10:09 | 000,511,265 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner.exe
[2012.09.01 17:01:47 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.01 17:01:47 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.01 17:01:47 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.09.01 17:01:47 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.08.31 20:40:20 | 002,322,184 | ---- | M] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe
[2012.08.31 09:01:27 | 001,514,648 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1308000.00E\Cat.DB
[2012.08.30 18:27:00 | 000,002,007 | ---- | M] () -- C:\Users\Public\Desktop\Nokia Suite.lnk
[2012.08.28 16:08:56 | 000,302,592 | ---- | M] () -- C:\Users\***\Desktop\yzem5q48.exe
[2012.08.28 15:45:46 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.08.28 15:44:44 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2012.08.28 11:04:05 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.08.26 21:16:49 | 000,196,922 | ---- | M] () -- C:\Users\***\Desktop\Handyrechnung.pdf
[2012.08.25 16:29:02 | 000,000,982 | ---- | M] () -- C:\Users\Public\Desktop\ShellfireVPN.lnk
[2012.08.25 08:25:32 | 000,315,272 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.08.24 01:44:43 | 000,000,493 | ---- | M] () -- C:\Users\***\Desktop\Energieoptionen - Verknüpfung.lnk
[2012.08.18 20:58:16 | 000,074,325 | ---- | M] () -- C:\Users\***\Desktop\mhtml_{6BC759DB-AAAD-4564-9B77-71BD4CBBAEE8}mid___00000002_.pdf
[2012.08.17 17:41:46 | 000,103,635 | ---- | M] () -- C:\Users\***\Desktop\antrag_de_fz_pdf.pdf
[2012.08.17 17:40:16 | 000,103,635 | ---- | M] () -- C:\Users\***\Desktop\antrag_de_fz_ausgefuellt.pdf
[2012.08.16 05:06:51 | 000,008,942 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1308000.00E\VT20120731.038
[2012.08.16 02:51:56 | 000,003,153 | ---- | M] () -- C:\Users\***\Desktop\Secure Download Manager.lnk
[2012.08.15 23:55:59 | 000,002,383 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012.08.10 15:28:35 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1308000.00E\isolate.ini
[2012.08.09 22:02:58 | 000,001,122 | ---- | M] () -- C:\Users\Public\Desktop\PDFArchitect.lnk
[2012.08.09 22:02:58 | 000,000,953 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.09.01 20:10:02 | 000,511,265 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner.exe
[2012.08.30 18:26:58 | 000,002,007 | ---- | C] () -- C:\Users\Public\Desktop\Nokia Suite.lnk
[2012.08.28 16:08:55 | 000,302,592 | ---- | C] () -- C:\Users\***\Desktop\yzem5q48.exe
[2012.08.28 15:45:46 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.08.28 15:44:43 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2012.08.28 11:04:05 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.08.26 21:16:49 | 000,196,922 | ---- | C] () -- C:\Users\***\Desktop\Handyrechnung.pdf
[2012.08.24 01:44:43 | 000,000,493 | ---- | C] () -- C:\Users\***\Desktop\Energieoptionen - Verknüpfung.lnk
[2012.08.23 09:39:00 | 000,011,190 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2012.08.18 20:58:12 | 000,074,325 | ---- | C] () -- C:\Users\***\Desktop\mhtml_{6BC759DB-AAAD-4564-9B77-71BD4CBBAEE8}mid___00000002_.pdf
[2012.08.17 17:41:44 | 000,103,635 | ---- | C] () -- C:\Users\***\Desktop\antrag_de_fz_pdf.pdf
[2012.08.17 17:40:12 | 000,103,635 | ---- | C] () -- C:\Users\***\Desktop\antrag_de_fz_ausgefuellt.pdf
[2012.08.16 02:51:56 | 000,003,153 | ---- | C] () -- C:\Users\***\Desktop\Secure Download Manager.lnk
[2012.08.09 22:02:58 | 000,001,122 | ---- | C] () -- C:\Users\Public\Desktop\PDFArchitect.lnk
[2012.08.09 22:02:58 | 000,000,953 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2012.05.23 17:01:03 | 813,785,088 | ---- | C] () -- C:\Users\***\Polizeiruf_110-Bullenklatschen-format282349.f4v.flv
[2012.05.02 12:15:05 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini
[2012.05.02 12:15:05 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini
[2012.05.02 12:09:19 | 000,003,425 | ---- | C] () -- C:\Windows\System32\KBDR.INI
[2012.05.02 12:09:19 | 000,002,699 | ---- | C] () -- C:\Windows\System32\KBDO.INI
[2012.05.02 12:09:19 | 000,002,236 | ---- | C] () -- C:\Windows\System32\KBDQ.INI
[2012.05.02 12:09:19 | 000,001,885 | ---- | C] () -- C:\Windows\System32\KBDP.INI
[2012.05.02 12:09:19 | 000,001,857 | ---- | C] () -- C:\Windows\System32\KBDUU.INI
[2012.05.02 12:09:19 | 000,001,835 | ---- | C] () -- C:\Windows\System32\KBDA.INI
[2012.05.02 12:09:19 | 000,001,834 | ---- | C] () -- C:\Windows\System32\KBDU.INI
[2012.05.02 12:09:19 | 000,001,819 | ---- | C] () -- C:\Windows\System32\KBDN.INI
[2012.05.02 12:09:19 | 000,001,699 | ---- | C] () -- C:\Windows\System32\KBDT.INI
[2012.05.02 12:09:19 | 000,001,697 | ---- | C] () -- C:\Windows\System32\KBDV.INI
[2012.05.02 12:09:19 | 000,001,522 | ---- | C] () -- C:\Windows\System32\KBDS.INI
[2012.05.02 12:09:19 | 000,001,476 | ---- | C] () -- C:\Windows\System32\KBDF.INI
[2012.05.02 12:09:18 | 000,002,741 | ---- | C] () -- C:\Windows\System32\KBDD.INI
[2012.05.02 12:09:18 | 000,002,699 | ---- | C] () -- C:\Windows\System32\KBDC.INI
[2012.05.02 12:09:18 | 000,002,606 | ---- | C] () -- C:\Windows\System32\KBDB.INI
[2012.05.02 12:09:18 | 000,001,956 | ---- | C] () -- C:\Windows\System32\KBDE.INI
[2012.05.02 12:09:18 | 000,001,835 | ---- | C] () -- C:\Windows\System32\KBDG.INI
[2012.02.28 14:54:34 | 000,200,468 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2011.11.27 15:27:56 | 000,000,839 | ---- | C] () -- C:\Users\***\.recently-used.xbel
[2011.07.17 18:05:04 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.07.15 08:38:09 | 000,022,723 | ---- | C] () -- C:\Windows\System32\SSGR3l3.dll
[2011.07.02 01:53:55 | 000,008,192 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.06.26 09:34:31 | 000,000,600 | ---- | C] () -- C:\Users\***\AppData\Local\PUTTY.RND
[2011.06.26 07:38:07 | 000,000,600 | ---- | C] () -- C:\Users\***\AppData\Roaming\winscp.rnd
[2011.06.25 01:23:52 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.06.07 10:45:11 | 000,001,024 | ---- | C] () -- C:\Windows\System32\clauth2.dll
[2011.06.07 10:45:11 | 000,001,024 | ---- | C] () -- C:\Windows\System32\clauth1.dll
[2011.06.07 10:45:11 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ssprs.dll
[2011.06.07 10:45:11 | 000,000,000 | ---- | C] () -- C:\Windows\System32\serauth2.dll
[2011.06.07 10:45:11 | 000,000,000 | ---- | C] () -- C:\Windows\System32\serauth1.dll
[2011.06.07 10:45:11 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nsprs.dll
[2011.03.14 09:37:35 | 000,001,520 | ---- | C] () -- C:\Windows\System32\MagicKBD.INI
[2011.03.14 09:36:15 | 000,004,300 | ---- | C] () -- C:\Windows\System32\MEMIO.SYS
[2011.03.11 03:46:04 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2011.03.11 03:46:04 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2011.02.24 19:27:30 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.02.05 23:02:38 | 000,007,605 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2011.01.17 08:54:14 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2010.12.29 09:57:54 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2010.12.20 07:46:48 | 000,043,653 | ---- | C] () -- C:\Users\***\AppData\Roaming\nvModes.001
[2010.12.20 07:46:30 | 000,043,653 | ---- | C] () -- C:\Users\***\AppData\Roaming\nvModes.dat
[2010.12.03 06:45:07 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll
[2010.11.29 22:59:23 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.11.12 05:19:24 | 000,021,080 | ---- | C] () -- C:\Windows\System32\drivers\ntiopnp.sys
[2010.11.06 09:45:54 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== LOP Check ==========
 
[2011.06.28 08:16:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Azureus
[2011.03.18 19:42:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BOM
[2011.02.24 08:21:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe Limited
[2011.11.24 16:46:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon
[2012.04.13 10:53:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.unitedinternet.ums.sms-mms-manager
[2012.08.16 02:51:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\e-academy Inc
[2011.10.09 21:38:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\elsterformular
[2011.02.06 09:38:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2010.12.07 23:38:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GMX
[2011.11.27 15:27:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2011.07.11 08:02:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2010.11.06 10:04:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2012.04.22 18:33:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\JonDo
[2011.09.19 17:58:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Juniper Networks
[2011.10.19 18:07:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\lingenio
[2010.12.29 09:59:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX
[2011.09.25 16:55:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia
[2011.09.25 16:55:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia Ovi Suite
[2012.08.30 19:06:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia Suite
[2011.09.25 16:55:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite
[2011.10.27 20:06:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Publish Providers
[2012.04.27 22:02:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ShellfireVPN
[2011.09.28 14:10:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Simfy
[2011.10.27 22:50:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sony
[2012.08.24 08:48:04 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.09.28 14:10:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe
[2011.12.25 13:05:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Apple Computer
[2011.06.28 08:16:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Azureus
[2011.03.18 19:42:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BOM
[2011.02.24 08:21:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe Limited
[2011.11.24 16:46:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon
[2012.04.13 10:53:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.unitedinternet.ums.sms-mms-manager
[2012.08.16 02:51:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\e-academy Inc
[2011.10.09 21:38:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\elsterformular
[2011.02.06 09:38:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2010.12.07 23:38:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GMX
[2011.11.27 15:27:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2011.02.14 08:33:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Help
[2011.07.11 08:02:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2010.11.05 09:57:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities
[2010.11.07 04:01:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InstallShield
[2010.11.07 04:41:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Intel
[2010.11.06 10:04:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2012.04.22 18:33:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\JonDo
[2011.09.19 17:58:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Juniper Networks
[2011.10.19 18:07:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\lingenio
[2010.11.05 11:15:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia
[2010.12.29 09:59:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX
[2011.10.01 13:51:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2009.07.14 18:56:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Center Programs
[2012.08.24 11:20:54 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft
[2011.07.17 18:02:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla
[2011.09.25 16:55:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia
[2011.09.25 16:55:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia Ovi Suite
[2012.08.30 19:06:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia Suite
[2011.10.27 23:02:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NVIDIA
[2011.09.25 16:55:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite
[2011.10.27 20:06:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Publish Providers
[2012.04.27 22:02:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ShellfireVPN
[2011.09.28 14:10:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Simfy
[2012.08.26 20:56:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Skype
[2011.07.03 09:32:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\skypePM
[2011.10.27 22:50:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sony
[2012.08.04 04:10:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\vlc
[2011.02.24 20:55:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2011.06.27 15:13:22 | 000,310,208 | ---- | M] (Georgia Institute of Technology) -- C:\Users\***\AppData\Roaming\Azureus\plugins\mlab\ShaperProbeC.exe
[2012.05.25 16:28:02 | 008,535,664 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\***\AppData\Roaming\elsterformular\pluginmanager\tmp\update_est_09_7094_8623.exe
[2012.05.25 16:30:02 | 007,482,584 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\***\AppData\Roaming\elsterformular\pluginmanager\tmp\update_est_10_7094_8623.exe
[2012.05.25 16:25:41 | 012,522,584 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\***\AppData\Roaming\elsterformular\pluginmanager\tmp\update_pica_0_7094_8623.exe
[2011.06.04 03:32:28 | 000,149,368 | ---- | M] () -- C:\Users\***\AppData\Roaming\Juniper Networks\Setup Client\dsmmf.exe
[2011.06.04 03:32:42 | 000,265,384 | ---- | M] (Juniper Networks) -- C:\Users\***\AppData\Roaming\Juniper Networks\Setup Client\JuniperCompMgrInstaller.exe
[2011.06.04 03:32:24 | 000,530,296 | ---- | M] (Juniper Networks) -- C:\Users\***\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupClient.exe
[2011.06.04 03:31:08 | 000,335,496 | ---- | M] () -- C:\Users\***\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupClientOCX.exe
[2011.06.04 03:18:12 | 000,225,816 | ---- | M] () -- C:\Users\***\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupXP.exe
[2011.06.04 03:32:46 | 000,051,360 | ---- | M] (Juniper Networks) -- C:\Users\***\AppData\Roaming\Juniper Networks\Setup Client\uninstall.exe
[2012.04.15 22:06:05 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\***\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2012.08.16 02:51:56 | 000,009,662 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{9268B41D-6045-4F5F-A14E-3F8E51CD2666}\_112D608FD02CD87FDC7735.exe
[2012.08.16 02:51:56 | 000,009,662 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{9268B41D-6045-4F5F-A14E-3F8E51CD2666}\_30C8F0A9D59F1A9A11FFC4.exe
[2012.08.16 02:51:56 | 000,009,662 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{9268B41D-6045-4F5F-A14E-3F8E51CD2666}\_853F67D554F05449430E7E.exe
[2011.04.15 18:55:01 | 000,045,126 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{A12EA295-32EA-42BB-8442-2C2BE852D4AA}\_00A2B159EC25728DD0F170.exe
[2011.04.15 18:55:01 | 000,045,126 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{A12EA295-32EA-42BB-8442-2C2BE852D4AA}\_0F16B68AE7780754B68FFC.exe
[2011.04.15 18:55:01 | 000,045,126 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{A12EA295-32EA-42BB-8442-2C2BE852D4AA}\_6FEFF9B68218417F98F549.exe
 
< %SYSTEMDRIVE%\*.exe >
[2007.11.07 16:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
 
< MD5 for: AGP440.SYS  >
[2009.07.14 11:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 11:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 11:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 11:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 11:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 11:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 11:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 11:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 11:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 11:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 15:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 15:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 15:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 15:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 15:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 11:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 22:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 22:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 15:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 22:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 22:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 11:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 15:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 15:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 15:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 15:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 15:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 15:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 22:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 22:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 11:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 11:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 22:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 22:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 11:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 22:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 22:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 22:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 22:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 11:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 11:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 11:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 16:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 15:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 22:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 22:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.07.14 11:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 09:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 09:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< End of report >

cosinus 02.09.2012 20:49
Zitat:
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.133.98.98 213.133.100.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{09C68E53-34CD-4CC3-B251-22352C5969F1}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3865F505-6934-4437-ADDE-F80EE878262E}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{444AB6EB-4802-4F64-9945-107C1C941A0C}: DhcpNameServer = 139.7.30.125 139.7.30.126
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E8AC0218-C72D-4B60-9739-E8B6258

Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Sagmal, ist das ein Büro-PC?

puntaara 03.09.2012 04:38
Nein, das ist nur mein (ausschließlich privat genutzter) Laptop.

Bei den Einträgen verstehe ich leider nur Bahnhof - was besagen die denn?

Was mir davon bekannt vorkommt ist die IP "10.0.0.138". Damit kommt man auf die Konfigurationsseite von unserem WLAN-Router.

Nach den anderen IPs hab ich mal gegoogelt. Die "139.7.30.125" ist wohl der Einwahlpunkt von einem Vodafone UMTS-Mobilstick, den ich mal benutzt habe.

Die anderen beiden, die mit 213. anfangen könnten Einwahlserver von einem VPN-Service sein, bin mir da aber nicht ganz sicher. Da ich gerade im Ausland bin, nutze ich ab und an "Shellfire-VPN", um auf deutsche Webseiten (z.B. Fernsehen) zugreifen zu können.

cosinus 03.09.2012 19:58
Zitat:
Was mir davon bekannt vorkommt ist die IP "10.0.0.138". Damit kommt man auf die Konfigurationsseite von unserem WLAN-Router.
Solche 10er Netze sind auch rein privat aber für Heimrouter ungewöhnlich, da verwendet man eher sowas wie 192.168.x.y
10er Netze findet man wahrscheinlich eher in Unternehmensnetzwerken und da du eine Pro Edition von Windows hast hat sich der Verdaht auf Büro-PC nunmal erhärtet

puntaara 04.09.2012 02:49
Achso, wieder was gelernt :)
Bin gerade zu Besuch in Australien und ohne Einfluss auf das WLAN-Setup. Vielleicht machen die das hier so? Hier läuft so einiges anders (z.B. teilweise Internetbanking ohne TANs oder andere Absicherungen :eek:) - aber das ist ein anderes Thema...

Beim Internetexplorer (den ich nur selten nutze) ist mir aufgefallen, dass man bei einer Suchanfrage in der Adressleiste immer noch zu startsear.ch bzw. startpins umgeleitet wird.

cosinus 04.09.2012 14:52
Warum hast du denn jetzt ne Pro Edition von Windows? :confused:
Die benötigt man im Heimbereich eigentlich garnicht, das ist fast raus
geschmissenes Geld

Mach bitte einen neuen Suchlauf mit adwCleaner
Wenn der nichts mehr findet müssen wir manuell ran um startsearch und anderen Müll zu kicken

puntaara 05.09.2012 10:05
Meine Uni in Deutschland ist in dieser Microsoft Academic Alliance (MSDNAA). Weil ich von Vista weg wollte, habe ich mir Windows 7 darüber besorgt und wenn ich mich richtig erinnern kann, hatte ich sogar nur die Professional-Version zur Auswahl.

