Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Security Shield Befall (https://www.trojaner-board.de/123187-security-shield-befall.html)

Seprom 31.08.2012 17:00
Security Shield Befall
 
Hallo zusammen,

ich habe mir wohl gestern Abend, durch einen Klick auf einen Suchvorschlag von Google, "My Security Shield" via Drive-by-Installation eingefangen. :headbang: Zumindest glichen die Symptome den hier (http://www.trojaner-board.de/119340-...d-inaktiv.html) und hier (http://www.trojaner-board.de/89160-m...entfernen.html) beschriebenen.

Ich habe dann auch, nach mehrmaligem Neustart, eine exe-Datei im Verzeichnis "C:\Users\Roman\AppData\Local" gefunden, die just zu dieser Zeit erstellt wurde (die Datei: prdvjrqga.exe). Diese habe ich dann mit einem vorgestellten Unterstrich versehen um ein Aufrufen zu verhindern/erschweren. Daraufhin waren die Pop-ups unterbunden und ich habe Malwarebytes neu installiert und einen vollen Scan durchgeführt.

Code:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.30.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19298
Roman :: 6720S-RV [Administrator]

31.08.2012 00:12:31
mbam-log-2012-08-31 (00-12-31).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 375979
Laufzeit: 3 Stunde(n), 17 Minute(n), 37 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Ich habe jetzt noch, wie empfohlen, OTL runtergeladen und einen Quickscan gemacht. Hier die logs:

Code:
OTL logfile created on: 31.08.2012 17:12:22 - Run 1
OTL by OldTimer - Version 3.2.59.1    Folder = C:\Users\Roman\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19298)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,21 Gb Available Physical Memory | 60,97% Memory free
4,22 Gb Paging File | 2,95 Gb Available in Paging File | 69,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 102,28 Gb Total Space | 23,72 Gb Free Space | 23,19% Space Free | Partition Type: NTFS
Drive E: | 1,55 Gb Total Space | 1,32 Gb Free Space | 84,89% Space Free | Partition Type: NTFS
Drive F: | 7,95 Gb Total Space | 0,98 Gb Free Space | 12,34% Space Free | Partition Type: NTFS
 