Habe den AdWCleaner nochmal laufen lassen:

Code:
# AdwCleaner v2.000 - Datei am 09/05/2012 um 18:58:47 erstellt
# Aktualisiert am 30/08/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : *** - ***-PC
# Normaler Modus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v15.0 (de)

Profilname : default [Profil par défaut]
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\17f4qzsw.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [3396 octets] - [01/09/2012 20:19:43]
AdwCleaner[S1].txt - [3715 octets] - [01/09/2012 21:41:31]
AdwCleaner[R2].txt - [900 octets] - [05/09/2012 18:58:47]

########## EOF - C:\AdwCleaner[R2].txt - [959 octets] ##########

cosinus 05.09.2012 14:32
Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

puntaara 06.09.2012 10:00
Windows läuft normal, auch das Startmenü scheint soweit in Ordnung zu sein.

cosinus 06.09.2012 15:04
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

puntaara 07.09.2012 01:23
OTL Logfile:
Code:
OTL logfile created on: 07.09.2012 08:54:06 - Run 3
OTL by OldTimer - Version 3.2.61.0    Folder = C:\Users\***\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,15 Gb Available Physical Memory | 57,40% Memory free
4,00 Gb Paging File | 2,89 Gb Available in Paging File | 72,24% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 88,31 Gb Total Space | 10,29 Gb Free Space | 11,65% Space Free | Partition Type: NTFS
Drive D: | 88,00 Gb Total Space | 1,12 Gb Free Space | 1,28% Space Free | Partition Type: NTFS
Drive E: | 7,71 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: ******-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.07 08:37:23 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\otl.exe
PRC - [2012.08.13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.08.03 16:06:06 | 001,086,376 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
PRC - [2012.08.01 16:07:16 | 000,724,888 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2012.08.01 16:07:06 | 000,174,488 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2012.08.01 16:06:58 | 000,148,888 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
PRC - [2012.07.28 06:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.06.16 12:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ccsvchst.exe
PRC - [2012.05.15 19:27:34 | 000,857,920 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011.12.02 02:11:48 | 000,743,936 | ---- | M] () -- C:\Program Files\CPUCooL\CooLSRV.exe
PRC - [2011.07.09 06:32:14 | 000,666,696 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2011.07.01 19:46:40 | 000,458,752 | ---- | M] () -- C:\Program Files\ShellfireVPN\openvpn\openvpn.exe
PRC - [2011.06.24 14:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.05.04 12:52:32 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\ShellfireVPN\jre6\bin\java.exe
PRC - [2011.02.25 15:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 22:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.07 04:34:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2009.01.27 00:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.01.03 14:33:50 | 000,372,736 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Program Files\SamSung\MagicKBD\MagicKBD.exe
PRC - [2008.01.03 02:40:14 | 000,348,160 | ---- | M] (SAMSUNG Electronics co., LTD.) -- C:\Program Files\SamSung\EBM\EasyBatteryMgr3.exe
PRC - [2007.12.28 19:44:10 | 000,565,248 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\SamSung\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2007.10.17 16:28:08 | 000,692,224 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\SamSung\Easy Display Manager\dmhkcore.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.08.03 16:07:06 | 000,276,392 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\phonon4.dll
MOD - [2012.08.03 16:06:50 | 002,652,584 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtXmlPatterns4.dll
MOD - [2012.08.03 16:06:50 | 000,363,944 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtXml4.dll
MOD - [2012.08.03 16:06:48 | 011,166,120 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtWebKit4.dll
MOD - [2012.08.03 16:06:46 | 000,205,736 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtSql4.dll
MOD - [2012.08.03 16:06:44 | 001,346,472 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtScript4.dll
MOD - [2012.08.03 16:06:44 | 000,720,296 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtOpenGL4.dll
MOD - [2012.08.03 16:06:42 | 008,506,792 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtGui4.dll
MOD - [2012.08.03 16:06:42 | 001,013,672 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtNetwork4.dll
MOD - [2012.08.03 16:06:42 | 000,520,104 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtMultimediaKit1.dll
MOD - [2012.08.03 16:06:40 | 002,480,552 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtDeclarative4.dll
MOD - [2012.08.03 16:06:40 | 002,353,576 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtCore4.dll
MOD - [2012.08.03 16:06:36 | 000,445,864 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll
MOD - [2012.08.03 16:06:32 | 000,206,760 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\Imageformats\qjpeg4.dll
MOD - [2012.08.03 16:06:32 | 000,035,240 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\Imageformats\qico4.dll
MOD - [2012.08.03 16:06:30 | 000,032,680 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\Imageformats\qgif4.dll
MOD - [2012.08.03 16:06:02 | 000,437,672 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\NService.dll
MOD - [2012.08.03 16:05:24 | 000,604,072 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\CommonUpdateChecker.dll
MOD - [2012.07.02 11:29:08 | 000,391,600 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\ssoengine.dll
MOD - [2012.07.02 11:29:08 | 000,059,280 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\securestorage.dll
MOD - [2012.07.02 11:28:20 | 000,110,080 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\mediaservice\dsengine.dll
MOD - [2006.09.19 09:52:46 | 000,028,672 | ---- | M] () -- C:\Program Files\SamSung\Easy Display Manager\WinMove.dll
MOD - [2006.08.12 21:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\SamSung\EasySpeedUpManager\HookDllPS2.dll
MOD - [2006.08.12 12:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\SamSung\Easy Display Manager\HookDllPS2.dll
MOD - [2005.07.12 16:34:22 | 000,045,056 | ---- | M] () -- C:\Program Files\SamSung\MagicKBD\EasyBoxDll.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2012.08.31 09:08:33 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.08.13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.08.01 16:07:16 | 000,724,888 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012.07.28 06:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.07.03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.06.16 12:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe -- (NIS)
SRV - [2011.12.02 02:11:48 | 000,743,936 | ---- | M] () [Auto | Running] -- C:\Program Files\CPUCooL\CooLSRV.exe -- (CPUCooLServer)
SRV - [2011.09.01 11:13:02 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011.07.09 06:32:14 | 000,666,696 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2011.07.05 10:25:08 | 002,428,968 | ---- | M] (mobile concepts GmbH) [On_Demand | Stopped] -- C:\Program Files\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc)
SRV - [2011.05.04 12:52:32 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\ShellfireVPN\jre6\bin\java.exe -- (ShellfireVPN2Service)
SRV - [2010.11.07 04:34:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2009.07.14 11:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 11:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 11:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 11:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.06.29 03:54:42 | 000,073,728 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\SamSung\Samsung Update Plus\SLUBackgroundService.exe -- (Samsung Update Plus)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\***\AppData\Local\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\***\AppData\Local\Temp\__Samsung_Update\ADDMEM.SYS -- (ADDMEM)
DRV - [2012.09.06 04:54:30 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120906.002\IDSvix86.sys -- (IDSVix86)
DRV - [2012.09.01 08:09:14 | 000,995,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120905.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012.08.21 11:39:34 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120906.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2012.08.21 11:39:34 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120906.002\NAVENG.SYS -- (NAVENG)
DRV - [2012.08.09 15:54:24 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012.08.09 15:54:23 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012.07.06 12:17:57 | 000,574,112 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\NIS\1308000.00E\srtsp.sys -- (SRTSP)
DRV - [2012.07.06 12:17:57 | 000,032,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1308000.00E\srtspx.sys -- (SRTSPX)
DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.06.27 15:18:52 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2012.06.07 14:43:43 | 000,132,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1308000.00E\ccsetx86.sys -- (ccSet_NIS)
DRV - [2012.05.22 11:37:12 | 000,924,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1308000.00E\symefa.sys -- (SymEFA)
DRV - [2012.05.15 20:26:00 | 011,354,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012.04.18 12:13:32 | 000,318,584 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1308000.00E\symnets.sys -- (SymNetS)
DRV - [2012.04.18 11:42:14 | 000,149,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1308000.00E\ironx86.sys -- (SymIRON)
DRV - [2012.03.27 10:32:31 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012.01.09 17:28:20 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2012.01.09 17:28:20 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2012.01.09 17:28:20 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2012.01.09 17:28:20 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2012.01.09 17:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2012.01.09 17:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011.08.19 00:46:06 | 000,026,112 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tapoas.sys -- (tapoas)
DRV - [2011.07.26 04:18:36 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NIS\1308000.00E\symds.sys -- (SymDS)
DRV - [2011.07.01 19:46:40 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2010.11.20 22:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 22:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 22:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 20:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 19:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 19:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 19:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.11.12 05:19:24 | 000,021,080 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\ntiopnp.sys -- (ntiopnp)
DRV - [2010.11.07 04:36:22 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2010.11.07 04:36:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2010.11.07 04:36:22 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2010.11.07 04:34:12 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2010.11.07 04:01:27 | 000,243,840 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmc302.sys -- (VMC302)
DRV - [2009.12.09 23:10:40 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2009.09.28 18:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009.07.14 10:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009.07.14 10:14:49 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2009.07.14 08:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009.06.23 05:01:02 | 000,112,128 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009.06.23 04:38:24 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.06.23 04:26:06 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009.03.02 22:12:10 | 000,038,400 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2009.03.02 22:12:10 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2008.04.05 03:34:26 | 000,014,208 | ---- | M] (MAGIX) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\disksec.sys -- (DiskSec)
DRV - [2007.09.26 22:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2006.11.14 18:11:54 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO)
DRV - [2000.08.24 10:19:38 | 000,004,300 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\MEMIO.SYS -- (DOSMEMIO)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{12458CC8-5583-49A9-8F64-0951EB59D6C9}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-21-2791256138-4108016520-4061832491-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.spiegel.de/
IE - HKU\S-1-5-21-2791256138-4108016520-4061832491-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2791256138-4108016520-4061832491-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2791256138-4108016520-4061832491-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DF CA C6 BA 62 DC CB 01  [binary data]
IE - HKU\S-1-5-21-2791256138-4108016520-4061832491-1001\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKU\S-1-5-21-2791256138-4108016520-4061832491-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2791256138-4108016520-4061832491-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://startsear.ch/?aff=1&q={searchTerms}
IE - HKU\S-1-5-21-2791256138-4108016520-4061832491-1001\..\SearchScopes\{12458CC8-5583-49A9-8F64-0951EB59D6C9}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2791256138-4108016520-4061832491-1001\..\SearchScopes\{822D8992-2E48-49BA-B3E2-E2946D8B5C98}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}
IE - HKU\S-1-5-21-2791256138-4108016520-4061832491-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2791256138-4108016520-4061832491-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.spiegel.de/"
FF - prefs.js..extensions.enabledAddons: foxyproxy@eric.h.jung:3.6.2
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.9
FF - prefs.js..extensions.enabledAddons: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:11.1.1.5 - 1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012.02.01 08:43:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2012.09.07 08:13:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.31 09:08:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.01 21:41:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.31 09:08:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.01 21:41:33 | 000,000,000 | ---D | M]
 
[2011.07.17 18:02:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.08.10 23:33:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\17f4qzsw.default\extensions
[2012.04.01 07:41:13 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\17f4qzsw.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.05.23 14:47:26 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\17f4qzsw.default\extensions\foxyproxy@eric.h.jung
[2012.08.10 23:33:42 | 000,526,409 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\17f4qzsw.default\extensions\toolbar@web.de.xpi
[2012.04.25 00:36:07 | 000,061,705 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\17f4qzsw.default\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi
[2012.07.25 23:27:44 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\17f4qzsw.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.07.10 10:48:26 | 000,000,853 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\17f4qzsw.default\searchplugins\11-suche.xml
[2012.07.10 10:48:26 | 000,002,209 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\17f4qzsw.default\searchplugins\englische-ergebnisse.xml
[2012.07.10 10:48:26 | 000,010,506 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\17f4qzsw.default\searchplugins\gmx-suche.xml
[2012.07.10 10:48:26 | 000,002,368 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\17f4qzsw.default\searchplugins\lastminute.xml
[2012.07.10 10:48:26 | 000,005,489 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\17f4qzsw.default\searchplugins\webde-suche.xml
[2012.06.11 20:17:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.08.24 20:49:10 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.02.01 08:43:34 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPLGN
[2012.08.31 09:08:33 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.25 13:24:55 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.31 09:08:32 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.25 13:24:55 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.25 13:24:55 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.25 13:24:55 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.25 13:24:55 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.08.25 16:25:26 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.8.0.14\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.8.0.14\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-2791256138-4108016520-4061832491-1001\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.8.0.14\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [MagicKeyboard] C:\Program Files\SamSung\MagicKBD\PreMKbd.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-2791256138-4108016520-4061832491-1001..\Run: []  File not found
O4 - HKU\S-1-5-21-2791256138-4108016520-4061832491-1001..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-2791256138-4108016520-4061832491-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.133.98.98 213.133.100.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{09C68E53-34CD-4CC3-B251-22352C5969F1}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3865F505-6934-4437-ADDE-F80EE878262E}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{444AB6EB-4802-4F64-9945-107C1C941A0C}: DhcpNameServer = 139.7.30.125 139.7.30.126
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E8AC0218-C72D-4B60-9739-E8B62587AD30}: DhcpNameServer = 213.133.98.98 213.133.100.100
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.11 07:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{53d02919-c40c-11e1-b90e-0002787565a0}\Shell - "" = AutoRun
O33 - MountPoints2\{53d02919-c40c-11e1-b90e-0002787565a0}\Shell\AutoRun\command - "" = F:\iStudio.exe
O33 - MountPoints2\{6c24c42d-ea56-11df-aaa6-0002787565a0}\Shell - "" = AutoRun
O33 - MountPoints2\{6c24c42d-ea56-11df-aaa6-0002787565a0}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{fe502f8a-e8d2-11df-af29-0002787565a0}\Shell - "" = AutoRun
O33 - MountPoints2\{fe502f8a-e8d2-11df-af29-0002787565a0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe - (Broadcom Corporation.)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: CanonMyPrinter - hkey= - key= - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
MsConfig - StartUpReg: GMX SMS-Manager - hkey= - key= -  File not found
MsConfig - StartUpReg: IJNetworkScanUtility - hkey= - key= - C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
MsConfig - StartUpReg: Malwarebytes' Anti-Malware - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
MsConfig - StartUpReg: Malwarebytes' Anti-Malware (reboot) - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: NokiaMServer - hkey= - key= -  File not found
MsConfig - StartUpReg: NokiaOviSuite2 - hkey= - key= -  File not found
MsConfig - StartUpReg: PC Suite Tray - hkey= - key= -  File not found
MsConfig - StartUpReg: PDFPrint - hkey= - key= - C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH)
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 2
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.01 22:55:23 | 000,599,040 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\otl.exe
[2012.08.31 20:40:28 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.08.31 20:40:14 | 002,322,184 | ---- | C] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe
[2012.08.30 19:06:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Nokia Suite
[2012.08.30 18:41:24 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Nokia Suite
[2012.08.30 18:27:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia
[2012.08.30 18:22:33 | 000,019,072 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys
[2012.08.30 18:22:24 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2012.08.28 11:04:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.28 11:04:02 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.08.28 11:04:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.08.26 11:11:17 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\fotos marlies
[2012.08.25 16:29:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShellfireVPN
[2012.08.24 10:48:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012.08.24 10:47:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2012.08.23 10:18:38 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2012.08.23 10:18:27 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012.08.22 19:40:51 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\eeepc
[2012.08.22 16:21:57 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\fotos heiner
[2012.08.16 02:51:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\e-academy Inc
[2012.08.16 02:51:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\e-academy Inc
[2012.08.13 01:41:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.08.13 01:39:10 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012.08.12 19:56:41 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Software EEE PC
[2012.08.12 18:29:33 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\2012_08_12 Auslagerung USB-Stick
[2012.08.09 22:02:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2012.08.09 22:02:53 | 000,081,920 | ---- | C] (pdfforge GbR) -- C:\Windows\System32\pdfcmon.dll
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.07 08:37:23 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\otl.exe
[2012.09.07 08:19:56 | 000,014,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.07 08:19:56 | 000,014,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.07 08:12:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.07 08:11:52 | 1609,375,744 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.05 23:07:54 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.05 23:07:54 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.05 23:07:54 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.09.05 23:07:54 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.05 18:57:54 | 000,511,265 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner.exe
[2012.08.31 20:40:20 | 002,322,184 | ---- | M] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe
[2012.08.31 09:01:27 | 001,514,648 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1308000.00E\Cat.DB
[2012.08.30 18:27:00 | 000,002,007 | ---- | M] () -- C:\Users\Public\Desktop\Nokia Suite.lnk
[2012.08.28 16:08:56 | 000,302,592 | ---- | M] () -- C:\Users\***\Desktop\yzem5q48.exe
[2012.08.28 15:45:46 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.08.28 15:44:44 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2012.08.28 11:04:05 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.08.26 21:16:49 | 000,196,922 | ---- | M] () -- C:\Users\***\Desktop\Handyrechnung.pdf
[2012.08.25 16:29:02 | 000,000,982 | ---- | M] () -- C:\Users\Public\Desktop\ShellfireVPN.lnk
[2012.08.25 08:25:32 | 000,315,272 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.08.24 01:44:43 | 000,000,493 | ---- | M] () -- C:\Users\***\Desktop\Energieoptionen - Verknüpfung.lnk
[2012.08.18 20:58:16 | 000,074,325 | ---- | M] () -- C:\Users\***\Desktop\mhtml_{6BC759DB-AAAD-4564-9B77-71BD4CBBAEE8}mid___00000002_.pdf
[2012.08.17 17:41:46 | 000,103,635 | ---- | M] () -- C:\Users\***\Desktop\antrag_de_fz_pdf.pdf
[2012.08.17 17:40:16 | 000,103,635 | ---- | M] () -- C:\Users\***\Desktop\antrag_de_fz_ausgefuellt.pdf
[2012.08.16 05:06:51 | 000,008,942 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1308000.00E\VT20120731.038
[2012.08.16 02:51:56 | 000,003,153 | ---- | M] () -- C:\Users\***\Desktop\Secure Download Manager.lnk
[2012.08.15 23:55:59 | 000,002,383 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012.08.10 15:28:35 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1308000.00E\isolate.ini
[2012.08.09 22:02:58 | 000,001,122 | ---- | M] () -- C:\Users\Public\Desktop\PDFArchitect.lnk
[2012.08.09 22:02:58 | 000,000,953 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.09.01 20:10:02 | 000,511,265 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner.exe
[2012.08.30 18:26:58 | 000,002,007 | ---- | C] () -- C:\Users\Public\Desktop\Nokia Suite.lnk
[2012.08.28 16:08:55 | 000,302,592 | ---- | C] () -- C:\Users\***\Desktop\yzem5q48.exe
[2012.08.28 15:45:46 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.08.28 15:44:43 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2012.08.28 11:04:05 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.08.26 21:16:49 | 000,196,922 | ---- | C] () -- C:\Users\***\Desktop\Handyrechnung.pdf
[2012.08.24 01:44:43 | 000,000,493 | ---- | C] () -- C:\Users\***\Desktop\Energieoptionen - Verknüpfung.lnk
[2012.08.23 09:39:00 | 000,011,190 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2012.08.18 20:58:12 | 000,074,325 | ---- | C] () -- C:\Users\***\Desktop\mhtml_{6BC759DB-AAAD-4564-9B77-71BD4CBBAEE8}mid___00000002_.pdf
[2012.08.17 17:41:44 | 000,103,635 | ---- | C] () -- C:\Users\***\Desktop\antrag_de_fz_pdf.pdf
[2012.08.17 17:40:12 | 000,103,635 | ---- | C] () -- C:\Users\***\Desktop\antrag_de_fz_ausgefuellt.pdf
[2012.08.16 02:51:56 | 000,003,153 | ---- | C] () -- C:\Users\***\Desktop\Secure Download Manager.lnk
[2012.08.09 22:02:58 | 000,001,122 | ---- | C] () -- C:\Users\Public\Desktop\PDFArchitect.lnk
[2012.08.09 22:02:58 | 000,000,953 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2012.05.23 17:01:03 | 813,785,088 | ---- | C] () -- C:\Users\***\Polizeiruf_110-Bullenklatschen-format282349.f4v.flv
[2012.05.02 12:15:05 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini
[2012.05.02 12:15:05 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini
[2012.05.02 12:09:19 | 000,003,425 | ---- | C] () -- C:\Windows\System32\KBDR.INI
[2012.05.02 12:09:19 | 000,002,699 | ---- | C] () -- C:\Windows\System32\KBDO.INI
[2012.05.02 12:09:19 | 000,002,236 | ---- | C] () -- C:\Windows\System32\KBDQ.INI
[2012.05.02 12:09:19 | 000,001,885 | ---- | C] () -- C:\Windows\System32\KBDP.INI
[2012.05.02 12:09:19 | 000,001,857 | ---- | C] () -- C:\Windows\System32\KBDUU.INI
[2012.05.02 12:09:19 | 000,001,835 | ---- | C] () -- C:\Windows\System32\KBDA.INI
[2012.05.02 12:09:19 | 000,001,834 | ---- | C] () -- C:\Windows\System32\KBDU.INI
[2012.05.02 12:09:19 | 000,001,819 | ---- | C] () -- C:\Windows\System32\KBDN.INI
[2012.05.02 12:09:19 | 000,001,699 | ---- | C] () -- C:\Windows\System32\KBDT.INI
[2012.05.02 12:09:19 | 000,001,697 | ---- | C] () -- C:\Windows\System32\KBDV.INI
[2012.05.02 12:09:19 | 000,001,522 | ---- | C] () -- C:\Windows\System32\KBDS.INI
[2012.05.02 12:09:19 | 000,001,476 | ---- | C] () -- C:\Windows\System32\KBDF.INI
[2012.05.02 12:09:18 | 000,002,741 | ---- | C] () -- C:\Windows\System32\KBDD.INI
[2012.05.02 12:09:18 | 000,002,699 | ---- | C] () -- C:\Windows\System32\KBDC.INI
[2012.05.02 12:09:18 | 000,002,606 | ---- | C] () -- C:\Windows\System32\KBDB.INI
[2012.05.02 12:09:18 | 000,001,956 | ---- | C] () -- C:\Windows\System32\KBDE.INI
[2012.05.02 12:09:18 | 000,001,835 | ---- | C] () -- C:\Windows\System32\KBDG.INI
[2012.02.28 14:54:34 | 000,200,468 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2011.11.27 15:27:56 | 000,000,839 | ---- | C] () -- C:\Users\***\.recently-used.xbel
[2011.07.17 18:05:04 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.07.15 08:38:09 | 000,022,723 | ---- | C] () -- C:\Windows\System32\SSGR3l3.dll
[2011.07.02 01:53:55 | 000,008,192 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.06.26 09:34:31 | 000,000,600 | ---- | C] () -- C:\Users\***\AppData\Local\PUTTY.RND
[2011.06.26 07:38:07 | 000,000,600 | ---- | C] () -- C:\Users\***\AppData\Roaming\winscp.rnd
[2011.06.25 01:23:52 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.06.07 10:45:11 | 000,001,024 | ---- | C] () -- C:\Windows\System32\clauth2.dll
[2011.06.07 10:45:11 | 000,001,024 | ---- | C] () -- C:\Windows\System32\clauth1.dll
[2011.06.07 10:45:11 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ssprs.dll
[2011.06.07 10:45:11 | 000,000,000 | ---- | C] () -- C:\Windows\System32\serauth2.dll
[2011.06.07 10:45:11 | 000,000,000 | ---- | C] () -- C:\Windows\System32\serauth1.dll
[2011.06.07 10:45:11 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nsprs.dll
[2011.03.14 09:37:35 | 000,001,520 | ---- | C] () -- C:\Windows\System32\MagicKBD.INI
[2011.03.14 09:36:15 | 000,004,300 | ---- | C] () -- C:\Windows\System32\MEMIO.SYS
[2011.03.11 03:46:04 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2011.03.11 03:46:04 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2011.02.24 19:27:30 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.02.05 23:02:38 | 000,007,605 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2011.01.17 08:54:14 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2010.12.29 09:57:54 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2010.12.20 07:46:48 | 000,043,653 | ---- | C] () -- C:\Users\***\AppData\Roaming\nvModes.001
[2010.12.20 07:46:30 | 000,043,653 | ---- | C] () -- C:\Users\***\AppData\Roaming\nvModes.dat
[2010.12.03 06:45:07 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll
[2010.11.29 22:59:23 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.11.12 05:19:24 | 000,021,080 | ---- | C] () -- C:\Windows\System32\drivers\ntiopnp.sys
[2010.11.06 09:45:54 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== LOP Check ==========
 
[2011.06.28 08:16:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Azureus
[2011.03.18 19:42:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BOM
[2011.02.24 08:21:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe Limited
[2011.11.24 16:46:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon
[2012.04.13 10:53:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.unitedinternet.ums.sms-mms-manager
[2012.08.16 02:51:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\e-academy Inc
[2011.10.09 21:38:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\elsterformular
[2011.02.06 09:38:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2010.12.07 23:38:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GMX
[2011.11.27 15:27:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2011.07.11 08:02:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2010.11.06 10:04:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2012.04.22 18:33:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\JonDo
[2011.09.19 17:58:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Juniper Networks
[2011.10.19 18:07:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\lingenio
[2010.12.29 09:59:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX
[2011.09.25 16:55:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia
[2011.09.25 16:55:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia Ovi Suite
[2012.08.30 19:06:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia Suite
[2011.09.25 16:55:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite
[2011.10.27 20:06:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Publish Providers
[2012.04.27 22:02:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ShellfireVPN
[2011.09.28 14:10:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Simfy
[2011.10.27 22:50:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sony
[2012.08.24 08:48:04 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.09.28 14:10:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe
[2011.12.25 13:05:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Apple Computer
[2011.06.28 08:16:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Azureus
[2011.03.18 19:42:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BOM
[2011.02.24 08:21:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe Limited
[2011.11.24 16:46:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon
[2012.04.13 10:53:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.unitedinternet.ums.sms-mms-manager
[2012.08.16 02:51:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\e-academy Inc
[2011.10.09 21:38:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\elsterformular
[2011.02.06 09:38:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2010.12.07 23:38:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GMX
[2011.11.27 15:27:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2011.02.14 08:33:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Help
[2011.07.11 08:02:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2010.11.05 09:57:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities
[2010.11.07 04:01:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InstallShield
[2010.11.07 04:41:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Intel
[2010.11.06 10:04:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2012.04.22 18:33:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\JonDo
[2011.09.19 17:58:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Juniper Networks
[2011.10.19 18:07:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\lingenio
[2010.11.05 11:15:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia
[2010.12.29 09:59:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX
[2011.10.01 13:51:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2009.07.14 18:56:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Center Programs
[2012.08.24 11:20:54 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft
[2011.07.17 18:02:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla
[2011.09.25 16:55:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia
[2011.09.25 16:55:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia Ovi Suite
[2012.08.30 19:06:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia Suite
[2011.10.27 23:02:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NVIDIA
[2011.09.25 16:55:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite
[2011.10.27 20:06:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Publish Providers
[2012.04.27 22:02:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ShellfireVPN
[2011.09.28 14:10:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Simfy
[2012.09.02 23:56:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Skype
[2011.07.03 09:32:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\skypePM
[2011.10.27 22:50:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sony
[2012.08.04 04:10:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\vlc
[2011.02.24 20:55:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2011.06.27 15:13:22 | 000,310,208 | ---- | M] (Georgia Institute of Technology) -- C:\Users\***\AppData\Roaming\Azureus\plugins\mlab\ShaperProbeC.exe
[2012.05.25 16:28:02 | 008,535,664 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\***\AppData\Roaming\elsterformular\pluginmanager\tmp\update_est_09_7094_8623.exe
[2012.05.25 16:30:02 | 007,482,584 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\***\AppData\Roaming\elsterformular\pluginmanager\tmp\update_est_10_7094_8623.exe
[2012.05.25 16:25:41 | 012,522,584 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\***\AppData\Roaming\elsterformular\pluginmanager\tmp\update_pica_0_7094_8623.exe
[2011.06.04 03:32:28 | 000,149,368 | ---- | M] () -- C:\Users\***\AppData\Roaming\Juniper Networks\Setup Client\dsmmf.exe
[2011.06.04 03:32:42 | 000,265,384 | ---- | M] (Juniper Networks) -- C:\Users\***\AppData\Roaming\Juniper Networks\Setup Client\JuniperCompMgrInstaller.exe
[2011.06.04 03:32:24 | 000,530,296 | ---- | M] (Juniper Networks) -- C:\Users\***\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupClient.exe
[2011.06.04 03:31:08 | 000,335,496 | ---- | M] () -- C:\Users\***\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupClientOCX.exe
[2011.06.04 03:18:12 | 000,225,816 | ---- | M] () -- C:\Users\***\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupXP.exe
[2011.06.04 03:32:46 | 000,051,360 | ---- | M] (Juniper Networks) -- C:\Users\***\AppData\Roaming\Juniper Networks\Setup Client\uninstall.exe
[2012.04.15 22:06:05 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\***\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2012.08.16 02:51:56 | 000,009,662 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{9268B41D-6045-4F5F-A14E-3F8E51CD2666}\_112D608FD02CD87FDC7735.exe
[2012.08.16 02:51:56 | 000,009,662 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{9268B41D-6045-4F5F-A14E-3F8E51CD2666}\_30C8F0A9D59F1A9A11FFC4.exe
[2012.08.16 02:51:56 | 000,009,662 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{9268B41D-6045-4F5F-A14E-3F8E51CD2666}\_853F67D554F05449430E7E.exe
[2011.04.15 18:55:01 | 000,045,126 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{A12EA295-32EA-42BB-8442-2C2BE852D4AA}\_00A2B159EC25728DD0F170.exe
[2011.04.15 18:55:01 | 000,045,126 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{A12EA295-32EA-42BB-8442-2C2BE852D4AA}\_0F16B68AE7780754B68FFC.exe
[2011.04.15 18:55:01 | 000,045,126 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{A12EA295-32EA-42BB-8442-2C2BE852D4AA}\_6FEFF9B68218417F98F549.exe
 
< %SYSTEMDRIVE%\*.exe >
[2007.11.07 16:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
 
< MD5 for: AGP440.SYS  >
[2009.07.14 11:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 11:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 11:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 11:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 11:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 11:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 11:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 11:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 11:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 11:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 15:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 15:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 15:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 15:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 15:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 11:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 22:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 22:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 15:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 22:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 22:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 11:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 15:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 15:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 15:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 15:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 15:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 15:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 22:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 22:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 11:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 11:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 22:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 22:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 11:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 22:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 22:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 22:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 22:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 11:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 11:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 11:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 16:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 15:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 22:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 22:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.07.14 11:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 09:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 09:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
<          >

< End of report >
--- --- ---

cosinus 07.09.2012 11:33
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
IE - HKU\S-1-5-21-2791256138-4108016520-4061832491-1001\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKU\S-1-5-21-2791256138-4108016520-4061832491-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2791256138-4108016520-4061832491-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://startsear.ch/?aff=1&q={searchTerms}
FF - user.js - File not found
O4 - HKU\S-1-5-21-2791256138-4108016520-4061832491-1001..\Run: []  File not found
O7 - HKU\S-1-5-21-2791256138-4108016520-4061832491-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.11 07:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{53d02919-c40c-11e1-b90e-0002787565a0}\Shell - "" = AutoRun
O33 - MountPoints2\{53d02919-c40c-11e1-b90e-0002787565a0}\Shell\AutoRun\command - "" = F:\iStudio.exe
O33 - MountPoints2\{6c24c42d-ea56-11df-aaa6-0002787565a0}\Shell - "" = AutoRun
O33 - MountPoints2\{6c24c42d-ea56-11df-aaa6-0002787565a0}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{fe502f8a-e8d2-11df-af29-0002787565a0}\Shell - "" = AutoRun
O33 - MountPoints2\{fe502f8a-e8d2-11df-af29-0002787565a0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

puntaara 09.09.2012 04:27
Code:
All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-2791256138-4108016520-4061832491-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
HKEY_USERS\S-1-5-21-2791256138-4108016520-4061832491-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2791256138-4108016520-4061832491-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry value HKEY_USERS\S-1-5-21-2791256138-4108016520-4061832491-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2791256138-4108016520-4061832491-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutorun deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{53d02919-c40c-11e1-b90e-0002787565a0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53d02919-c40c-11e1-b90e-0002787565a0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{53d02919-c40c-11e1-b90e-0002787565a0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53d02919-c40c-11e1-b90e-0002787565a0}\ not found.
File F:\iStudio.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6c24c42d-ea56-11df-aaa6-0002787565a0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6c24c42d-ea56-11df-aaa6-0002787565a0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6c24c42d-ea56-11df-aaa6-0002787565a0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6c24c42d-ea56-11df-aaa6-0002787565a0}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe502f8a-e8d2-11df-af29-0002787565a0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fe502f8a-e8d2-11df-af29-0002787565a0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe502f8a-e8d2-11df-af29-0002787565a0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fe502f8a-e8d2-11df-af29-0002787565a0}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File G:\AutoRun.exe not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\***\Desktop\cmd.bat deleted successfully.
C:\Users\***\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: ***
->Temp folder emptied: 129546129 bytes
->Temporary Internet Files folder emptied: 68782641 bytes
->Java cache emptied: 22718692 bytes
->FireFox cache emptied: 83375552 bytes
->Flash cache emptied: 57582 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 619520 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 74560923 bytes
RecycleBin emptied: 12151197 bytes
 
Total Files Cleaned = 374,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: ***
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.61.0 log created on 09092012_131736

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\hsperfdata_******-PC$\2260 not found!
File\Folder C:\Windows\temp\hsperfdata_******-PC$\460 not found!
C:\Windows\temp\err_-7256246394272389755$1347146923054 moved successfully.
C:\Windows\temp\in_-7256246394272389755$1347146923054 moved successfully.
C:\Windows\temp\jna1968276155001218267.dll moved successfully.
C:\Windows\temp\jna7511334370877363505.dll moved successfully.
C:\Windows\temp\out_-7256246394272389755$1347146923054 moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

cosinus 10.09.2012 15:45
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtg4nzy0ywy5/settings_2012-09-04.png

puntaara 11.09.2012 02:48
Hier das Ergebnis vom TDSS-Scan:

Code:
11:42:09.0235 2928  TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
11:42:10.0180 2928  ============================================================
11:42:10.0180 2928  Current date / time: 2012/09/11 11:42:10.0180
11:42:10.0181 2928  SystemInfo:
11:42:10.0181 2928 
11:42:10.0181 2928  OS Version: 6.1.7601 ServicePack: 1.0
11:42:10.0181 2928  Product type: Workstation
11:42:10.0181 2928  ComputerName: ******-PC
11:42:10.0181 2928  UserName: ***
11:42:10.0181 2928  Windows directory: C:\Windows
11:42:10.0182 2928  System windows directory: C:\Windows
11:42:10.0182 2928  Processor architecture: Intel x86
11:42:10.0182 2928  Number of processors: 2
11:42:10.0182 2928  Page size: 0x1000
11:42:10.0182 2928  Boot type: Normal boot
11:42:10.0182 2928  ============================================================
11:42:13.0161 2928  Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:42:13.0168 2928  ============================================================
11:42:13.0168 2928  \Device\Harddisk0\DR0:
11:42:13.0194 2928  MBR partitions:
11:42:13.0194 2928  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1400800, BlocksNum 0xB09E800
11:42:13.0194 2928  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC49F000, BlocksNum 0xAFFF800
11:42:13.0194 2928  ============================================================
11:42:13.0231 2928  C: <-> \Device\Harddisk0\DR0\Partition1
11:42:13.0282 2928  D: <-> \Device\Harddisk0\DR0\Partition2
11:42:13.0283 2928  ============================================================
11:42:13.0283 2928  Initialize success
11:42:13.0283 2928  ============================================================
11:42:32.0006 2776  ============================================================
11:42:32.0007 2776  Scan started
11:42:32.0007 2776  Mode: Manual; SigCheck; TDLFS;
11:42:32.0007 2776  ============================================================
11:42:34.0343 2776  ================ Scan system memory ========================
11:42:34.0343 2776  System memory - ok
11:42:34.0344 2776  ================ Scan services =============================
11:42:34.0722 2776  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
11:42:34.0900 2776  1394ohci - ok
11:42:34.0992 2776  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
11:42:35.0055 2776  ACPI - ok
11:42:35.0122 2776  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi        C:\Windows\system32\drivers\acpipmi.sys
11:42:35.0370 2776  AcpiPmi - ok
11:42:35.0729 2776  ADDMEM - ok
11:42:35.0912 2776  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
11:42:35.0946 2776  AdobeARMservice - ok
11:42:36.0070 2776  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx        C:\Windows\system32\DRIVERS\adp94xx.sys
11:42:36.0190 2776  adp94xx - ok
11:42:36.0226 2776  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci        C:\Windows\system32\DRIVERS\adpahci.sys
11:42:36.0315 2776  adpahci - ok
11:42:36.0397 2776  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320        C:\Windows\system32\DRIVERS\adpu320.sys
11:42:36.0490 2776  adpu320 - ok
11:42:36.0583 2776  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
11:42:36.0757 2776  AeLookupSvc - ok
11:42:36.0945 2776  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD            C:\Windows\system32\drivers\afd.sys
11:42:37.0081 2776  AFD - ok
11:42:37.0186 2776  [ 39E435C90C9C4F780FA0ED05CA3C3A1B ] AgereModemAudio C:\Windows\system32\agrsmsvc.exe
11:42:37.0286 2776  AgereModemAudio - ok
11:42:37.0469 2776  [ CE91B158FA490CF4C4D487A4130F4660 ] AgereSoftModem  C:\Windows\system32\DRIVERS\AGRSM.sys
11:42:37.0629 2776  AgereSoftModem - ok
11:42:37.0725 2776  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
11:42:37.0777 2776  agp440 - ok
11:42:37.0864 2776  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx        C:\Windows\system32\DRIVERS\djsvs.sys
11:42:37.0930 2776  aic78xx - ok
11:42:38.0068 2776  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG            C:\Windows\System32\alg.exe
11:42:38.0257 2776  ALG - ok
11:42:38.0320 2776  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
11:42:38.0380 2776  aliide - ok
11:42:38.0408 2776  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
11:42:38.0475 2776  amdagp - ok
11:42:38.0502 2776  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
11:42:38.0595 2776  amdide - ok
11:42:38.0689 2776  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8          C:\Windows\system32\DRIVERS\amdk8.sys
11:42:38.0833 2776  AmdK8 - ok
11:42:38.0865 2776  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
11:42:39.0019 2776  AmdPPM - ok
11:42:39.0104 2776  [ D320BF87125326F996D4904FE24300FC ] amdsata        C:\Windows\system32\drivers\amdsata.sys
11:42:39.0177 2776  amdsata - ok
11:42:39.0231 2776  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
11:42:39.0315 2776  amdsbs - ok
11:42:39.0365 2776  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata        C:\Windows\system32\drivers\amdxata.sys
11:42:39.0399 2776  amdxata - ok
11:42:39.0521 2776  [ AEA177F783E20150ACE5383EE368DA19 ] AppID          C:\Windows\system32\drivers\appid.sys
11:42:39.0997 2776  AppID - ok
11:42:40.0051 2776  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
11:42:40.0217 2776  AppIDSvc - ok
11:42:40.0357 2776  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo        C:\Windows\System32\appinfo.dll
11:42:40.0461 2776  Appinfo - ok
11:42:40.0660 2776  [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:42:40.0743 2776  Apple Mobile Device - ok
11:42:40.0871 2776  [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt        C:\Windows\System32\appmgmts.dll
11:42:41.0040 2776  AppMgmt - ok
11:42:41.0147 2776  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc            C:\Windows\system32\DRIVERS\arc.sys
11:42:41.0210 2776  arc - ok
11:42:41.0283 2776  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
11:42:41.0381 2776  arcsas - ok
11:42:41.0421 2776  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
11:42:41.0777 2776  AsyncMac - ok
11:42:41.0821 2776  [ 338C86357871C167A96AB976519BF59E ] atapi          C:\Windows\system32\drivers\atapi.sys
11:42:41.0836 2776  atapi - ok
11:42:41.0912 2776  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:42:41.0988 2776  AudioEndpointBuilder - ok
11:42:42.0001 2776  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
11:42:42.0034 2776  Audiosrv - ok
11:42:42.0106 2776  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
11:42:42.0225 2776  AxInstSV - ok
11:42:42.0301 2776  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv        C:\Windows\system32\DRIVERS\bxvbdx.sys
11:42:42.0372 2776  b06bdrv - ok
11:42:42.0417 2776  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
11:42:42.0450 2776  b57nd60x - ok
11:42:42.0507 2776  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
11:42:42.0580 2776  BDESVC - ok
11:42:42.0614 2776  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
11:42:42.0661 2776  Beep - ok
11:42:42.0743 2776  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE            C:\Windows\System32\bfe.dll
11:42:42.0836 2776  BFE - ok
11:42:43.0062 2776  [ C364F02969E9A842321DD91BCFF749D4 ] BHDrvx86        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120905.001\BHDrvx86.sys
11:42:43.0132 2776  BHDrvx86 - ok
11:42:43.0194 2776  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
11:42:43.0299 2776  BITS - ok
11:42:43.0316 2776  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
11:42:43.0353 2776  blbdrive - ok
11:42:43.0453 2776  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
11:42:43.0484 2776  Bonjour Service - ok
11:42:43.0506 2776  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
11:42:43.0571 2776  bowser - ok
11:42:43.0627 2776  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:42:43.0733 2776  BrFiltLo - ok
11:42:43.0757 2776  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:42:43.0819 2776  BrFiltUp - ok
11:42:43.0856 2776  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser        C:\Windows\System32\browser.dll
11:42:43.0938 2776  Browser - ok
11:42:43.0986 2776  [ 845B8CE732E67F3B4133164868C666EA ] Brserid        C:\Windows\System32\Drivers\Brserid.sys
11:42:44.0060 2776  Brserid - ok
11:42:44.0075 2776  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
11:42:44.0095 2776  BrSerWdm - ok
11:42:44.0118 2776  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
11:42:44.0174 2776  BrUsbMdm - ok
11:42:44.0199 2776  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
11:42:44.0261 2776  BrUsbSer - ok
11:42:44.0319 2776  [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum        C:\Windows\system32\drivers\BthEnum.sys
11:42:44.0425 2776  BthEnum - ok
11:42:44.0455 2776  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
11:42:44.0495 2776  BTHMODEM - ok
11:42:44.0534 2776  [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
11:42:44.0589 2776  BthPan - ok
11:42:44.0655 2776  [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT        C:\Windows\System32\Drivers\BTHport.sys
11:42:44.0731 2776  BTHPORT - ok
11:42:44.0799 2776  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv        C:\Windows\system32\bthserv.dll
11:42:44.0865 2776  bthserv - ok
11:42:44.0892 2776  [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
11:42:44.0928 2776  BTHUSB - ok
11:42:45.0026 2776  [ 3EA1A20DC0CA1AD23E7AA8C37A91BCD1 ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
11:42:45.0059 2776  btwaudio - ok
11:42:45.0091 2776  [ 195872E48A7FB01F8BC9B800F70F4054 ] btwavdt        C:\Windows\system32\DRIVERS\btwavdt.sys
11:42:45.0105 2776  btwavdt - ok
11:42:45.0127 2776  [ 0724E7D6C9B6A289EDDDA33FA8176E80 ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
11:42:45.0139 2776  btwrchid - ok
11:42:45.0246 2776  [ ACE85AF1C31F68BDFEE9333F6592917E ] ccSet_NIS      C:\Windows\system32\drivers\NIS\1308000.00E\ccSetx86.sys
11:42:45.0279 2776  ccSet_NIS - ok
11:42:45.0296 2776  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
11:42:45.0348 2776  cdfs - ok
11:42:45.0431 2776  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom          C:\Windows\system32\DRIVERS\cdrom.sys
11:42:45.0492 2776  cdrom - ok
11:42:45.0544 2776  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc    C:\Windows\System32\certprop.dll
11:42:45.0611 2776  CertPropSvc - ok
11:42:45.0811 2776  [ 3D23B88A78A22DD32895FC8E2ACDA244 ] CGVPNCliSrvc    C:\Program Files\CyberGhost VPN\CGVPNCliService.exe
11:42:45.0918 2776  CGVPNCliSrvc - ok
11:42:45.0986 2776  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
11:42:46.0034 2776  circlass - ok
11:42:46.0085 2776  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
11:42:46.0111 2776  CLFS - ok
11:42:46.0244 2776  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:42:46.0276 2776  clr_optimization_v2.0.50727_32 - ok
11:42:46.0411 2776  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:42:46.0447 2776  clr_optimization_v4.0.30319_32 - ok
11:42:46.0481 2776  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
11:42:46.0498 2776  CmBatt - ok
11:42:46.0519 2776  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
11:42:46.0535 2776  cmdide - ok
11:42:46.0584 2776  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG            C:\Windows\system32\Drivers\cng.sys
11:42:46.0615 2776  CNG - ok
11:42:46.0654 2776  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
11:42:46.0688 2776  Compbatt - ok
11:42:46.0749 2776  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
11:42:46.0768 2776  CompositeBus - ok
11:42:46.0783 2776  COMSysApp - ok
11:42:46.0877 2776  [ F4FD82F5D6617A45CC3C4B9D4E7DF2C0 ] CPUCooLServer  C:\Program Files\CPUCooL\CooLSrv.exe
11:42:46.0906 2776  CPUCooLServer ( UnsignedFile.Multi.Generic ) - warning
11:42:46.0906 2776  CPUCooLServer - detected UnsignedFile.Multi.Generic (1)
11:42:46.0948 2776  cpuz132 - ok
11:42:46.0995 2776  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk        C:\Windows\system32\DRIVERS\crcdisk.sys
11:42:47.0011 2776  crcdisk - ok
11:42:47.0064 2776  [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
11:42:47.0115 2776  CryptSvc - ok
11:42:47.0178 2776  [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC            C:\Windows\system32\drivers\csc.sys
11:42:47.0258 2776  CSC - ok
11:42:47.0320 2776  [ 15F93B37F6801943360D9EB42485D5D3 ] CscService      C:\Windows\System32\cscsvc.dll
11:42:47.0384 2776  CscService - ok
11:42:47.0416 2776  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
11:42:47.0477 2776  DcomLaunch - ok
11:42:47.0520 2776  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc      C:\Windows\System32\defragsvc.dll
11:42:47.0577 2776  defragsvc - ok
11:42:47.0646 2776  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
11:42:47.0719 2776  DfsC - ok
11:42:47.0821 2776  [ 7F19DBA1A467B838CCB23124A2C55568 ] DgiVecp        C:\Windows\system32\Drivers\DgiVecp.sys
11:42:47.0848 2776  DgiVecp ( UnsignedFile.Multi.Generic ) - warning
11:42:47.0848 2776  DgiVecp - detected UnsignedFile.Multi.Generic (1)
11:42:47.0907 2776  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
11:42:47.0958 2776  Dhcp - ok
11:42:47.0992 2776  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
11:42:48.0053 2776  discache - ok
11:42:48.0095 2776  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
11:42:48.0112 2776  Disk - ok
11:42:48.0188 2776  [ F6010162368D9BEF934F1647F2430446 ] DiskSec        C:\Windows\system32\drivers\DiskSec.sys
11:42:48.0220 2776  DiskSec ( UnsignedFile.Multi.Generic ) - warning
11:42:48.0220 2776  DiskSec - detected UnsignedFile.Multi.Generic (1)
11:42:48.0262 2776  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
11:42:48.0315 2776  Dnscache - ok
11:42:48.0366 2776  [ 8A4CB9438571814B128B6DC30D698064 ] DOSMEMIO        C:\Windows\system32\MEMIO.SYS
11:42:48.0402 2776  DOSMEMIO ( UnsignedFile.Multi.Generic ) - warning
11:42:48.0402 2776  DOSMEMIO - detected UnsignedFile.Multi.Generic (1)
11:42:48.0451 2776  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc        C:\Windows\System32\dot3svc.dll
11:42:48.0517 2776  dot3svc - ok
11:42:48.0563 2776  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS            C:\Windows\system32\dps.dll
11:42:48.0619 2776  DPS - ok
11:42:48.0691 2776  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
11:42:48.0722 2776  drmkaud - ok
11:42:48.0769 2776  [ B2C3F71B86E25C3DF78339DDB40A7562 ] dsNcAdpt        C:\Windows\system32\DRIVERS\dsNcAdpt.sys
11:42:48.0825 2776  dsNcAdpt - ok
11:42:48.0895 2776  [ 60AE3D932BC594FF9CDC91F7CD2C2015 ] dsNcService    C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
11:42:48.0946 2776  dsNcService - ok
11:42:49.0021 2776  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
11:42:49.0067 2776  DXGKrnl - ok
11:42:49.0129 2776  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost        C:\Windows\System32\eapsvc.dll
11:42:49.0209 2776  EapHost - ok
11:42:49.0387 2776  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv          C:\Windows\system32\DRIVERS\evbdx.sys
11:42:49.0504 2776  ebdrv - ok
11:42:49.0616 2776  [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl          C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
11:42:49.0659 2776  eeCtrl - ok
11:42:49.0698 2776  [ 81951F51E318AECC2D68559E47485CC4 ] EFS            C:\Windows\System32\lsass.exe
11:42:49.0765 2776  EFS - ok
11:42:49.0863 2776  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
11:42:49.0954 2776  ehRecvr - ok
11:42:49.0994 2776  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched        C:\Windows\ehome\ehsched.exe
11:42:50.0055 2776  ehSched - ok
11:42:50.0137 2776  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor        C:\Windows\system32\DRIVERS\elxstor.sys
11:42:50.0179 2776  elxstor - ok
11:42:50.0286 2776  [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
11:42:50.0319 2776  EraserUtilRebootDrv - ok
11:42:50.0375 2776  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
11:42:50.0420 2776  ErrDev - ok
11:42:50.0491 2776  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem    C:\Windows\system32\es.dll
11:42:50.0563 2776  EventSystem - ok
11:42:50.0689 2776  [ F98BBFDC4BACCC8ECB8839A11B4DF1AF ] EvtEng          C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
11:42:50.0742 2776  EvtEng ( UnsignedFile.Multi.Generic ) - warning
11:42:50.0742 2776  EvtEng - detected UnsignedFile.Multi.Generic (1)
11:42:50.0818 2776  [ 82E7EB9F12321052CD9A904B13724EE2 ] ewusbnet        C:\Windows\system32\DRIVERS\ewusbnet.sys
11:42:50.0915 2776  ewusbnet - ok
11:42:50.0940 2776  [ 2DC9108D74081149CC8B651D3A26207F ] exfat          C:\Windows\system32\drivers\exfat.sys
11:42:50.0986 2776  exfat - ok
11:42:51.0008 2776  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat        C:\Windows\system32\drivers\fastfat.sys
11:42:51.0058 2776  fastfat - ok
11:42:51.0134 2776  [ 967EA5B213E9984CBE270205DF37755B ] Fax            C:\Windows\system32\fxssvc.exe
11:42:51.0197 2776  Fax - ok
11:42:51.0238 2776  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc            C:\Windows\system32\DRIVERS\fdc.sys
11:42:51.0280 2776  fdc - ok
11:42:51.0320 2776  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost        C:\Windows\system32\fdPHost.dll
11:42:51.0377 2776  fdPHost - ok
11:42:51.0396 2776  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
11:42:51.0448 2776  FDResPub - ok
11:42:51.0471 2776  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
11:42:51.0492 2776  FileInfo - ok
11:42:51.0518 2776  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
11:42:51.0558 2776  Filetrace - ok
11:42:51.0571 2776  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
11:42:51.0611 2776  flpydisk - ok
11:42:51.0661 2776  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
11:42:51.0700 2776  FltMgr - ok
11:42:51.0773 2776  [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache      C:\Windows\system32\FntCache.dll
11:42:51.0861 2776  FontCache - ok
11:42:51.0956 2776  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
11:42:51.0993 2776  FontCache3.0.0.0 - ok
11:42:52.0020 2776  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends      C:\Windows\system32\drivers\FsDepends.sys
11:42:52.0037 2776  FsDepends - ok
11:42:52.0074 2776  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
11:42:52.0090 2776  Fs_Rec - ok
11:42:52.0143 2776  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
11:42:52.0184 2776  fvevol - ok
11:42:52.0238 2776  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
11:42:52.0271 2776  gagp30kx - ok
11:42:52.0337 2776  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc          C:\Windows\System32\gpsvc.dll
11:42:52.0406 2776  gpsvc - ok
11:42:52.0423 2776  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
11:42:52.0464 2776  hcw85cir - ok
11:42:52.0555 2776  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:42:52.0603 2776  HdAudAddService - ok
11:42:52.0637 2776  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
11:42:52.0674 2776  HDAudBus - ok
11:42:52.0723 2776  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt        C:\Windows\system32\DRIVERS\HidBatt.sys
11:42:52.0767 2776  HidBatt - ok
11:42:52.0795 2776  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
11:42:52.0834 2776  HidBth - ok
11:42:52.0866 2776  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr          C:\Windows\system32\DRIVERS\hidir.sys
11:42:52.0897 2776  HidIr - ok
11:42:52.0942 2776  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv        C:\Windows\system32\hidserv.dll
11:42:52.0984 2776  hidserv - ok
11:42:53.0056 2776  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
11:42:53.0087 2776  HidUsb - ok
11:42:53.0142 2776  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
11:42:53.0219 2776  hkmsvc - ok
11:42:53.0259 2776  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:42:53.0333 2776  HomeGroupListener - ok
11:42:53.0391 2776  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:42:53.0467 2776  HomeGroupProvider - ok
11:42:53.0536 2776  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
11:42:53.0566 2776  HpSAMD - ok
11:42:53.0648 2776  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
11:42:53.0707 2776  HTTP - ok
11:42:53.0770 2776  [ 348C3A9D01E68A0222A246346924AA55 ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
11:42:53.0833 2776  hwdatacard - ok
11:42:53.0889 2776  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
11:42:53.0904 2776  hwpolicy - ok
11:42:53.0973 2776  [ 460B1945C3E6B0419A76E1B507B90B71 ] hwusbdev        C:\Windows\system32\DRIVERS\ewusbdev.sys
11:42:54.0056 2776  hwusbdev - ok
11:42:54.0131 2776  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
11:42:54.0183 2776  i8042prt - ok
11:42:54.0246 2776  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV        C:\Windows\system32\drivers\iaStorV.sys
11:42:54.0281 2776  iaStorV - ok
11:42:54.0402 2776  [ DAF66902F08796F9C694901660E5A64A ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
11:42:54.0441 2776  IDriverT ( UnsignedFile.Multi.Generic ) - warning
11:42:54.0441 2776  IDriverT - detected UnsignedFile.Multi.Generic (1)
11:42:54.0538 2776  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc          C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:42:54.0591 2776  idsvc - ok
11:42:54.0700 2776  [ 404FB2AAF532BC7BBACC8880BE401C74 ] IDSVix86        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120908.001\IDSvix86.sys
11:42:54.0727 2776  IDSVix86 - ok
11:42:54.0780 2776  [ 4173FF5708F3236CF25195FECD742915 ] iirsp          C:\Windows\system32\DRIVERS\iirsp.sys
11:42:54.0796 2776  iirsp - ok
11:42:54.0864 2776  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
11:42:54.0943 2776  IKEEXT - ok
11:42:55.0174 2776  [ 0DBEF9CD5A2CD71240DD5AFCEE56D073 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
11:42:55.0380 2776  IntcAzAudAddService - ok
11:42:55.0431 2776  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
11:42:55.0462 2776  intelide - ok
11:42:55.0513 2776  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
11:42:55.0563 2776  intelppm - ok
11:42:55.0629 2776  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
11:42:55.0672 2776  IPBusEnum - ok
11:42:55.0689 2776  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:42:55.0734 2776  IpFilterDriver - ok
11:42:55.0867 2776  [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
11:42:55.0927 2776  iphlpsvc - ok
11:42:55.0986 2776  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV        C:\Windows\system32\drivers\IPMIDrv.sys
11:42:56.0040 2776  IPMIDRV - ok
11:42:56.0060 2776  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT          C:\Windows\system32\drivers\ipnat.sys
11:42:56.0111 2776  IPNAT - ok
11:42:56.0173 2776  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
11:42:56.0265 2776  IRENUM - ok
11:42:56.0292 2776  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
11:42:56.0312 2776  isapnp - ok
11:42:56.0353 2776  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
11:42:56.0389 2776  iScsiPrt - ok
11:42:56.0434 2776  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
11:42:56.0455 2776  kbdclass - ok
11:42:56.0509 2776  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
11:42:56.0560 2776  kbdhid - ok
11:42:56.0583 2776  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
11:42:56.0610 2776  KeyIso - ok
11:42:56.0667 2776  [ EBC507F129DF8F0E0CA270DCFC0CF87F ] KMDFMEMIO      C:\Windows\system32\DRIVERS\kmdfmemio.sys
11:42:56.0726 2776  KMDFMEMIO - ok
11:42:56.0773 2776  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
11:42:56.0794 2776  KSecDD - ok
11:42:56.0835 2776  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg        C:\Windows\system32\Drivers\ksecpkg.sys
11:42:56.0872 2776  KSecPkg - ok
11:42:56.0930 2776  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm          C:\Windows\system32\msdtckrm.dll
11:42:57.0009 2776  KtmRm - ok
11:42:57.0057 2776  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll
11:42:57.0091 2776  LanmanServer - ok
11:42:57.0104 2776  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:42:57.0161 2776  LanmanWorkstation - ok
11:42:57.0234 2776  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
11:42:57.0308 2776  lltdio - ok
11:42:57.0349 2776  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc        C:\Windows\System32\lltdsvc.dll
11:42:57.0407 2776  lltdsvc - ok
11:42:57.0426 2776  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts        C:\Windows\System32\lmhsvc.dll
11:42:57.0469 2776  lmhosts - ok
11:42:57.0513 2776  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
11:42:57.0531 2776  LSI_FC - ok
11:42:57.0548 2776  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS        C:\Windows\system32\DRIVERS\lsi_sas.sys
11:42:57.0566 2776  LSI_SAS - ok
11:42:57.0628 2776  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:42:57.0646 2776  LSI_SAS2 - ok
11:42:57.0670 2776  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:42:57.0688 2776  LSI_SCSI - ok
11:42:57.0703 2776  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv          C:\Windows\system32\drivers\luafv.sys
11:42:57.0736 2776  luafv - ok
11:42:57.0809 2776  [ 6DFE7F2E8E8A337263AA5C92A215F161 ] MBAMProtector  C:\Windows\system32\drivers\mbam.sys
11:42:57.0834 2776  MBAMProtector - ok
11:42:57.0904 2776  [ 43683E970F008C93C9429EF428147A54 ] MBAMService    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
11:42:57.0933 2776  MBAMService - ok
11:42:57.0983 2776  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
11:42:58.0018 2776  Mcx2Svc - ok
11:42:58.0135 2776  [ 11F714F85530A2BD134074DC30E99FCA ] MDM            C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
11:42:58.0162 2776  MDM - ok
11:42:58.0212 2776  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas        C:\Windows\system32\DRIVERS\megasas.sys
11:42:58.0247 2776  megasas - ok
11:42:58.0290 2776  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
11:42:58.0330 2776  MegaSR - ok
11:42:58.0367 2776  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS          C:\Windows\system32\mmcss.dll
11:42:58.0416 2776  MMCSS - ok
11:42:58.0438 2776  [ F001861E5700EE84E2D4E52C712F4964 ] Modem          C:\Windows\system32\drivers\modem.sys
11:42:58.0468 2776  Modem - ok
11:42:58.0495 2776  [ 79D10964DE86B292320E9DFE02282A23 ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
11:42:58.0535 2776  monitor - ok
11:42:58.0566 2776  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
11:42:58.0582 2776  mouclass - ok
11:42:58.0644 2776  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
11:42:58.0695 2776  mouhid - ok
11:42:58.0739 2776  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
11:42:58.0767 2776  mountmgr - ok
11:42:58.0876 2776  [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
11:42:58.0895 2776  MozillaMaintenance - ok
11:42:58.0909 2776  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
11:42:58.0928 2776  mpio - ok
11:42:58.0948 2776  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
11:42:59.0035 2776  mpsdrv - ok
11:42:59.0102 2776  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
11:42:59.0192 2776  MpsSvc - ok
11:42:59.0227 2776  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
11:42:59.0266 2776  MRxDAV - ok
11:42:59.0303 2776  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
11:42:59.0353 2776  mrxsmb - ok
11:42:59.0399 2776  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:42:59.0441 2776  mrxsmb10 - ok
11:42:59.0469 2776  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:42:59.0499 2776  mrxsmb20 - ok
11:42:59.0513 2776  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
11:42:59.0528 2776  msahci - ok
11:42:59.0583 2776  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm          C:\Windows\system32\drivers\msdsm.sys
11:42:59.0619 2776  msdsm - ok
11:42:59.0665 2776  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC          C:\Windows\System32\msdtc.exe
11:42:59.0699 2776  MSDTC - ok
11:42:59.0752 2776  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
11:42:59.0783 2776  Msfs - ok
11:42:59.0794 2776  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf      C:\Windows\System32\drivers\mshidkmdf.sys
11:42:59.0825 2776  mshidkmdf - ok
11:42:59.0862 2776  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
11:42:59.0878 2776  msisadrv - ok
11:42:59.0951 2776  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
11:43:00.0022 2776  MSiSCSI - ok
11:43:00.0026 2776  msiserver - ok
11:43:00.0060 2776  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
11:43:00.0102 2776  MSKSSRV - ok
11:43:00.0121 2776  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
11:43:00.0167 2776  MSPCLOCK - ok
11:43:00.0188 2776  [ F456E973590D663B1073E9C463B40932 ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
11:43:00.0219 2776  MSPQM - ok
11:43:00.0260 2776  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
11:43:00.0280 2776  MsRPC - ok
11:43:00.0318 2776  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
11:43:00.0333 2776  mssmbios - ok
11:43:00.0339 2776  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
11:43:00.0371 2776  MSTEE - ok
11:43:00.0395 2776  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
11:43:00.0449 2776  MTConfig - ok
11:43:00.0484 2776  [ 159FAD02F64E6381758C990F753BCC80 ] Mup            C:\Windows\system32\Drivers\mup.sys
11:43:00.0500 2776  Mup - ok
11:43:00.0545 2776  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
11:43:00.0597 2776  napagent - ok
11:43:00.0676 2776  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
11:43:00.0715 2776  NativeWifiP - ok
11:43:00.0804 2776  [ FA0B7D801E71CE79B915BAE5A90DE224 ] NAVENG          C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120910.018\NAVENG.SYS
11:43:00.0831 2776  NAVENG - ok
11:43:00.0917 2776  [ 80BB71A7D14CF14B54514A201BF5B985 ] NAVEX15        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120910.018\NAVEX15.SYS
11:43:00.0961 2776  NAVEX15 - ok
11:43:01.0027 2776  [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS            C:\Windows\system32\drivers\ndis.sys
11:43:01.0070 2776  NDIS - ok
11:43:01.0130 2776  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap        C:\Windows\system32\DRIVERS\ndiscap.sys
11:43:01.0211 2776  NdisCap - ok
11:43:01.0232 2776  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
11:43:01.0277 2776  NdisTapi - ok
11:43:01.0335 2776  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
11:43:01.0395 2776  Ndisuio - ok
11:43:01.0437 2776  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
11:43:01.0480 2776  NdisWan - ok
11:43:01.0506 2776  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
11:43:01.0536 2776  NDProxy - ok
11:43:01.0587 2776  [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
11:43:01.0618 2776  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
11:43:01.0618 2776  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
11:43:01.0692 2776  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
11:43:01.0755 2776  NetBIOS - ok
11:43:01.0814 2776  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT          C:\Windows\system32\DRIVERS\netbt.sys
11:43:01.0891 2776  NetBT - ok
11:43:01.0913 2776  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
11:43:01.0930 2776  Netlogon - ok
11:43:02.0001 2776  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
11:43:02.0080 2776  Netman - ok
11:43:02.0115 2776  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
11:43:02.0174 2776  netprofm - ok
11:43:02.0217 2776  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:43:02.0234 2776  NetTcpPortSharing - ok
11:43:02.0356 2776  [ 6522DD40A5F67CED020BD81B856613FB ] NETw4v32        C:\Windows\system32\DRIVERS\NETw4v32.sys
11:43:02.0461 2776  NETw4v32 - ok
11:43:02.0657 2776  [ 58218EC6B61B1169CF54AAB0D00F5FE2 ] netw5v32        C:\Windows\system32\DRIVERS\netw5v32.sys
11:43:02.0908 2776  netw5v32 - ok
11:43:02.0974 2776  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960        C:\Windows\system32\DRIVERS\nfrd960.sys
11:43:02.0992 2776  nfrd960 - ok
11:43:03.0078 2776  [ F2840DBFE9322F35557219AE82CC4597 ] NIS            C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe
11:43:03.0092 2776  NIS - ok
11:43:03.0147 2776  [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc          C:\Windows\System32\nlasvc.dll
11:43:03.0216 2776  NlaSvc - ok
11:43:03.0401 2776  [ F6C40E0A565EE3CE5AEEB325E10054F2 ] nmwcd          C:\Windows\system32\drivers\ccdcmb.sys
11:43:03.0482 2776  nmwcd - ok
11:43:03.0535 2776  [ 2A394E9E1FA3565E4B2FEA470FFE4D6B ] nmwcdc          C:\Windows\system32\drivers\ccdcmbo.sys
11:43:03.0595 2776  nmwcdc - ok
11:43:03.0641 2776  [ 99B224F8026CB534724AA3C408561E45 ] nmwcdnsu        C:\Windows\system32\drivers\nmwcdnsu.sys
11:43:03.0716 2776  nmwcdnsu - ok
11:43:03.0771 2776  [ D23257682D349A5E2E4507ED33DECC16 ] nmwcdnsuc      C:\Windows\system32\drivers\nmwcdnsuc.sys
11:43:03.0809 2776  nmwcdnsuc - ok
11:43:03.0854 2776  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