Computer Name: 6720S-RV | User Name: Roman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.08.31 17:10:36 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Roman\Downloads\OTL.exe
PRC - [2012.08.08 13:06:44 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.16 16:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Roman\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.05.08 19:57:03 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 19:57:02 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 19:57:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010.12.10 19:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2010.12.10 19:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2010.08.19 10:52:14 | 000,241,664 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2010.08.19 10:52:04 | 000,229,376 | ---- | M] () -- C:\ProgramData\DatacardService\DCService.exe
PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.03.18 17:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2008.01.19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007.06.06 15:34:02 | 000,715,912 | ---- | M] () -- C:\Windows\SMINST\Scheduler.exe
PRC - [2007.03.29 13:11:50 | 000,719,664 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007.02.06 08:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
PRC - [2007.01.09 16:52:36 | 000,145,184 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
PRC - [2007.01.04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009.07.02 00:46:06 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
MOD - [2007.08.24 14:28:04 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
MOD - [2007.06.08 10:05:38 | 000,274,432 | ---- | M] () -- C:\Windows\System32\flcdlmsg.dll
MOD - [2007.06.06 15:34:02 | 000,715,912 | ---- | M] () -- C:\Windows\SMINST\Scheduler.exe
MOD - [2007.03.29 13:02:48 | 000,126,976 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2007.03.29 12:42:38 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll
MOD - [2007.02.15 17:37:00 | 000,446,464 | ---- | M] () -- C:\Windows\SMINST\naspp.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.08.31 01:20:03 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.08.22 20:22:59 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.16 16:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.07.03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.08 19:57:03 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 19:57:02 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010.12.10 19:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2010.12.10 19:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ)
SRV - [2010.12.10 19:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2010.12.10 19:29:30 | 000,044,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2010.08.19 10:52:04 | 000,229,376 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\DCService.exe -- (DCService.exe)
SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008.03.18 17:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007.06.08 10:06:42 | 000,172,131 | R--- | M] (Hewlett-Packard Ltd) [On_Demand | Stopped] -- C:\Windows\System32\flcdlock.exe -- (FLCDLOCK)
SRV - [2007.03.05 11:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
SRV - [2007.02.06 08:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2007.01.04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.05.08 19:57:03 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 19:57:03 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.19 17:56:15 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.08.27 13:53:46 | 000,116,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2010.08.07 17:48:42 | 000,106,880 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010.07.27 15:25:48 | 000,072,832 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2010.07.27 09:52:02 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2010.07.27 08:14:58 | 006,842,464 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2010.07.27 08:12:50 | 000,282,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2010.07.27 08:12:26 | 000,114,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2010.06.17 16:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.03.11 11:17:14 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV - [2009.08.24 10:14:30 | 000,044,544 | ---- | M] (AzureWave Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\azvusb.sys -- (azvusb)
DRV - [2008.12.05 07:55:40 | 000,217,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2008.11.21 21:53:40 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008.11.17 16:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008.10.09 16:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008.03.29 17:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007.10.12 03:00:44 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007.10.12 02:56:22 | 000,490,776 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928)
DRV - [2007.09.14 17:42:04 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007.06.18 16:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007.06.08 09:49:46 | 000,030,008 | R--- | M] (Hewlett-Packard Development Company L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DAMDrv.sys -- (DAMDrv)
DRV - [2007.01.29 20:20:04 | 000,361,728 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2007.01.29 20:19:48 | 000,039,680 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2007.01.18 17:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006.11.02 09:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006.11.02 03:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006.06.28 11:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=74&bd=smb&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=74&bd=smb&pf=laptop
IE - HKLM\..\SearchScopes,DefaultScope = {2B837857-67A1-4C72-9DB1-2D2A378C9A78}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{2B837857-67A1-4C72-9DB1-2D2A378C9A78}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcmnbie7-de-de
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {D60D28A7-939B-4DA6-A7F2-7FD457008A6B}
IE - HKCU\..\SearchScopes\{0579B8E0-5480-4051-A82C-8636BF5C2F2B}: "URL" = hxxp://search.ebay.de/search/search.dll?satitle={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{169537B5-61AE-469C-BB97-83FD10990702}: "URL" = hxxp://www.amazon.de/gp/search?search-alias=aps&field-keywords={searchTerms}
IE - HKCU\..\SearchScopes\{2B837857-67A1-4C72-9DB1-2D2A378C9A78}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcmnbie7-de-de
IE - HKCU\..\SearchScopes\{4C6E59F8-C3A3-48C7-AA8E-C321635D00E4}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms}
IE - HKCU\..\SearchScopes\{6247DA3A-9DCB-4910-A6D3-9BB1D862BB58}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}
IE - HKCU\..\SearchScopes\{D60D28A7-939B-4DA6-A7F2-7FD457008A6B}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npdeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Roman\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Roman\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Roman\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Roman\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.03.05 14:29:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2011.01.06 15:43:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.31 01:20:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.06 16:06:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2011.01.06 15:43:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.31 01:20:05 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.06 16:06:04 | 000,000,000 | ---D | M]
 