11:43:03.0907 2776  Npfs - ok
11:43:03.0951 2776  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi            C:\Windows\system32\nsisvc.dll
11:43:03.0984 2776  nsi - ok
11:43:03.0998 2776  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
11:43:04.0048 2776  nsiproxy - ok
11:43:04.0131 2776  [ 81189C3D7763838E55C397759D49007A ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
11:43:04.0187 2776  Ntfs - ok
11:43:04.0255 2776  [ 5850C28057DDEA04390B88F8CC482504 ] ntiopnp        C:\Windows\system32\drivers\ntiopnp.sys
11:43:04.0292 2776  ntiopnp - ok
11:43:04.0342 2776  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
11:43:04.0418 2776  Null - ok
11:43:04.0836 2776  [ AFB33A823AABC112FC7BD62AFBCDB0CD ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
11:43:05.0350 2776  nvlddmkm - ok
11:43:05.0371 2776  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
11:43:05.0390 2776  nvraid - ok
11:43:05.0422 2776  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
11:43:05.0442 2776  nvstor - ok
11:43:05.0541 2776  [ 782945716AD010AC3D41758E8E52C735 ] nvsvc          C:\Windows\system32\nvvsvc.exe
11:43:05.0580 2776  nvsvc - ok
11:43:05.0633 2776  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
11:43:05.0666 2776  nv_agp - ok
11:43:05.0738 2776  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:43:05.0773 2776  odserv - ok
11:43:05.0819 2776  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
11:43:05.0860 2776  ohci1394 - ok
11:43:05.0908 2776  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose            C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:43:05.0925 2776  ose - ok
11:43:06.0170 2776  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc        C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
11:43:06.0475 2776  osppsvc - ok
11:43:06.0554 2776  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
11:43:06.0639 2776  p2pimsvc - ok
11:43:06.0670 2776  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
11:43:06.0713 2776  p2psvc - ok
11:43:06.0760 2776  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport        C:\Windows\system32\DRIVERS\parport.sys
11:43:06.0834 2776  Parport - ok
11:43:06.0877 2776  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr        C:\Windows\system32\drivers\partmgr.sys
11:43:06.0911 2776  partmgr - ok
11:43:06.0936 2776  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
11:43:06.0968 2776  Parvdm - ok
11:43:07.0021 2776  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
11:43:07.0043 2776  PcaSvc - ok
11:43:07.0136 2776  [ F451DCACBAA67F3307305EBD4A39EA07 ] pccsmcfd        C:\Windows\system32\DRIVERS\pccsmcfd.sys
11:43:07.0177 2776  pccsmcfd - ok
11:43:07.0226 2776  [ 673E55C3498EB970088E812EA820AA8F ] pci            C:\Windows\system32\drivers\pci.sys
11:43:07.0251 2776  pci - ok
11:43:07.0266 2776  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
11:43:07.0283 2776  pciide - ok
11:43:07.0348 2776  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
11:43:07.0381 2776  pcmcia - ok
11:43:07.0407 2776  [ 250F6B43D2B613172035C6747AEEB19F ] pcw            C:\Windows\system32\drivers\pcw.sys
11:43:07.0424 2776  pcw - ok
11:43:07.0461 2776  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
11:43:07.0523 2776  PEAUTH - ok
11:43:07.0606 2776  [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc    C:\Windows\system32\peerdistsvc.dll
11:43:07.0694 2776  PeerDistSvc - ok
11:43:07.0808 2776  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla            C:\Windows\system32\pla.dll
11:43:07.0929 2776  pla - ok
11:43:07.0983 2776  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
11:43:08.0049 2776  PlugPlay - ok
11:43:08.0075 2776  [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
11:43:08.0104 2776  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
11:43:08.0104 2776  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
11:43:08.0147 2776  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg    C:\Windows\system32\pnrpauto.dll
11:43:08.0196 2776  PNRPAutoReg - ok
11:43:08.0225 2776  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc        C:\Windows\system32\pnrpsvc.dll
11:43:08.0245 2776  PNRPsvc - ok
11:43:08.0310 2776  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
11:43:08.0381 2776  PolicyAgent - ok
11:43:08.0484 2776  [ F87D30E72E03D579A5199CCB3831D6EA ] Power          C:\Windows\system32\umpo.dll
11:43:08.0533 2776  Power - ok
11:43:08.0594 2776  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
11:43:08.0682 2776  PptpMiniport - ok
11:43:08.0735 2776  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor      C:\Windows\system32\DRIVERS\processr.sys
11:43:08.0793 2776  Processor - ok
11:43:08.0845 2776  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc        C:\Windows\system32\profsvc.dll
11:43:08.0894 2776  ProfSvc - ok
11:43:08.0912 2776  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
11:43:08.0930 2776  ProtectedStorage - ok
11:43:08.0958 2776  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
11:43:08.0990 2776  Psched - ok
11:43:09.0057 2776  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
11:43:09.0120 2776  ql2300 - ok
11:43:09.0160 2776  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
11:43:09.0193 2776  ql40xx - ok
11:43:09.0253 2776  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE          C:\Windows\system32\qwave.dll
11:43:09.0317 2776  QWAVE - ok
11:43:09.0342 2776  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
11:43:09.0366 2776  QWAVEdrv - ok
11:43:09.0383 2776  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
11:43:09.0422 2776  RasAcd - ok
11:43:09.0478 2776  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn    C:\Windows\system32\DRIVERS\AgileVpn.sys
11:43:09.0532 2776  RasAgileVpn - ok
11:43:09.0564 2776  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto        C:\Windows\System32\rasauto.dll
11:43:09.0598 2776  RasAuto - ok
11:43:09.0656 2776  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
11:43:09.0725 2776  Rasl2tp - ok
11:43:09.0807 2776  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
11:43:09.0878 2776  RasMan - ok
11:43:09.0910 2776  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
11:43:09.0954 2776  RasPppoe - ok
11:43:09.0974 2776  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
11:43:10.0024 2776  RasSstp - ok
11:43:10.0076 2776  [ D528BC58A489409BA40334EBF96A311B ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
11:43:10.0141 2776  rdbss - ok
11:43:10.0191 2776  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
11:43:10.0227 2776  rdpbus - ok
11:43:10.0279 2776  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
11:43:10.0351 2776  RDPCDD - ok
11:43:10.0393 2776  [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR          C:\Windows\system32\drivers\rdpdr.sys
11:43:10.0426 2776  RDPDR - ok
11:43:10.0453 2776  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
11:43:10.0501 2776  RDPENCDD - ok
11:43:10.0522 2776  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
11:43:10.0559 2776  RDPREFMP - ok
11:43:10.0595 2776  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
11:43:10.0658 2776  RDPWD - ok
11:43:10.0710 2776  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
11:43:10.0742 2776  rdyboost - ok
11:43:10.0800 2776  [ 796D6727F09AC61536EFB90DF68F5132 ] RegSrvc        C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
11:43:10.0822 2776  RegSrvc ( UnsignedFile.Multi.Generic ) - warning
11:43:10.0823 2776  RegSrvc - detected UnsignedFile.Multi.Generic (1)
11:43:10.0875 2776  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
11:43:10.0936 2776  RemoteAccess - ok
11:43:10.0985 2776  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
11:43:11.0038 2776  RemoteRegistry - ok
11:43:11.0108 2776  [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
11:43:11.0156 2776  RFCOMM - ok
11:43:11.0203 2776  [ B39F1BD472E4992382875BAF0B645C6D ] rimmptsk        C:\Windows\system32\DRIVERS\rimmptsk.sys
11:43:11.0252 2776  rimmptsk - ok
11:43:11.0272 2776  [ A4216C71DD4F60B26418CCFD99CD0815 ] rimsptsk        C:\Windows\system32\DRIVERS\rimsptsk.sys
11:43:11.0294 2776  rimsptsk - ok
11:43:11.0327 2776  [ C663AF77E2F4EABF8EB08B388D2F1F36 ] rismxdp        C:\Windows\system32\DRIVERS\rixdptsk.sys
11:43:11.0360 2776  rismxdp - ok
11:43:11.0405 2776  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
11:43:11.0472 2776  RpcEptMapper - ok
11:43:11.0506 2776  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
11:43:11.0532 2776  RpcLocator - ok
11:43:11.0558 2776  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs          C:\Windows\system32\rpcss.dll
11:43:11.0592 2776  RpcSs - ok
11:43:11.0661 2776  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
11:43:11.0733 2776  rspndr - ok
11:43:11.0784 2776  [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap          C:\Windows\system32\drivers\vms3cap.sys
11:43:11.0850 2776  s3cap - ok
11:43:11.0869 2776  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs          C:\Windows\system32\lsass.exe
11:43:11.0885 2776  SamSs - ok
11:43:11.0968 2776  [ 4BFB51CDB25D4D4B9E8FCCAB635F262E ] Samsung Update Plus C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
11:43:12.0006 2776  Samsung Update Plus ( UnsignedFile.Multi.Generic ) - warning
11:43:12.0006 2776  Samsung Update Plus - detected UnsignedFile.Multi.Generic (1)
11:43:12.0059 2776  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
11:43:12.0098 2776  sbp2port - ok
11:43:12.0238 2776  [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService  C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
11:43:12.0288 2776  SBSDWSCService - ok
11:43:12.0344 2776  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
11:43:12.0395 2776  SCardSvr - ok
11:43:12.0414 2776  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
11:43:12.0459 2776  scfilter - ok
11:43:12.0531 2776  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
11:43:12.0615 2776  Schedule - ok
11:43:12.0658 2776  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc    C:\Windows\System32\certprop.dll
11:43:12.0687 2776  SCPolicySvc - ok
11:43:12.0747 2776  [ 0328BE1C7F1CBA23848179F8762E391C ] sdbus          C:\Windows\system32\drivers\sdbus.sys
11:43:12.0782 2776  sdbus - ok
11:43:12.0825 2776  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
11:43:12.0901 2776  SDRSVC - ok
11:43:12.0940 2776  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
11:43:12.0990 2776  secdrv - ok
11:43:13.0035 2776  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
11:43:13.0099 2776  seclogon - ok
11:43:13.0137 2776  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
11:43:13.0193 2776  SENS - ok
11:43:13.0266 2776  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
11:43:13.0316 2776  SensrSvc - ok
11:43:13.0361 2776  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum        C:\Windows\system32\DRIVERS\serenum.sys
11:43:13.0408 2776  Serenum - ok
11:43:13.0425 2776  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
11:43:13.0465 2776  Serial - ok
11:43:13.0527 2776  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
11:43:13.0631 2776  sermouse - ok
11:43:13.0850 2776  [ E90CE237E99C5D26CB3872318A7799D0 ] ServiceLayer    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
11:43:13.0943 2776  ServiceLayer - ok
11:43:14.0001 2776  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
11:43:14.0046 2776  SessionEnv - ok
11:43:14.0096 2776  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk        C:\Windows\system32\DRIVERS\sffdisk.sys
11:43:14.0170 2776  sffdisk - ok
11:43:14.0189 2776  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
11:43:14.0234 2776  sffp_mmc - ok
11:43:14.0257 2776  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd        C:\Windows\system32\DRIVERS\sffp_sd.sys
11:43:14.0293 2776  sffp_sd - ok
11:43:14.0325 2776  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy        C:\Windows\system32\DRIVERS\sfloppy.sys
11:43:14.0381 2776  sfloppy - ok
11:43:14.0443 2776  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
11:43:14.0513 2776  SharedAccess - ok
11:43:14.0623 2776  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:43:14.0692 2776  ShellHWDetection - ok
11:43:14.0741 2776  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
11:43:14.0776 2776  sisagp - ok
11:43:14.0848 2776  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:43:14.0865 2776  SiSRaid2 - ok
11:43:14.0904 2776  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
11:43:14.0922 2776  SiSRaid4 - ok
11:43:15.0158 2776  [ 753D254205E0A62100A050BD8B458D06 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
11:43:15.0266 2776  Skype C2C Service - ok
11:43:15.0325 2776  [ EA396139541706B4B433641D62EA53CE ] SkypeUpdate    C:\Program Files\Skype\Updater\Updater.exe
11:43:15.0351 2776  SkypeUpdate - ok
11:43:15.0391 2776  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb            C:\Windows\system32\DRIVERS\smb.sys
11:43:15.0437 2776  Smb - ok
11:43:15.0500 2776  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
11:43:15.0536 2776  SNMPTRAP - ok
11:43:15.0587 2776  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr          C:\Windows\system32\drivers\spldr.sys
11:43:15.0616 2776  spldr - ok
11:43:15.0663 2776  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler        C:\Windows\System32\spoolsv.exe
11:43:15.0698 2776  Spooler - ok
11:43:15.0835 2776  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
11:43:15.0959 2776  sppsvc - ok
11:43:15.0999 2776  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify    C:\Windows\system32\sppuinotify.dll
11:43:16.0077 2776  sppuinotify - ok
11:43:16.0184 2776  [ 7BB297CADA42903328E92425D9761DA6 ] SRTSP          C:\Windows\System32\Drivers\NIS\1308000.00E\SRTSP.SYS
11:43:16.0224 2776  SRTSP - ok
11:43:16.0261 2776  [ 475FCF0F28D845BF1C8ABAC27F19003E ] SRTSPX          C:\Windows\system32\drivers\NIS\1308000.00E\SRTSPX.SYS
11:43:16.0274 2776  SRTSPX - ok
11:43:16.0311 2776  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv            C:\Windows\system32\DRIVERS\srv.sys
11:43:16.0385 2776  srv - ok
11:43:16.0418 2776  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
11:43:16.0467 2776  srv2 - ok
11:43:16.0500 2776  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
11:43:16.0518 2776  srvnet - ok
11:43:16.0576 2776  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
11:43:16.0647 2776  SSDPSRV - ok
11:43:16.0732 2776  [ EF3458337D7341A05169CEFC73709264 ] SSPORT          C:\Windows\system32\Drivers\SSPORT.sys
11:43:16.0751 2776  SSPORT ( UnsignedFile.Multi.Generic ) - warning
11:43:16.0752 2776  SSPORT - detected UnsignedFile.Multi.Generic (1)
11:43:16.0775 2776  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc        C:\Windows\system32\sstpsvc.dll
11:43:16.0820 2776  SstpSvc - ok
11:43:16.0859 2776  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
11:43:16.0875 2776  stexstor - ok
11:43:16.0944 2776  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
11:43:16.0998 2776  StiSvc - ok
11:43:17.0025 2776  [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt        C:\Windows\system32\drivers\vmstorfl.sys
11:43:17.0041 2776  storflt - ok
11:43:17.0092 2776  [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc        C:\Windows\system32\storsvc.dll
11:43:17.0138 2776  StorSvc - ok
11:43:17.0177 2776  [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc        C:\Windows\system32\drivers\storvsc.sys
11:43:17.0200 2776  storvsc - ok
11:43:17.0215 2776  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
11:43:17.0231 2776  swenum - ok
11:43:17.0286 2776  [ A28BD92DF340E57B024BA433165D34D7 ] swprv          C:\Windows\System32\swprv.dll
11:43:17.0325 2776  swprv - ok
11:43:17.0376 2776  [ 690FA0E61B90084C4D9A721BD4F3D779 ] SymDS          C:\Windows\system32\drivers\NIS\1308000.00E\SYMDS.SYS
11:43:17.0412 2776  SymDS - ok
11:43:17.0469 2776  [ 8F88EDB211B12537D2DC2A6D73D6067C ] SymEFA          C:\Windows\system32\drivers\NIS\1308000.00E\SYMEFA.SYS
11:43:17.0520 2776  SymEFA - ok
11:43:17.0594 2776  [ 555FB450FE6908600310E990738B41D6 ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT.SYS
11:43:17.0623 2776  SymEvent - ok
11:43:17.0641 2776  [ 2C356CCA706505CF63CBE39D532B9236 ] SymIRON        C:\Windows\system32\drivers\NIS\1308000.00E\Ironx86.SYS
11:43:17.0659 2776  SymIRON - ok
11:43:17.0707 2776  [ 3EE215D6FE821E3EDF0F7134D9AE905A ] SymNetS        C:\Windows\System32\Drivers\NIS\1308000.00E\SYMNETS.SYS
11:43:17.0731 2776  SymNetS - ok
11:43:17.0786 2776  [ 094B872D466C6CC60CBDF12EC6FAEFAF ] SynTP          C:\Windows\system32\DRIVERS\SynTP.sys
11:43:17.0805 2776  SynTP - ok
11:43:17.0886 2776  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain        C:\Windows\system32\sysmain.dll
11:43:17.0952 2776  SysMain - ok
11:43:17.0991 2776  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:43:18.0013 2776  TabletInputService - ok
11:43:18.0046 2776  [ 98A1E6BC9F766B0B0A5BF00AF847EF20 ] tap0901        C:\Windows\system32\DRIVERS\tap0901.sys
11:43:18.0121 2776  tap0901 - ok
11:43:18.0176 2776  [ 613BF4820361543956909043A265C6AC ] TapiSrv        C:\Windows\System32\tapisrv.dll
11:43:18.0228 2776  TapiSrv - ok
11:43:18.0271 2776  [ 827C8058C284FF0013E4462EFE2591A3 ] tapoas          C:\Windows\system32\DRIVERS\tapoas.sys
11:43:18.0292 2776  tapoas - ok
11:43:18.0345 2776  [ B799D9FDB26111737F58288D8DC172D9 ] TBS            C:\Windows\System32\tbssvc.dll
11:43:18.0420 2776  TBS - ok
11:43:18.0498 2776  [ 7FA2E0F8B072BD04B77B421480B6CC22 ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
11:43:18.0569 2776  Tcpip - ok
11:43:18.0606 2776  [ 7FA2E0F8B072BD04B77B421480B6CC22 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
11:43:18.0641 2776  TCPIP6 - ok
11:43:18.0691 2776  [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
11:43:18.0745 2776  tcpipreg - ok
11:43:18.0791 2776  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
11:43:18.0858 2776  TDPIPE - ok
11:43:18.0891 2776  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
11:43:18.0908 2776  TDTCP - ok
11:43:18.0946 2776  [ B459575348C20E8121D6039DA063C704 ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
11:43:19.0067 2776  tdx - ok
11:43:19.0097 2776  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
11:43:19.0150 2776  TermDD - ok
11:43:19.0285 2776  [ 382C804C92811BE57829D8E550A900E2 ] TermService    C:\Windows\System32\termsrv.dll
11:43:19.0361 2776  TermService - ok
11:43:19.0391 2776  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
11:43:19.0412 2776  Themes - ok
11:43:19.0425 2776  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER    C:\Windows\system32\mmcss.dll
11:43:19.0457 2776  THREADORDER - ok
11:43:19.0482 2776  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
11:43:19.0536 2776  TrkWks - ok
11:43:19.0619 2776  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:43:19.0688 2776  TrustedInstaller - ok
11:43:19.0707 2776  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
11:43:19.0749 2776  tssecsrv - ok
11:43:19.0836 2776  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
11:43:19.0904 2776  TsUsbFlt - ok
11:43:19.0981 2776  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
11:43:20.0052 2776  tunnel - ok
11:43:20.0087 2776  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
11:43:20.0103 2776  uagp35 - ok
11:43:20.0152 2776  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
11:43:20.0220 2776  udfs - ok
11:43:20.0272 2776  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect      C:\Windows\system32\UI0Detect.exe
11:43:20.0322 2776  UI0Detect - ok
11:43:20.0352 2776  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
11:43:20.0369 2776  uliagpkx - ok
11:43:20.0428 2776  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus          C:\Windows\system32\DRIVERS\umbus.sys
11:43:20.0458 2776  umbus - ok
11:43:20.0515 2776  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
11:43:20.0560 2776  UmPass - ok
11:43:20.0614 2776  [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService    C:\Windows\System32\umrdp.dll
11:43:20.0660 2776  UmRdpService - ok
11:43:20.0715 2776  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
11:43:20.0772 2776  upnphost - ok
11:43:20.0832 2776  [ 47F5F9D837D80FFD5882A14DB9DA0A67 ] upperdev        C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
11:43:20.0863 2776  upperdev - ok
11:43:20.0886 2776  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
11:43:20.0950 2776  usbccgp - ok
11:43:21.0003 2776  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
11:43:21.0047 2776  usbcir - ok
11:43:21.0076 2776  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci        C:\Windows\system32\drivers\usbehci.sys
11:43:21.0092 2776  usbehci - ok
11:43:21.0133 2776  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
11:43:21.0192 2776  usbhub - ok
11:43:21.0212 2776  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci        C:\Windows\system32\drivers\usbohci.sys
11:43:21.0247 2776  usbohci - ok
11:43:21.0299 2776  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
11:43:21.0322 2776  usbprint - ok
11:43:21.0362 2776  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan        C:\Windows\system32\DRIVERS\usbscan.sys
11:43:21.0380 2776  usbscan - ok
11:43:21.0430 2776  [ 31181DE6190B39FC8007DFFD1A48FFD6 ] usbser          C:\Windows\system32\drivers\usbser.sys
11:43:21.0484 2776  usbser - ok
11:43:21.0498 2776  [ E44F0D17BE0908B58DCC99CCB99C6C32 ] UsbserFilt      C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
11:43:21.0542 2776  UsbserFilt - ok
11:43:21.0570 2776  [ F991AB9CC6B908DB552166768176896A ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:43:21.0640 2776  USBSTOR - ok
11:43:21.0674 2776  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci        C:\Windows\system32\drivers\usbuhci.sys
11:43:21.0693 2776  usbuhci - ok
11:43:21.0762 2776  [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
11:43:21.0804 2776  usbvideo - ok
11:43:21.0853 2776  [ D82F43D15FDAA666856C0190CB73E7C9 ] usb_rndisx      C:\Windows\system32\DRIVERS\usb8023x.sys
11:43:21.0871 2776  usb_rndisx - ok
11:43:21.0912 2776  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms          C:\Windows\System32\uxsms.dll
11:43:21.0974 2776  UxSms - ok
11:43:21.0998 2776  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
11:43:22.0014 2776  VaultSvc - ok
11:43:22.0059 2776  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
11:43:22.0092 2776  vdrvroot - ok
11:43:22.0152 2776  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds            C:\Windows\System32\vds.exe
11:43:22.0204 2776  vds - ok
11:43:22.0269 2776  [ 17C408214EA61696CEC9C66E388B14F3 ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
11:43:22.0304 2776  vga - ok
11:43:22.0335 2776  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave        C:\Windows\System32\drivers\vga.sys
11:43:22.0366 2776  VgaSave - ok
11:43:22.0405 2776  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp          C:\Windows\system32\drivers\vhdmp.sys
11:43:22.0425 2776  vhdmp - ok
11:43:22.0465 2776  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
11:43:22.0481 2776  viaagp - ok
11:43:22.0501 2776  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7          C:\Windows\system32\DRIVERS\viac7.sys
11:43:22.0532 2776  ViaC7 - ok
11:43:22.0569 2776  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
11:43:22.0601 2776  viaide - ok
11:43:22.0650 2776  [ C2F2911156FDC7817C52829C86DA494E ] vmbus          C:\Windows\system32\drivers\vmbus.sys
11:43:22.0670 2776  vmbus - ok
11:43:22.0692 2776  [ D4D77455211E204F370D08F4963063CE ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
11:43:22.0719 2776  VMBusHID - ok
11:43:22.0809 2776  [ 86721C65A2010A9E34E3DC59DA0183CF ] VMC302          C:\Windows\system32\Drivers\VMC302.sys
11:43:22.0857 2776  VMC302 - ok
11:43:22.0884 2776  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
11:43:22.0935 2776  volmgr - ok
11:43:22.0983 2776  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
11:43:23.0023 2776  volmgrx - ok
11:43:23.0041 2776  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap        C:\Windows\system32\drivers\volsnap.sys
11:43:23.0063 2776  volsnap - ok
11:43:23.0100 2776  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid        C:\Windows\system32\DRIVERS\vsmraid.sys
11:43:23.0119 2776  vsmraid - ok
11:43:23.0211 2776  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS            C:\Windows\system32\vssvc.exe
11:43:23.0290 2776  VSS - ok
11:43:23.0313 2776  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
11:43:23.0341 2776  vwifibus - ok
11:43:23.0423 2776  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time        C:\Windows\system32\w32time.dll
11:43:23.0502 2776  W32Time - ok
11:43:23.0555 2776  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
11:43:23.0605 2776  WacomPen - ok
11:43:23.0660 2776  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
11:43:23.0704 2776  WANARP - ok
11:43:23.0708 2776  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
11:43:23.0737 2776  Wanarpv6 - ok
11:43:23.0840 2776  [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc    C:\Windows\system32\Wat\WatAdminSvc.exe
11:43:23.0895 2776  WatAdminSvc - ok
11:43:23.0981 2776  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
11:43:24.0055 2776  wbengine - ok
11:43:24.0106 2776  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
11:43:24.0150 2776  WbioSrvc - ok
11:43:24.0199 2776  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc        C:\Windows\System32\wcncsvc.dll
11:43:24.0262 2776  wcncsvc - ok
11:43:24.0285 2776  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:43:24.0404 2776  WcsPlugInService - ok
11:43:24.0455 2776  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
11:43:24.0481 2776  Wd - ok
11:43:24.0516 2776  [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
11:43:24.0543 2776  Wdf01000 - ok
11:43:24.0591 2776  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
11:43:24.0678 2776  WdiServiceHost - ok
11:43:24.0684 2776  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost  C:\Windows\system32\wdi.dll
11:43:24.0704 2776  WdiSystemHost - ok
11:43:24.0750 2776  [ A9D880F97530D5B8FEE278923349929D ] WebClient      C:\Windows\System32\webclnt.dll
11:43:24.0775 2776  WebClient - ok
11:43:24.0803 2776  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
11:43:24.0840 2776  Wecsvc - ok
11:43:24.0856 2776  [ AC804569BB2364FB6017370258A4091B ] wercplsupport  C:\Windows\System32\wercplsupport.dll
11:43:24.0900 2776  wercplsupport - ok
11:43:24.0941 2776  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
11:43:25.0008 2776  WerSvc - ok
11:43:25.0032 2776  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
11:43:25.0063 2776  WfpLwf - ok
11:43:25.0086 2776  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
11:43:25.0102 2776  WIMMount - ok
11:43:25.0187 2776  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend      C:\Program Files\Windows Defender\mpsvc.dll
11:43:25.0248 2776  WinDefend - ok
11:43:25.0255 2776  WinHttpAutoProxySvc - ok
11:43:25.0372 2776  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
11:43:25.0423 2776  Winmgmt - ok
11:43:25.0506 2776  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM          C:\Windows\system32\WsmSvc.dll
11:43:25.0582 2776  WinRM - ok
11:43:25.0624 2776  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
11:43:25.0670 2776  WinUsb - ok
11:43:25.0740 2776  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc        C:\Windows\System32\wlansvc.dll
11:43:25.0813 2776  Wlansvc - ok
11:43:25.0948 2776  [ 0A70F4022EC2E14C159EFC4F69AA2477 ] wlidsvc        C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:43:26.0015 2776  wlidsvc - ok
11:43:26.0069 2776  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi        C:\Windows\system32\drivers\wmiacpi.sys
11:43:26.0098 2776  WmiAcpi - ok
11:43:26.0155 2776  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
11:43:26.0197 2776  wmiApSrv - ok
11:43:26.0344 2776  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc  C:\Program Files\Windows Media Player\wmpnetwk.exe
11:43:26.0417 2776  WMPNetworkSvc - ok
11:43:26.0466 2776  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
11:43:26.0515 2776  WPCSvc - ok
11:43:26.0561 2776  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
11:43:26.0652 2776  WPDBusEnum - ok
11:43:26.0695 2776  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
11:43:26.0770 2776  ws2ifsl - ok
11:43:26.0777 2776  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll
11:43:26.0817 2776  wscsvc - ok
11:43:26.0867 2776  [ 553F6CCD7C58EB98D4A8FBDAF283D7A9 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
11:43:26.0920 2776  WSDPrintDevice - ok
11:43:26.0950 2776  [ 7DC0270CFD4A05B4112E3EBBF083B595 ] WSDScan        C:\Windows\system32\DRIVERS\WSDScan.sys
11:43:26.0968 2776  WSDScan - ok
11:43:26.0972 2776  WSearch - ok
11:43:27.0076 2776  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
11:43:27.0155 2776  wuauserv - ok
11:43:27.0202 2776  [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
11:43:27.0233 2776  WudfPf - ok
11:43:27.0272 2776  [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
11:43:27.0322 2776  WUDFRd - ok
11:43:27.0353 2776  [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
11:43:27.0385 2776  wudfsvc - ok
11:43:27.0431 2776  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc        C:\Windows\System32\wwansvc.dll
11:43:27.0489 2776  WwanSvc - ok
11:43:27.0570 2776  [ 30B73EB97218A16CBC6DE535782A1B35 ] yukonw7        C:\Windows\system32\DRIVERS\yk62x86.sys
11:43:27.0627 2776  yukonw7 - ok
11:43:27.0687 2776  [ 69222091B6285906AFF82E43681CF826 ] yukonwlh        C:\Windows\system32\DRIVERS\yk60x86.sys
11:43:27.0737 2776  yukonwlh - ok
11:43:27.0784 2776  ================ Scan global ===============================
11:43:27.0835 2776  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
11:43:27.0889 2776  [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
11:43:27.0904 2776  [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
11:43:27.0947 2776  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
11:43:28.0002 2776  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
11:43:28.0012 2776  [Global] - ok
11:43:28.0013 2776  ================ Scan MBR ==================================
11:43:28.0033 2776  [ C31400769DEFC61154F08815BCB5E020 ] \Device\Harddisk0\DR0
11:43:28.0549 2776  \Device\Harddisk0\DR0 - ok
11:43:28.0550 2776  ================ Scan VBR ==================================
11:43:28.0557 2776  [ 465710F0D7AF1AB834D757B28275C005 ] \Device\Harddisk0\DR0\Partition1
11:43:28.0561 2776  \Device\Harddisk0\DR0\Partition1 - ok
11:43:28.0588 2776  [ DB4DED86AA6E4EA9F8F2A5F9D13F6010 ] \Device\Harddisk0\DR0\Partition2
11:43:28.0590 2776  \Device\Harddisk0\DR0\Partition2 - ok
11:43:28.0593 2776  ============================================================
11:43:28.0593 2776  Scan finished
11:43:28.0593 2776  ============================================================
11:43:28.0606 4492  Detected object count: 11
11:43:28.0606 4492  Actual detected object count: 11
11:44:02.0989 4492  CPUCooLServer ( UnsignedFile.Multi.Generic ) - skipped by user
11:44:02.0989 4492  CPUCooLServer ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:44:02.0990 4492  DgiVecp ( UnsignedFile.Multi.Generic ) - skipped by user
11:44:02.0990 4492  DgiVecp ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:44:02.0990 4492  DiskSec ( UnsignedFile.Multi.Generic ) - skipped by user
11:44:02.0990 4492  DiskSec ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:44:02.0991 4492  DOSMEMIO ( UnsignedFile.Multi.Generic ) - skipped by user
11:44:02.0991 4492  DOSMEMIO ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:44:02.0994 4492  EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user
11:44:02.0994 4492  EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:44:02.0996 4492  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
11:44:02.0996 4492  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:44:02.0997 4492  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
11:44:02.0997 4492  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:44:02.0998 4492  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
11:44:02.0998 4492  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:44:03.0000 4492  RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user
11:44:03.0000 4492  RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:44:03.0002 4492  Samsung Update Plus ( UnsignedFile.Multi.Generic ) - skipped by user
11:44:03.0002 4492  Samsung Update Plus ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:44:03.0006 4492  SSPORT ( UnsignedFile.Multi.Generic ) - skipped by user
11:44:03.0006 4492  SSPORT ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 11.09.2012 15:46
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