[2012.04.18 13:36:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Roman\AppData\Roaming\mozilla\Extensions
[2012.08.30 17:06:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Roman\AppData\Roaming\mozilla\Firefox\Profiles\m4f927su.default\extensions
[2012.04.18 13:59:15 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Roman\AppData\Roaming\mozilla\Firefox\Profiles\m4f927su.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2012.04.18 13:59:34 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\Roman\AppData\Roaming\mozilla\Firefox\Profiles\m4f927su.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2012.04.18 14:10:35 | 000,001,692 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\m4f927su.default\searchplugins\alle-preise---guenstigerde.xml
[2012.08.19 20:32:45 | 000,012,703 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\m4f927su.default\searchplugins\imdb.xml
[2012.04.18 14:06:26 | 000,002,322 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\m4f927su.default\searchplugins\openthesaurus.xml
[2012.04.18 14:02:19 | 000,002,006 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\m4f927su.default\searchplugins\urban-dictionary.xml
[2012.04.18 14:02:41 | 000,001,330 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\m4f927su.default\searchplugins\wikipedia-en.xml
[2012.04.18 14:02:55 | 000,002,446 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\m4f927su.default\searchplugins\wiktionary-de.xml
[2012.04.18 14:01:58 | 000,001,997 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\m4f927su.default\searchplugins\wolframalpha.xml
[2012.04.22 21:15:19 | 000,002,057 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\m4f927su.default\searchplugins\youtube-videosuche.xml
[2012.08.06 16:18:31 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.08.31 01:20:04 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.07.14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.31 01:20:01 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.07.14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&output=chrome&hl={language}&q={searchTerms}
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1            localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [ST Recovery Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O4 - Startup: C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Roman\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1AE68D5B-3AD6-42B3-A1A7-304EE002046D}: DhcpNameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3992FE55-F80B-4794-AA86-7FF9206DA54C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62E1A4B8-18E1-400D-85B6-74F40BA9D696}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B6863DED-BCB9-4047-820F-43F1C596DE39}: DhcpNameServer = 193.189.244.225 193.189.244.206
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\Windows\System32\DeviceNP.dll (Hewlett-Packard Limited)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - Unable to obtain root file information for disk F:\
O33 - MountPoints2\{034c157c-b0f4-11de-9a1b-001f2991aeb0}\Shell\AutoRun\command - "" = H:\SamsungSoftware\APPInst.exe
O33 - MountPoints2\{4ab35dfd-fcaf-11e0-ac37-001f3c5d8866}\Shell - "" = AutoRun
O33 - MountPoints2\{4ab35dfd-fcaf-11e0-ac37-001f3c5d8866}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{4ab35e48-fcaf-11e0-ac37-001e101f2b52}\Shell - "" = AutoRun
O33 - MountPoints2\{4ab35e48-fcaf-11e0-ac37-001e101f2b52}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{67af874b-956d-11de-800b-001f2991aeb0}\Shell - "" = AutoRun
O33 - MountPoints2\{67af874b-956d-11de-800b-001f2991aeb0}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe
O33 - MountPoints2\{67af876d-956d-11de-800b-001f2991aeb0}\Shell - "" = AutoRun
O33 - MountPoints2\{67af876d-956d-11de-800b-001f2991aeb0}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe
O33 - MountPoints2\{94a89076-a150-11de-851b-001f2991aeb0}\Shell\AutoRun\command - "" = ps.bat
O33 - MountPoints2\{94a89076-a150-11de-851b-001f2991aeb0}\Shell\explore\Command - "" = ps.bat
O33 - MountPoints2\{94a89076-a150-11de-851b-001f2991aeb0}\Shell\open\Command - "" = ps.bat
O33 - MountPoints2\{98fda891-21ae-11e1-a3ff-001e101f50a4}\Shell - "" = AutoRun
O33 - MountPoints2\{98fda891-21ae-11e1-a3ff-001e101f50a4}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{f530994e-ce03-11de-99bc-001f2991aeb0}\Shell\AutoRun\command - "" = G:\avira.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.31 00:11:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.31 00:10:58 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.08.31 00:10:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.08.08 23:11:18 | 000,000,000 | ---D | C] -- C:\Users\Roman\Documents\EndNote
[2012.08.08 21:44:27 | 000,000,000 | ---D | C] -- C:\Users\Roman\AppData\Roaming\EndNote
[2012.08.08 21:43:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Risxtd
[2012.08.08 21:43:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ResearchSoft
[2012.08.08 21:43:30 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\EndNote
[2012.08.08 21:43:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EndNote
[2012.08.08 21:34:50 | 000,000,000 | ---D | C] -- C:\Program Files\EndNote X2
[2012.08.08 21:33:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Thomson.ResearchSoft.Installers
[2012.08.06 16:27:06 | 000,000,000 | ---D | C] -- C:\Users\Roman\AppData\Roaming\vlc
[2012.08.06 16:26:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.08.06 16:16:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.08.06 16:15:16 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012.08.02 14:11:58 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallJammer Registry
[2012.08.02 13:53:48 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.31 17:20:14 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.31 17:19:01 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3045474442-3283016014-914664241-1006UA.job
[2012.08.31 17:13:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.31 15:53:50 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.31 15:49:32 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.31 15:49:30 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.31 15:49:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.31 15:49:14 | 2138,365,952 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.31 10:24:10 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.08.31 08:52:15 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3045474442-3283016014-914664241-1006Core.job
[2012.08.30 23:36:26 | 000,475,136 | ---- | M] () -- C:\Users\Roman\AppData\Local\_prdvjrqga.exe
[2012.08.15 21:40:54 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForRoman.job
[2012.08.15 18:21:03 | 000,053,163 | ---- | M] () -- C:\Users\Roman\Documents\Schuhe_saintcrispins_shoecare.pdf
[2012.08.15 08:36:57 | 000,535,336 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.08.11 16:10:08 | 000,695,968 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.08.11 16:10:08 | 000,651,282 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.08.11 16:10:08 | 000,154,444 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.08.11 16:10:08 | 000,125,532 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.08.02 14:19:21 | 000,000,218 | ---- | M] () -- C:\Users\Roman\.recently-used.xbel
[2012.08.02 14:19:18 | 000,000,314 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\psppirerc
[2012.08.02 13:51:05 | 000,720,515 | ---- | M] () -- C:\Users\Roman\Desktop\bookmarks-2012-08-02.json
 