puntaara 12.09.2012 03:17
Hier das ComboFix-Log:

Code:
ComboFix 12-09-11.02 - *** 12.09.2012  11:45:52.1.2 - x86
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.2046.1181 [GMT 10:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Norton Internet Security Online *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security Online *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security Online *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\Roaming
c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini
c:\users\***\4.0
c:\windows\TEMP\jna3415689090984947409.dll
c:\windows\TEMP\jna738982221704005020.dll
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-08-12 bis 2012-09-12  ))))))))))))))))))))))))))))))
.
.
2012-09-12 01:57 . 2012-09-12 01:57        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-09-10 13:22 . 2012-09-10 13:22        --------        d-----w-        c:\program files\QuickTime
2012-09-09 22:39 . 2012-09-09 22:40        --------        d-----w-        c:\users\***\AppData\Roaming\hdbADS
2012-09-09 13:53 . 2012-09-09 23:21        --------        d-----w-        c:\program files\phase5
2012-09-09 13:52 . 2012-09-09 13:52        --------        d-----w-        c:\users\***\AppData\Roaming\Systemberatung Schommer
2012-09-09 03:17 . 2012-09-09 03:17        --------        d-----w-        C:\_OTL
2012-08-31 10:40 . 2012-08-31 10:40        --------        d-----w-        c:\program files\ESET
2012-08-30 09:06 . 2012-08-30 09:06        --------        d-----w-        c:\users\***\AppData\Roaming\Nokia Suite
2012-08-30 08:22 . 2012-06-27 05:18        19072        ----a-w-        c:\windows\system32\drivers\pccsmcfd.sys
2012-08-30 08:22 . 2012-08-30 08:22        --------        d-----w-        c:\program files\PC Connectivity Solution
2012-08-28 01:04 . 2012-08-28 01:04        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-08-28 01:04 . 2012-07-03 03:46        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-08-24 00:47 . 2012-08-24 00:47        --------        d-----w-        c:\program files\Microsoft Analysis Services
2012-08-23 00:19 . 2012-05-15 09:28        2561344        ----a-w-        c:\windows\system32\nvsvcr.dll
2012-08-23 00:19 . 2012-05-15 09:28        645440        ----a-w-        c:\windows\system32\nvvsvc.exe
2012-08-23 00:19 . 2012-05-15 09:28        62272        ----a-w-        c:\windows\system32\nvshext.dll
2012-08-23 00:19 . 2012-05-15 09:28        108352        ----a-w-        c:\windows\system32\nvmctray.dll
2012-08-23 00:19 . 2012-05-15 09:28        3931456        ----a-w-        c:\windows\system32\nvcpl.dll
2012-08-23 00:19 . 2012-05-15 09:27        2759488        ----a-w-        c:\windows\system32\nvsvc.dll
2012-08-23 00:18 . 2012-05-15 10:26        61248        ----a-w-        c:\windows\system32\OpenCL.dll
2012-08-23 00:18 . 2012-08-23 00:18        --------        d-----w-        c:\programdata\NVIDIA Corporation
2012-08-22 23:39 . 2012-05-15 10:26        883008        ----a-w-        c:\windows\system32\nvgenco32.dll
2012-08-22 23:39 . 2012-05-15 10:26        8105280        ----a-w-        c:\windows\system32\nvwgf2um.dll
2012-08-22 23:39 . 2012-05-15 10:26        5982528        ----a-w-        c:\windows\system32\nvcuda.dll
2012-08-22 23:39 . 2012-05-15 10:26        2524992        ----a-w-        c:\windows\system32\nvcuvid.dll
2012-08-22 23:39 . 2012-05-15 10:26        2445120        ----a-w-        c:\windows\system32\nvcuvenc.dll
2012-08-22 23:39 . 2012-05-15 10:26        2368832        ----a-w-        c:\windows\system32\nvapi.dll
2012-08-22 23:39 . 2012-05-15 10:26        19607872        ----a-w-        c:\windows\system32\nvoglv32.dll
2012-08-22 23:39 . 2012-05-15 10:26        17551680        ----a-w-        c:\windows\system32\nvcompiler.dll
2012-08-22 23:39 . 2012-05-15 10:26        15322432        ----a-w-        c:\windows\system32\nvd3dum.dll
2012-08-22 23:39 . 2012-05-15 10:26        11354944        ----a-w-        c:\windows\system32\drivers\nvlddmkm.sys
2012-08-22 23:39 . 2012-05-15 10:26        1000768        ----a-w-        c:\windows\system32\nvdispco32.dll
2012-08-15 16:51 . 2012-08-15 16:51        --------        d-----w-        c:\users\***\AppData\Local\e-academy Inc
2012-08-15 16:51 . 2012-08-15 16:51        --------        d-----w-        c:\users\***\AppData\Roaming\e-academy Inc
2012-08-15 00:56 . 2012-08-15 19:07        --------        d-----w-        c:\windows\system32\drivers\NIS\1308000.00E
2012-08-15 00:22 . 2012-07-06 19:23        393728        ----a-w-        c:\windows\system32\drivers\bthport.sys
2012-08-15 00:17 . 2012-02-11 05:37        317440        ----a-w-        c:\windows\system32\spoolsv.exe
2012-08-15 00:17 . 2012-05-05 07:46        400896        ----a-w-        c:\windows\system32\srcore.dll
2012-08-15 00:17 . 2012-07-04 21:14        41984        ----a-w-        c:\windows\system32\browcli.dll
2012-08-15 00:17 . 2012-07-04 21:14        102912        ----a-w-        c:\windows\system32\browser.dll
2012-08-15 00:16 . 2012-05-14 04:33        769024        ----a-w-        c:\windows\system32\localspl.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-26 22:15 . 2012-04-05 01:32        696520        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-08-26 22:15 . 2011-05-15 09:53        73416        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-18 17:47 . 2012-08-15 00:17        2345984        ----a-w-        c:\windows\system32\win32k.sys
2012-07-05 12:06 . 2012-08-12 15:38        772544        ----a-w-        c:\windows\system32\npDeployJava1.dll
2012-07-05 12:06 . 2010-12-01 11:22        687544        ----a-w-        c:\windows\system32\deployJava1.dll
2012-06-29 22:46 . 2012-08-09 12:02        81920        ----a-w-        c:\windows\system32\pdfcmon.dll
2012-06-29 00:09 . 2012-08-15 00:21        1129472        ----a-w-        c:\windows\system32\wininet.dll
2012-09-09 00:12 . 2012-09-09 00:12        266720        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaSuite.exe"="c:\program files\Nokia\Nokia Suite\NokiaSuite.exe" [2012-08-03 1086376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-12-13 11487848]
"MagicKeyboard"="c:\program files\SAMSUNG\MagicKBD\PreMKBD.exe" [2006-05-14 151552]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-27 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
backup=c:\windows\pss\BTTray.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-07-27 20:51        35768        ----a-w-        c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2010-07-25 16:08        2569616        ----a-w-        c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IJNetworkScanUtility]
2010-08-22 23:11        206240        ----a-w-        c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-07-03 03:46        462920        ----a-w-        c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2012-07-03 03:46        973488        ----a-w-        c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-11-10 00:54        4240760        ----a-w-        c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
2011-08-05 11:01        220552        ----a-w-        c:\program files\PDF24\pdf24.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 ADDMEM;ADDMEM;c:\users\***\AppData\Local\Temp\__Samsung_Update\ADDMEM.SYS [x]
R3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\CyberGhost VPN\CGVPNCliService.exe [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [x]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 DiskSec;Magix Volume Filter Driver; [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1308000.00E\SYMDS.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1308000.00E\SYMEFA.SYS [x]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120905.001\BHDrvx86.sys [x]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NIS\1308000.00E\ccSetx86.sys [x]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120911.001\IDSvix86.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1308000.00E\Ironx86.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NIS\1308000.00E\SYMNETS.SYS [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [x]
S2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\system32\DRIVERS\kmdfmemio.sys [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 ShellfireVPN2Service;ShellfireVPN2Service;c:\program files\ShellfireVPN\jre6\bin\java -classpath c:\program files\ShellfireVPN\ShellfireVPN2.exe [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 VMC302;Vimicro Camera Service VMC302;c:\windows\system32\Drivers\VMC302.sys [x]
S3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
S3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.spiegel.de/
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: add to &BOM - c:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\17f4qzsw.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.spiegel.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-GMX SMS-Manager - c:\program files\GMX\GMX SMS-Manager\SMSMngr.exe
MSConfigStartUp-NokiaOviSuite2 - c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
MSConfigStartUp-PC Suite Tray - c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
AddRemove-vShare.tv plugin - c:\program files\vShare.tv plugin\uninst.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\19.8.0.14\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ShellfireVPN2Service]
"ImagePath"="\"c:\program files\ShellfireVPN\jre6\bin\java\" \"-classpath\" \"c:\program files\ShellfireVPN\ShellfireVPN2.exe\" \"-Xrs\" \"-Dwrapper.service=true\" \"-Dwrapper.working.dir=c:\program files\ShellfireVPN\" \"-Dwrapper.config=c:\users\***\AppData\Roaming\ShellfireVPN\start.conf\" \"-Dwrapper.additional.1x=-Xrs\" \"-Dwrapper.stop.conf=c:\users\***\AppData\Roaming\ShellfireVPN\stop.conf\" \"org.rzo.yajsw.boot.WrapperServiceBooter\" "
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OOSAFEERASE02.07.00.01MSWINDOWS"="94FAAF35EAAEBE0D24AF713C27573F7D04EC34C1F75CE29BA5665444A1C0C8AADB32DAD087ADDF0A7E6B0D4BD70645A29828120BC03D2C29223EA03B32085B2B53D6461EBC5432F30452B68BEF1BC9B9137F31CE557A1B9D6DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98089DB7CE019D40AA5CFEBC9E127BECC74CBA7FD869164D6794DEB610F28445FCA8A767D61F60F40B794DA07ADED7563BC79613D174BFA2D4F44DBC580EB8EE12D1ED4F83B8D55CA521AF9D69EA80CB02A95624BE9736AF03CCD81919D79CE2DABFD30D0C1DD1104F3D4F9F8F7DA2B2505F5441B884069E5279CD05C21E63190504C106660AB483CD9FD25506E3F0191EA093FE9FBA4BB40FAEAD1F19323AB15375D77F5DC158CEF85E144CBBF390AD7A62CBD7A53E195D1CE62CE9B76BBF709D2E65A60E0C88AD3DD522FB748398C785E1E728549873A3EEDD334B08A086BA4F0DEF09EA3205811BA5BF3A466E18DD752008320856D6BB93165D0ECC32969DE734B29BB80482CB2530E2451B958F8F9360001BED88B07BA6D47BE19A7FE945F8871AB511D3A835859CB53D335C729B3B2BD6EC8C4362DADB2213D65A70EF86ACB4471162F7928BF8D518A4A0292C675FCBC7133A9FC1F9774B5C6447EC0BD73CA690CEEECA52BB4D8B9B664AE8187C865443E0A23A9919D5E24365F4E21454F6117FF1CBACE9DBE8B0864E6B0A8887C6976C8BC533A620E4BBE89745C4543A41E950E162FD52A3C37C538B92024159CF2D1A2BF72F1D16A571221EF2080CEC11EBF5E9F1A7F7ECE86A32B3A146FB6662F1D83F605722ABAFDE767D09A56DF2F21495398A123A3A793904BE5054E4485306E7A67B584EB1AD2723236A1C9F7785268863132DEC2E2A6C600A29AB9E3B0CCDBA299762B11EDAAE195B4AEB3D49FB265D60C46BD71143C990540BCE3DA00AF1F8EED9AACC0A8D9DFB58331CD65B9DDF538A2EC3B84E9F5E1442A7464A7EDE5D7D06B96917B4A96224B10036EDC4C5E1E1A1AFB03E76B1F79CDC881D42FA2EC058DD035B79FEA9AE9F61E0C67A41647CB2C900AF0DBCFBAA129185E395E43410CDCED541D1EE1CF52CC55D5F66ADFB47210929C5BCF817CD8D2ECE2DA92DBB045390A45F722FA37242A14C18918EA39B41CC88F6D828307BDDE9E691D8E7A61916C13900228D76A0071ADB07CF89871758E15050E1E9069286DB25ACEECEEA0E76E1AD6D1AFA5DC2D83B0B4DE56B661E5D7E065F4C016FB83DFE331DACBD90E606D672F9888D385DC6F1300990A01355803882B500D5D1516C361086C737376D0DEA4B7910807A39969272637F3E7626228974EB58752B8BB245901369DE0D2D074BCEC4463028E2C051500453F98940D8D45E1C260E0BD26353D7EAAEFD59"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(3428)
c:\windows\system32\btncopy.dll
c:\program files\WinSCP\DragExt.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\WLANExt.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\conhost.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\CPUCooL\CooLSrv.exe
c:\program files\Juniper Networks\Common Files\dsNcService.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\ShellfireVPN\jre6\bin\java.exe
c:\windows\system32\taskhost.exe
c:\program files\ShellfireVPN\jre6\bin\java.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-09-12  12:09:15 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-09-12 02:09
.
Vor Suchlauf: 18 Verzeichnis(se), 12.437.348.352 Bytes frei
Nach Suchlauf: 26 Verzeichnis(se), 12.332.908.544 Bytes frei
.
- - End Of File - - 3F1ECDCC53E5ECA9E112E9815A58DEF8

cosinus 12.09.2012 13:03
Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
Dirlook::
c:\users\***\AppData\Roaming\hdbADS
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

puntaara 12.09.2012 14:17
Code:
ComboFix 12-09-12.02 - *** 12.09.2012  22:50:19.2.2 - x86
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.2046.1174 [GMT 10:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\***\Desktop\CFScript.txt
AV: Norton Internet Security Online *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security Online *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security Online *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\TEMP\jna7557053347092806763.dll
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-08-12 bis 2012-09-12  ))))))))))))))))))))))))))))))
.
.
2012-09-12 13:01 . 2012-09-12 13:01        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-09-12 09:20 . 2012-09-12 09:20        --------        d-----w-        c:\users\***\AppData\Roaming\AnvSoft
2012-09-12 09:20 . 2012-09-12 09:20        --------        d-----w-        c:\program files\AnvSoft
2012-09-12 02:53 . 2012-09-12 02:53        --------        d-----w-        c:\program files\Common Files\Java
2012-09-12 02:52 . 2012-09-12 02:52        93672        ----a-w-        c:\windows\system32\WindowsAccessBridge.dll
2012-09-11 22:57 . 2012-08-22 17:16        712048        ----a-w-        c:\windows\system32\drivers\ndis.sys
2012-09-11 22:57 . 2012-07-04 19:45        33280        ----a-w-        c:\windows\system32\drivers\RNDISMP.sys
2012-09-11 22:57 . 2012-07-04 19:45        33280        ----a-w-        c:\windows\system32\drivers\rndismpx.sys
2012-09-11 22:57 . 2012-08-22 17:16        1292144        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2012-09-11 22:57 . 2012-08-22 17:16        240496        ----a-w-        c:\windows\system32\drivers\netio.sys
2012-09-11 22:57 . 2012-08-22 17:16        187760        ----a-w-        c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-11 22:56 . 2012-08-02 16:57        490496        ----a-w-        c:\windows\system32\d3d10level9.dll
2012-09-10 13:22 . 2012-09-10 13:22        --------        d-----w-        c:\program files\QuickTime
2012-09-09 22:39 . 2012-09-09 22:40        --------        d-----w-        c:\users\***\AppData\Roaming\hdbADS
2012-09-09 13:53 . 2012-09-09 23:21        --------        d-----w-        c:\program files\phase5
2012-09-09 13:52 . 2012-09-09 13:52        --------        d-----w-        c:\users\***\AppData\Roaming\Systemberatung Schommer
2012-09-09 03:17 . 2012-09-09 03:17        --------        d-----w-        C:\_OTL
2012-08-31 10:40 . 2012-08-31 10:40        --------        d-----w-        c:\program files\ESET
2012-08-30 09:06 . 2012-08-30 09:06        --------        d-----w-        c:\users\***\AppData\Roaming\Nokia Suite
2012-08-30 08:22 . 2012-06-27 05:18        19072        ----a-w-        c:\windows\system32\drivers\pccsmcfd.sys
2012-08-30 08:22 . 2012-08-30 08:22        --------        d-----w-        c:\program files\PC Connectivity Solution
2012-08-28 01:04 . 2012-08-28 01:04        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-08-28 01:04 . 2012-07-03 03:46        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-08-24 00:47 . 2012-08-24 00:47        --------        d-----w-        c:\program files\Microsoft Analysis Services
2012-08-23 00:19 . 2012-05-15 09:28        2561344        ----a-w-        c:\windows\system32\nvsvcr.dll
2012-08-23 00:19 . 2012-05-15 09:28        645440        ----a-w-        c:\windows\system32\nvvsvc.exe
2012-08-23 00:19 . 2012-05-15 09:28        62272        ----a-w-        c:\windows\system32\nvshext.dll
2012-08-23 00:19 . 2012-05-15 09:28        108352        ----a-w-        c:\windows\system32\nvmctray.dll
2012-08-23 00:19 . 2012-05-15 09:28        3931456        ----a-w-        c:\windows\system32\nvcpl.dll
2012-08-23 00:19 . 2012-05-15 09:27        2759488        ----a-w-        c:\windows\system32\nvsvc.dll
2012-08-23 00:18 . 2012-05-15 10:26        61248        ----a-w-        c:\windows\system32\OpenCL.dll
2012-08-23 00:18 . 2012-08-23 00:18        --------        d-----w-        c:\programdata\NVIDIA Corporation
2012-08-22 23:39 . 2012-05-15 10:26        883008        ----a-w-        c:\windows\system32\nvgenco32.dll
2012-08-22 23:39 . 2012-05-15 10:26        8105280        ----a-w-        c:\windows\system32\nvwgf2um.dll
2012-08-22 23:39 . 2012-05-15 10:26        5982528        ----a-w-        c:\windows\system32\nvcuda.dll
2012-08-22 23:39 . 2012-05-15 10:26        2524992        ----a-w-        c:\windows\system32\nvcuvid.dll
2012-08-22 23:39 . 2012-05-15 10:26        2445120        ----a-w-        c:\windows\system32\nvcuvenc.dll
2012-08-22 23:39 . 2012-05-15 10:26        2368832        ----a-w-        c:\windows\system32\nvapi.dll
2012-08-22 23:39 . 2012-05-15 10:26        19607872        ----a-w-        c:\windows\system32\nvoglv32.dll
2012-08-22 23:39 . 2012-05-15 10:26        17551680        ----a-w-        c:\windows\system32\nvcompiler.dll
2012-08-22 23:39 . 2012-05-15 10:26        15322432        ----a-w-        c:\windows\system32\nvd3dum.dll
2012-08-22 23:39 . 2012-05-15 10:26        11354944        ----a-w-        c:\windows\system32\drivers\nvlddmkm.sys
2012-08-22 23:39 . 2012-05-15 10:26        1000768        ----a-w-        c:\windows\system32\nvdispco32.dll
2012-08-15 16:51 . 2012-08-15 16:51        --------        d-----w-        c:\users\***\AppData\Local\e-academy Inc
2012-08-15 16:51 . 2012-08-15 16:51        --------        d-----w-        c:\users\***\AppData\Roaming\e-academy Inc
2012-08-15 00:56 . 2012-08-15 19:07        --------        d-----w-        c:\windows\system32\drivers\NIS\1308000.00E
2012-08-15 00:22 . 2012-07-06 19:23        393728        ----a-w-        c:\windows\system32\drivers\bthport.sys
2012-08-15 00:17 . 2012-02-11 05:43        492032        ----a-w-        c:\windows\system32\win32spl.dll
2012-08-15 00:17 . 2012-02-11 05:37        317440        ----a-w-        c:\windows\system32\spoolsv.exe
2012-08-15 00:17 . 2012-07-18 17:47        2345984        ----a-w-        c:\windows\system32\win32k.sys
2012-08-15 00:17 . 2012-05-05 07:46        400896        ----a-w-        c:\windows\system32\srcore.dll
2012-08-15 00:17 . 2012-07-04 21:14        41984        ----a-w-        c:\windows\system32\browcli.dll
2012-08-15 00:17 . 2012-07-04 21:14        102912        ----a-w-        c:\windows\system32\browser.dll
2012-08-15 00:16 . 2012-05-14 04:33        769024        ----a-w-        c:\windows\system32\localspl.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-12 02:52 . 2012-08-12 15:38        821736        ----a-w-        c:\windows\system32\npDeployJava1.dll
2012-09-12 02:52 . 2010-12-01 11:22        746984        ----a-w-        c:\windows\system32\deployJava1.dll
2012-08-26 22:15 . 2012-04-05 01:32        696520        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-08-26 22:15 . 2011-05-15 09:53        73416        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-29 22:46 . 2012-08-09 12:02        81920        ----a-w-        c:\windows\system32\pdfcmon.dll
2012-09-09 00:12 . 2012-09-09 00:12        266720        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((((((((((  Look  )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\users\***\AppData\Roaming\hdbADS ----
.
2012-09-09 22:40 . 2012-09-12 12:36        130        ----a-w-        c:\users\***\AppData\Roaming\hdbADS\hdbADS.ini
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaSuite.exe"="c:\program files\Nokia\Nokia Suite\NokiaSuite.exe" [2012-08-03 1086376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-12-13 11487848]
"MagicKeyboard"="c:\program files\SAMSUNG\MagicKBD\PreMKBD.exe" [2006-05-14 151552]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-02 252848]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-27 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
backup=c:\windows\pss\BTTray.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-07-27 20:51        35768        ----a-w-        c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2010-07-25 16:08        2569616        ----a-w-        c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IJNetworkScanUtility]
2010-08-22 23:11        206240        ----a-w-        c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-07-03 03:46        462920        ----a-w-        c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2012-07-03 03:46        973488        ----a-w-        c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-11-10 00:54        4240760        ----a-w-        c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
2011-08-05 11:01        220552        ----a-w-        c:\program files\PDF24\pdf24.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 ADDMEM;ADDMEM;c:\users\***\AppData\Local\Temp\__Samsung_Update\ADDMEM.SYS [x]
R3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\CyberGhost VPN\CGVPNCliService.exe [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [x]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 DiskSec;Magix Volume Filter Driver; [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1308000.00E\SYMDS.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1308000.00E\SYMEFA.SYS [x]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120905.001\BHDrvx86.sys [x]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NIS\1308000.00E\ccSetx86.sys [x]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120911.001\IDSvix86.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1308000.00E\Ironx86.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NIS\1308000.00E\SYMNETS.SYS [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [x]
S2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\system32\DRIVERS\kmdfmemio.sys [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 ShellfireVPN2Service;ShellfireVPN2Service;c:\program files\ShellfireVPN\jre6\bin\java -classpath c:\program files\ShellfireVPN\ShellfireVPN2.exe [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 VMC302;Vimicro Camera Service VMC302;c:\windows\system32\Drivers\VMC302.sys [x]
S3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
S3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.spiegel.de/
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: add to &BOM - c:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\17f4qzsw.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.spiegel.de/
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\19.8.0.14\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ShellfireVPN2Service]
"ImagePath"="\"c:\program files\ShellfireVPN\jre6\bin\java\" \"-classpath\" \"c:\program files\ShellfireVPN\ShellfireVPN2.exe\" \"-Xrs\" \"-Dwrapper.service=true\" \"-Dwrapper.working.dir=c:\program files\ShellfireVPN\" \"-Dwrapper.config=c:\users\***\AppData\Roaming\ShellfireVPN\start.conf\" \"-Dwrapper.additional.1x=-Xrs\" \"-Dwrapper.stop.conf=c:\users\***\AppData\Roaming\ShellfireVPN\stop.conf\" \"org.rzo.yajsw.boot.WrapperServiceBooter\" "
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OOSAFEERASE02.07.00.01MSWINDOWS"="94FAAF35EAAEBE0D24AF713C27573F7D04EC34C1F75CE29BA5665444A1C0C8AADB32DAD087ADDF0A7E6B0D4BD70645A29828120BC03D2C29223EA03B32085B2B53D6461EBC5432F30452B68BEF1BC9B9137F31CE557A1B9D6DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98089DB7CE019D40AA5CFEBC9E127BECC74CBA7FD869164D6794DEB610F28445FCA8A767D61F60F40B794DA07ADED7563BC79613D174BFA2D4F44DBC580EB8EE12D1ED4F83B8D55CA521AF9D69EA80CB02A95624BE9736AF03CCD81919D79CE2DABFD30D0C1DD1104F3D4F9F8F7DA2B2505F5441B884069E5279CD05C21E63190504C106660AB483CD9FD25506E3F0191EA093FE9FBA4BB40FAEAD1F19323AB15375D77F5DC158CEF85E144CBBF390AD7A62CBD7A53E195D1CE62CE9B76BBF709D2E65A60E0C88AD3DD522FB748398C785E1E728549873A3EEDD334B08A086BA4F0DEF09EA3205811BA5BF3A466E18DD752008320856D6BB93165D0ECC32969DE734B29BB80482CB2530E2451B958F8F9360001BED88B07BA6D47BE19A7FE945F8871AB511D3A835859CB53D335C729B3B2BD6EC8C4362DADB2213D65A70EF86ACB4471162F7928BF8D518A4A0292C675FCBC7133A9FC1F9774B5C6447EC0BD73CA690CEEECA52BB4D8B9B664AE8187C865443E0A23A9919D5E24365F4E21454F6117FF1CBACE9DBE8B0864E6B0A8887C6976C8BC533A620E4BBE89745C4543A41E950E162FD52A3C37C538B92024159CF2D1A2BF72F1D16A571221EF2080CEC11EBF5E9F1A7F7ECE86A32B3A146FB6662F1D83F605722ABAFDE767D09A56DF2F21495398A123A3A793904BE5054E4485306E7A67B584EB1AD2723236A1C9F7785268863132DEC2E2A6C600A29AB9E3B0CCDBA299762B11EDAAE195B4AEB3D49FB265D60C46BD71143C990540BCE3DA00AF1F8EED9AACC0A8D9DFB58331CD65B9DDF538A2EC3B84E9F5E1442A7464A7EDE5D7D06B96917B4A96224B10036EDC4C5E1E1A1AFB03E76B1F79CDC881D42FA2EC058DD035B79FEA9AE9F61E0C67A41647CB2C900AF0DBCFBAA129185E395E43410CDCED541D1EE1CF52CC55D5F66ADFB47210929C5BCF817CD8D2ECE2DA92DBB045390A45F722FA37242A14C18918EA39B41CC88F6D828307BDDE9E691D8E7A61916C13900228D76A0071ADB07CF89871758E15050E1E9069286DB25ACEECEEA0E76E1AD6D1AFA5DC2D83B0B4DE56B661E5D7E065F4C016FB83DFE331DACBD90E606D672F9888D385DC6F1300990A01355803882B500D5D1516C361086C737376D0DEA4B7910807A39969272637F3E7626228974EB58752B8BB245901369DE0D2D074BCEC4463028E2C051500453F98940D8D45E1C260E0BD26353D7EAAEFD59"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(5676)
c:\windows\system32\btncopy.dll
c:\program files\WinSCP\DragExt.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\CPUCooL\CooLSrv.exe
c:\program files\Juniper Networks\Common Files\dsNcService.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\ShellfireVPN\jre6\bin\java.exe
c:\program files\ShellfireVPN\jre6\bin\java.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conhost.exe
c:\program files\SamSung\MagicKBD\MagicKBD.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\PrintIsolationHost.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-09-12  23:12:07 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-09-12 13:12
ComboFix2.txt  2012-09-12 02:09
.
Vor Suchlauf: 24 Verzeichnis(se), 12.452.995.072 Bytes frei
Nach Suchlauf: 26 Verzeichnis(se), 12.401.577.984 Bytes frei
.
- - End Of File - - B4EF3E188C65EA161AC1CB73B052FCF3