========== Files Created - No Company Name ==========
 
[2012.08.30 23:36:26 | 000,475,136 | ---- | C] () -- C:\Users\Roman\AppData\Local\_prdvjrqga.exe
[2012.08.15 18:21:03 | 000,053,163 | ---- | C] () -- C:\Users\Roman\Documents\Schuhe_saintcrispins_shoecare.pdf
[2012.08.02 14:19:21 | 000,000,218 | ---- | C] () -- C:\Users\Roman\.recently-used.xbel
[2012.08.02 14:19:18 | 000,000,314 | ---- | C] () -- C:\Users\Roman\AppData\Roaming\psppirerc
[2012.08.02 13:51:04 | 000,720,515 | ---- | C] () -- C:\Users\Roman\Desktop\bookmarks-2012-08-02.json
[2012.03.26 23:22:05 | 000,000,093 | ---- | C] () -- C:\Users\Roman\AppData\Local\fusioncache.dat
[2012.03.26 23:22:00 | 000,138,752 | ---- | C] () -- C:\Windows\System32\MASE32.DLL
[2012.03.26 23:22:00 | 000,057,856 | ---- | C] () -- C:\Windows\System32\MASD32.DLL
[2012.03.26 23:21:59 | 000,196,096 | ---- | C] () -- C:\Windows\System32\MACD32.DLL
[2012.03.26 23:21:59 | 000,136,192 | ---- | C] () -- C:\Windows\System32\MAMC32.DLL
[2012.03.26 23:21:59 | 000,027,648 | ---- | C] () -- C:\Windows\System32\MA32.DLL
[2011.11.06 22:08:42 | 000,278,386 | ---- | C] () -- C:\Users\Roman\AppData\Local\census.cache
[2011.11.06 22:08:14 | 000,201,735 | ---- | C] () -- C:\Users\Roman\AppData\Local\ars.cache
[2011.11.06 21:57:45 | 000,000,036 | ---- | C] () -- C:\Users\Roman\AppData\Local\housecall.guid.cache
[2011.10.18 21:19:07 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.01.06 22:59:20 | 000,078,210 | ---- | C] () -- C:\Windows\hpqins05.dat
[2011.01.06 15:15:07 | 000,214,743 | ---- | C] () -- C:\Windows\hpwins23.dat
[2010.01.18 21:49:03 | 000,024,206 | ---- | C] () -- C:\Users\Roman\AppData\Roaming\UserTile.png
[2009.12.29 14:42:28 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.12.18 16:56:53 | 000,000,680 | ---- | C] () -- C:\Users\Roman\AppData\Local\d3d9caps.dat
[2008.08.31 23:15:11 | 000,038,442 | ---- | C] () -- C:\Users\Roman\AppData\Roaming\Tabulatorgetrennte Werte (Windows).ADR
[2008.08.31 21:23:24 | 000,038,437 | ---- | C] () -- C:\Users\Roman\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2008.08.28 20:20:29 | 000,000,466 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008.08.27 20:07:43 | 000,211,968 | ---- | C] () -- C:\Users\Roman\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.08.25 22:13:44 | 000,001,074 | RH-- | C] () -- C:\Users\Roman\XrxWm.ini
[2008.08.25 22:13:44 | 000,000,522 | RH-- | C] () -- C:\Users\Roman\xw45cpdy.dyc
 
========== LOP Check ==========
 
[2012.08.31 16:03:42 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Dropbox
[2012.08.20 13:28:29 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\EndNote
[2011.06.09 09:56:20 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\FileZilla
[2011.10.18 21:23:34 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\FreePDF
[2011.09.30 15:30:04 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\gtk-2.0
[2008.08.22 13:30:21 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Hewlett Packard
[2011.02.01 13:46:20 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\ICAClient
[2009.02.25 00:03:04 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\InterVideo
[2009.03.17 21:23:37 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Leadertech
[2010.12.29 23:04:49 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Local
[2010.04.13 11:17:59 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\M-HTOEFL
[2008.08.31 19:10:27 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Nokia
[2008.08.31 19:10:29 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\PC Suite
[2011.10.18 21:19:11 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\pdfforge
[2010.01.18 21:49:03 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\PeerNetworking
[2012.03.26 23:23:23 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Pinnacle
[2011.03.28 13:02:02 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\QuickScan
[2008.08.27 07:03:52 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\SampleView
[2011.03.14 23:25:41 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\TeamViewer
[2010.03.01 13:35:34 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Vensim
[2009.11.19 01:09:39 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Vensim Demo
[2012.08.31 10:24:11 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.11.07 01:29:12 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{CC3E9DAD-3CAE-4881-A6FF-68E7ACDA3A43}.job
 
========== Purity Check ==========
 
 

< End of report >

Code:
OTL Extras logfile created on: 31.08.2012 17:12:22 - Run 1
OTL by OldTimer - Version 3.2.59.1    Folder = C:\Users\Roman\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19298)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,21 Gb Available Physical Memory | 60,97% Memory free
4,22 Gb Paging File | 2,95 Gb Available in Paging File | 69,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 102,28 Gb Total Space | 23,72 Gb Free Space | 23,19% Space Free | Partition Type: NTFS
Drive E: | 1,55 Gb Total Space | 1,32 Gb Free Space | 84,89% Space Free | Partition Type: NTFS
Drive F: | 7,95 Gb Total Space | 0,98 Gb Free Space | 12,34% Space Free | Partition Type: NTFS
 
Computer Name: 6720S-RV | User Name: Roman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox 4.0 Beta 11\firefox.exe" -requestPending -osint -url "%1"
https [open] -- "C:\Program Files\Mozilla Firefox 4.0 Beta 11\firefox.exe" -requestPending -osint -url "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{8F4F52FF-3093-4358-85AD-724A3C0AB119}" = lport=2869 | protocol=6 | dir=in | app=system |
"{99D86F92-4F7A-4C25-B3CB-80680E32709E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{C7C03B89-7D9A-48E9-AA16-58FA22653DB8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04939669-DE76-4FF0-8A42-96A0950067B5}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{13F776AF-69D4-4FD5-AEC4-3BFFA9671BE0}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{1BF1167E-45D1-4B24-B863-7E28A32AAAC1}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{1DE7B619-EABE-41FD-89F8-3BE09C01D241}" = protocol=17 | dir=in | app=c:\program files\common files\pctv systems\pvr\videocontrol.exe |
"{22277809-FF2D-4F5E-AD39-A005244DA514}" = protocol=17 | dir=in | app=c:\users\roman\appdata\roaming\dropbox\bin\dropbox.exe |
"{302E0631-B60B-4476-A4B6-0D78435AC204}" = protocol=17 | dir=in | app=c:\program files\common files\pctv systems\streamingserver\strmserver.exe |
"{40D7055C-02D7-4631-85EA-1E344D3C74D1}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{552E8512-ECD3-4D28-B95B-AA82092039D1}" = protocol=17 | dir=in | app=c:\program files\pctv systems\tvcenter\tvcenter.exe |
"{563B7434-EB06-4CB1-A655-B5411A438DF7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{56C22636-D3BD-4D4F-875F-2A565F979B6B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{5F1AF8F3-177F-46F0-A06B-A188E47D6F05}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{65DCF77F-702C-4A23-8DE7-2078169AD70C}" = protocol=6 | dir=in | app=c:\users\roman\appdata\roaming\dropbox\bin\dropbox.exe |
"{6B831AFC-C738-4C8A-8281-1113EFC04DA2}" = protocol=6 | dir=in | app=c:\program files\common files\pctv systems\pvr\videocontrol.exe |
"{809CA8E9-178C-43DB-BCF2-DCB502315D9F}" = protocol=17 | dir=in | app=c:\users\roman\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{905692D8-9911-4C41-ACDD-A9AA6DAAD16F}" = protocol=6 | dir=in | app=c:\program files\pctv systems\tvcenter\tvcenter.exe |
"{929C1408-DBE7-4115-ADC5-4D24B548656E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{AFF2BFC3-617C-4096-8AC0-EBD5D3FE5627}" = protocol=6 | dir=in | app=c:\users\roman\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{CC15CC6C-1EE9-4220-87A5-AE380122FF9E}" = protocol=6 | dir=in | app=c:\program files\common files\pctv systems\streamingserver\strmserver.exe |
"{D934DAD7-1D80-4642-A859-7F350059256B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{E5B357DB-2B67-45C7-A613-07668DB42FD4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E8EFA40B-FFB4-4D41-A235-7E078ACB9D6E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{F5BE4B69-E063-4F8F-9EB9-336E2A1BFB6F}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{FBE82719-A7A9-4742-BD60-70C54CE08D46}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"TCP Query User{0F4D6C5A-4D5C-41C9-B524-FCDF345C1631}C:\users\roman\temp\teamviewer\version4\teamviewer.exe" = protocol=6 | dir=in | app=c:\users\roman\temp\teamviewer\version4\teamviewer.exe |