cosinus 12.09.2012 15:19
Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

puntaara 14.09.2012 05:26
GMER ist mir mehrfach abgestürzt, hab leider keinenen kompletten Scan hinbekommen, daher kein Log.

OSAM hat funktioniert, Log siehe unten.

aswMBR ist auch abgestürzt, mit der Option AV Scan: (none) hat es aber geklappt, Log siehe unten.

Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 12:00:01 on 14.09.2012

OS: Windows 7  Service Pack 1 (Build 7601), 32-bit
Default Browser: Mozilla Corporation Firefox 15.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"iPROSet.cpl" - "Intel Corporation" - C:\Windows\system32\iPROSet.cpl
"MagicKBD.cpl" - "SAMSUNG Electronics Co., Ltd." - C:\Windows\system32\MagicKBD.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"PROSet Tools" - "Intel Corporation" - C:\Windows\System32\iPROSet.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ADDMEM" (ADDMEM) - ? - C:\Users\***\AppData\Local\Temp\__Samsung_Update\ADDMEM.SYS  (File not found)
"BHDrvx86" (BHDrvx86) - "Symantec Corporation" - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120905.001\BHDrvx86.sys
"catchme" (catchme) - ? - C:\Users\***\AppData\Local\Temp\catchme.sys  (File not found)
"cpuz132" (cpuz132) - ? - C:\Users\***\AppData\Local\Temp\cpuz132\cpuz132_x32.sys  (File not found)
"DgiVecp" (DgiVecp) - "Samsung Electronics Co., Ltd." - C:\Windows\system32\Drivers\DgiVecp.sys
"DiskSec" (DiskSec) - "MAGIX" - C:\Windows\system32\drivers\DiskSec.sys
"EraserUtilRebootDrv" (EraserUtilRebootDrv) - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
"IDSVix86" (IDSVix86) - "Symantec Corporation" - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120912.001\IDSvix86.sys
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"MEMIO" (DOSMEMIO) - ? - C:\Windows\system32\MEMIO.SYS  (File found, but it contains no detailed information)
"NAVENG" (NAVENG) - "Symantec Corporation" - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120913.002\NAVENG.SYS
"NAVEX15" (NAVEX15) - "Symantec Corporation" - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120913.002\NAVEX15.SYS
"Norton Internet Security Settings Manager" (ccSet_NIS) - "Symantec Corporation" - C:\Windows\system32\drivers\NIS\1308000.00E\ccSetx86.sys
"ntiopnp" (ntiopnp) - ? - C:\Windows\system32\drivers\ntiopnp.sys
"SSPORT" (SSPORT) - "Samsung Electronics" - C:\Windows\system32\Drivers\SSPORT.sys
"Symantec Data Store" (SymDS) - "Symantec Corporation" - C:\Windows\System32\drivers\NIS\1308000.00E\SYMDS.SYS
"Symantec Eraser Control driver" (eeCtrl) - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
"Symantec Extended File Attributes" (SymEFA) - "Symantec Corporation" - C:\Windows\System32\drivers\NIS\1308000.00E\SYMEFA.SYS
"Symantec Iron Driver" (SymIRON) - "Symantec Corporation" - C:\Windows\system32\drivers\NIS\1308000.00E\Ironx86.SYS
"Symantec Network Security WFP Driver" (SymNetS) - "Symantec Corporation" - C:\Windows\System32\Drivers\NIS\1308000.00E\SYMNETS.SYS
"Symantec Real Time Storage Protection" (SRTSP) - "Symantec Corporation" - C:\Windows\System32\Drivers\NIS\1308000.00E\SRTSP.SYS
"Symantec Real Time Storage Protection (PEL)" (SRTSPX) - "Symantec Corporation" - C:\Windows\system32\drivers\NIS\1308000.00E\SRTSPX.SYS
"SymEvent" (SymEvent) - "Symantec Corporation" - C:\Windows\system32\Drivers\SYMEVENT.SYS

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\Program Files\Windows Live\Messenger\msgrapp.dll
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Messenger\msgrapp.dll
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\Display\nvui.dll
{7CCA70DB-DE7A-4FB7-9B2B-52E2335A3B5A} "Enterprise-Projekte" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\NAMEEXT.DLL
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Windows\system32\btncopy.dll
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "Norton Toolbar" - "Symantec Corporation" - C:\Program Files\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} "Java Plug-in 1.7.0_05" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 10.7.2" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
{F27237D7-93C8-44C2-AC6E-D6057B9A918F} "JuniperSetupClientControl Class" - "Juniper Networks" - C:\Windows\Downloaded Program Files\JuniperSetupClient.ocx / https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} "QuickTime Plugin Control" - "Apple Inc." - C:\Program Files\QuickTime\QTPlugin.ocx / hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash32_11_2_202_235.ocx / hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "{8AD9C840-044E-11D1-B3E9-00805F499D93}" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
"ICQ7.2" - "ICQ, LLC." - C:\Program Files\ICQ7.2\ICQ.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} "Norton Toolbar" - "Symantec Corporation" - C:\Program Files\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\ssv.dll
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} "Norton Identity Protection" - "Symantec Corporation" - C:\Program Files\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll
{6D53EC84-6AAE-4787-AEEE-F4628F01010C} "Norton Vulnerability Protection" - "Symantec Corporation" - C:\Program Files\Norton Internet Security\Engine\19.8.0.14\IPS\IPSBHO.DLL
{B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"NokiaSuite.exe" - "Nokia" - C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"MagicKeyboard" - ? - C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Canon BJNP Port" - "CANON INC." - C:\Windows\system32\CNMNPPM.DLL
"EPSON V6 2KMonitor" - "SEIKO EPSON CORPORATION" - C:\Windows\system32\EBPMON24.DLL
"GMX Fax Monitor" - "GMX GmbH" - C:\Windows\system32\UIGMXMON.DLL
"HP Universal Print Monitor" - "Hewlett-Packard" - C:\Windows\system32\HPMPW081.DLL
"HPPMOPJL" - "Hewlett-Packard Company" - C:\Windows\system32\hppmopjl.dll
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll
"pdfcmon" - "pdfforge GbR" - C:\Windows\system32\pdfcmon.dll
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll
"SSGR3 Langmon" - ? - C:\Windows\system32\SSGR3l3.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"CPUCooLServer Service" (CPUCooLServer) - ? - C:\Program Files\CPUCooL\CooLSrv.exe  (File found, but it contains no detailed information)
"CyberGhost VPN Client" (CGVPNCliSrvc) - "mobile concepts GmbH" - C:\Program Files\CyberGhost VPN\CGVPNCliService.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
"Intel(R) PROSet/Wireless Event Log" (EvtEng) - "Intel Corporation" - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
"Intel(R) PROSet/Wireless Registry Service" (RegSrvc) - "Intel Corporation" - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
"Juniper Network Connect Service" (dsNcService) - "Juniper Networks" - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
"Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll
"Norton Internet Security" (NIS) - "Symantec Corporation" - C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll
"SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
"ServiceLayer" (ServiceLayer) - "Nokia" - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
"ShellfireVPN2Service" (ShellfireVPN2Service) - "Sun Microsystems, Inc." - C:\Program Files\ShellfireVPN\jre6\bin\java.exe
"Skype C2C Service" (Skype C2C Service) - "Skype Technologies S.A." - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
"Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files\Skype\Updater\Updater.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll
"WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
"WindowsLive NSP" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-14 13:26:42
-----------------------------
13:26:42.459    OS Version: Windows 6.1.7601 Service Pack 1
13:26:42.459    Number of processors: 2 586 0xF0A
13:26:42.461    ComputerName: ***-PC  UserName: ***
13:26:45.848    Initialize success
13:26:57.171    AVAST engine defs: 12091301
13:27:03.111    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:27:03.118    Disk 0 Vendor: TOSHIBA_MK2035GSS DK022A Size: 190782MB BusType: 3
13:27:03.214    Disk 0 MBR read successfully
13:27:03.222    Disk 0 MBR scan
13:27:03.261    Disk 0 unknown MBR code
13:27:03.294    Disk 0 Partition 1 00    27 Hidden NTFS WinRE NTFS        10240 MB offset 2048
13:27:03.411    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        90429 MB offset 20973568
13:27:03.454    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS        90111 MB offset 206172160
13:27:03.479    Disk 0 scanning sectors +390719488
13:27:03.900    Disk 0 scanning C:\Windows\system32\drivers
13:27:39.922    Service scanning
13:29:02.219    Modules scanning
13:30:04.402    Disk 0 trace - called modules:
13:30:04.428    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
13:30:04.434    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86660030]
13:30:04.440    3 CLASSPNP.SYS[8a39859e] -> nt!IofCallDriver -> [0x861c3918]
13:30:04.447    5 ACPI.sys[842263d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x858d1610]
13:30:04.453    Scan finished successfully
14:18:36.465    Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
14:18:36.481    The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt"

cosinus 14.09.2012 14:53
Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.

Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar.
Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast

Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Anschließend Windows neu starten und ein neues Log mit aswMBR machen.

puntaara 16.09.2012 12:23
Habe dem MBR-Fix durchgeführt und nach Neustart einen neuen Scan gemacht. Zunächst ist das Tool wieder abgestürzt und ich habe es wieder mit der AV: (none) - Option ausgeführt:

Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-14 13:26:42
-----------------------------
13:26:42.459    OS Version: Windows 6.1.7601 Service Pack 1
13:26:42.459    Number of processors: 2 586 0xF0A
13:26:42.461    ComputerName: ******-PC  UserName: ***
13:26:45.848    Initialize success
13:26:57.171    AVAST engine defs: 12091301
13:27:03.111    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:27:03.118    Disk 0 Vendor: TOSHIBA_MK2035GSS DK022A Size: 190782MB BusType: 3
13:27:03.214    Disk 0 MBR read successfully
13:27:03.222    Disk 0 MBR scan
13:27:03.261    Disk 0 unknown MBR code
13:27:03.294    Disk 0 Partition 1 00    27 Hidden NTFS WinRE NTFS        10240 MB offset 2048
13:27:03.411    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        90429 MB offset 20973568
13:27:03.454    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS        90111 MB offset 206172160
13:27:03.479    Disk 0 scanning sectors +390719488
13:27:03.900    Disk 0 scanning C:\Windows\system32\drivers
13:27:39.922    Service scanning
13:29:02.219    Modules scanning
13:30:04.402    Disk 0 trace - called modules:
13:30:04.428    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
13:30:04.434    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86660030]
13:30:04.440    3 CLASSPNP.SYS[8a39859e] -> nt!IofCallDriver -> [0x861c3918]
13:30:04.447    5 ACPI.sys[842263d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x858d1610]
13:30:04.453    Scan finished successfully
14:18:36.465    Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
14:18:36.481    The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-16 20:29:57
-----------------------------
20:29:57.619    OS Version: Windows 6.1.7601 Service Pack 1
20:29:57.619    Number of processors: 2 586 0xF0A
20:29:57.621    ComputerName: ******-PC  UserName: ***
20:29:58.690    Initialize success
20:32:35.761    AVAST engine defs: 12091400
20:32:45.301    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:32:45.307    Disk 0 Vendor: TOSHIBA_MK2035GSS DK022A Size: 190782MB BusType: 3
20:32:45.346    Disk 0 MBR read successfully
20:32:45.352    Disk 0 MBR scan
20:32:45.364    Disk 0 Windows 7 default MBR code
20:32:45.384    Disk 0 Partition 1 00    27 Hidden NTFS WinRE NTFS        10240 MB offset 2048
20:32:45.415    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        90429 MB offset 20973568
20:32:45.443    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS        90111 MB offset 206172160
20:32:45.460    Disk 0 scanning sectors +390719488
20:32:45.554    Disk 0 scanning C:\Windows\system32\drivers
20:33:01.737    Service scanning
20:33:49.461    Modules scanning
20:34:08.236    Disk 0 trace - called modules:
20:34:08.260    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
20:34:08.270    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8665d030]
20:34:08.279    3 CLASSPNP.SYS[8a3b159e] -> nt!IofCallDriver -> [0x8619f918]
20:34:08.287    5 ACPI.sys[8423f3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x861ad030]
20:34:08.295    Scan finished successfully
20:34:28.310    Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
20:34:28.343    The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt"

cosinus 16.09.2012 18:41
Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

puntaara 18.09.2012 07:04
Habe die Scans ausgeführt (s. unten). Malwarebytes hatte keine Funde, Superantispyware hat aber 2 Funde gemeldet :eek:

Code:
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.16.13

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
*** :: *** [Administrator]

17.09.2012 10:49:11
mbam-log-2012-09-17 (10-49-11).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 435748
Laufzeit: 3 Stunde(n), 52 Minute(n),

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 09/18/2012 at 02:51 PM

Application Version : 5.5.1016

Core Rules Database Version : 9236
Trace Rules Database Version: 7048

Scan type      : Complete Scan
Total Scan Time : 04:52:22

Operating System Information
Windows 7 Professional 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 713
Memory threats detected  : 0
Registry items scanned    : 36476
Registry threats detected : 0
File items scanned        : 216100
File threats detected    : 3

Trojan.Agent/Gen-Yoddos
        C:\PROGRAM FILES\WINRAR\DEFAULT.SFX

Trojan.Agent/Gen-Toggle
        C:\USERS\***\DOWNLOADS\INSTALLER_SUNBIRD_GERMAN.EXE

Adware.Tracking Cookie
        adserv.quality-channel.de [ C:\USERS\***\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NAGCRSGT ]

cosinus 19.09.2012 11:22
Nur ein Cookie und offensichtlich zwei Fehlalarme.

Code:
UAC On - Limited User
Wie hast du sasw gestartet? Einfach per Doppelklick?

puntaara 20.09.2012 04:55
Dachte eigentlich, ich hätte es als Administrator ausgeführt. Sicherheitshalber habe ich den Scan nochmal als Administrator gestartet - allerdings wieder mit dem gleichen Ergebnis "Limited User". Woran kann das liegen?

Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 09/20/2012 at 04:51 AM

Application Version : 5.5.1016

Core Rules Database Version : 9252
Trace Rules Database Version: 7064

Scan type      : Complete Scan
Total Scan Time : 04:00:16

Operating System Information
Windows 7 Professional 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 749
Memory threats detected  : 0
Registry items scanned    : 36479
Registry threats detected : 0
File items scanned        : 216418
File threats detected    : 3

Trojan.Agent/Gen-Yoddos
        C:\PROGRAM FILES\WINRAR\DEFAULT.SFX

Trojan.Agent/Gen-Toggle
        C:\USERS\***\DOWNLOADS\INSTALLER_SUNBIRD_GERMAN.EXE

Adware.Tracking Cookie
        adserv.quality-channel.de [ C:\USERS\***\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NAGCRSGT ]

cosinus 20.09.2012 14:47
Sieht ok aus, nur Fehlalarme und Cookies
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )


Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

puntaara 23.09.2012 10:32
Mein System läuft wieder rund, habe momentan keinerlei Probleme und auch keine Funde mehr.

Danke für den Tipps mit den Cookies, da werde ich mich mal einlesen.

cosinus 23.09.2012 17:18
Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen:

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.


Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.


Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks => Adobe Flash Player Distribution | Adobe

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

puntaara 24.09.2012 06:49
Super, dann danke ich dir vielmals für deine Hilfe :abklatsch:

Habe sämtliche Updates ausgeführt (u.a. auch mit Secunia) und bin jetzt auf dem neuesten Stand. Auch der Pdf Xchange Viewer befindet sich ab sofort in der Testphase :)

Also, vielen Dank nochmal :dankeschoen:


Alle Zeitangaben in WEZ +1. Es ist jetzt 22:00 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131