"TCP Query User{0F9784A5-1878-476C-91B0-D9F8893E9103}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{299E857F-4BEC-415E-B752-D16907E47113}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{9599364A-BBC6-4DA8-AC27-2C520F860A5E}C:\program files\mozilla firefox 4.0 beta 11\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox 4.0 beta 11\plugin-container.exe |
"TCP Query User{D782EA2E-5A0E-4B3E-88AB-7F5EE0CEED5D}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{14FC6D54-6AB6-473C-BA2C-1064B55DDB27}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{3C0E0DE7-B346-4BA3-AE06-54B80D5EB4C4}C:\users\roman\temp\teamviewer\version4\teamviewer.exe" = protocol=17 | dir=in | app=c:\users\roman\temp\teamviewer\version4\teamviewer.exe |
"UDP Query User{488B2714-A19C-44E2-BC2B-5D5172705A7C}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{540A7CFF-585C-4AEE-A640-907F9F2B8324}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{9DEF03F1-3941-43E8-8F9F-D5F774F2D5EB}C:\program files\mozilla firefox 4.0 beta 11\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox 4.0 beta 11\plugin-container.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002B1E90-3241-4D45-8831-E89020F8E7E6}" = EndNote X2
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.4900
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch
"{2DB165DC-DDB4-403F-B985-19F3EC7D0357}" = HP ProtectTools Security Manager
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 B2
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{38DAE5F5-EC70-4aa5-801B-D11CA0A33B41}" = BPDSoftware
"{3912A629-0020-0005-3131-2FBA74D4DF0A}" = InterVideo WinDVD
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = ST Wiederherstellungs- & Sicherungsprogramme
"{41977E38-C671-4383-96F2-D2C83A815EB4}" = Vista Default Settings
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{521F72F4-FFE4-4959-AA88-EED06125211F}" = HP Notebook Accessories Product Tour
"{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools
"{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{613AA85A-DB0D-4F51-907A-ED95678A617D}" = KPMGs_IFRS_Trainer
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A1ACC15-7632-45ba-A3AB-0250EBD4B7DD}" = 6500_E709a
"{6CC080F1-2E00-41D5-BE47-A3BC784E9DFB}" = BPDSoftware_Ini
"{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}" = HP Active Support Library 32 bit components
"{6EED4269-588D-45b8-A80C-26A9CA62EE4E}" = HPSSupply
"{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = Application Installer 4.00.B14
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7CA4EF4B-DB5A-4E2F-81CC-6EE33FC9EF1E}" = HP User Guides 0084
"{800E784D-53E3-4948-B491-9E7FA5EACBDC}" = SmartWebPrinting
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8DCD7A9A-8B0B-4184-A5D7-C4BDAA31C750}" = Microsoft Office Live Add-in Patches
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUSR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUSR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUSR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_PROPLUSR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_PROPLUSR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9129B46A-51F0-431b-9838-DF7272F3204E}" = ProductContext
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96334581-5554-3E5F-8BC9-924C3C3AC5BE}" = Google Talk Plugin
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{A12EA295-32EA-42BB-8442-2C2BE852D4AA}" = inSSIDer 2.0
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AC76BA86-7AD7-2448-0000-900000000003}" = Chinese Traditional Fonts Support For Adobe Reader 9
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BBE5C83E-4DC5-494F-8A23-3AAE242E94C2}" = HP Easy Setup - Frontend
"{BC35397E-6A05-4E93-8418-1BA7CD2B7AAB}" = BIOS Configuration for HP ProtectTools
"{BFE903DE-4845-4387-9C6C-98B21B8445A3}" = GMATPrep(TM)
"{C29C1940-CB85-4F3B-906C-33FEE0E67103}" = DocMgr
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C49067A8-8212-4A82-A4D9-1519701644F0}" = Citrix Presentation Server Client - Nur Web
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D98B6344-98EC-4196-9D61-DB0E8420C7C8}" = ESU for Microsoft Vista
"{D9B4D7EE-481C-4C36-86AB-A8F7417725FF}" = LightScribe  1.6.43.1
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{DE13432E-F0C1-4842-A5BA-CC997DA72A70}" = 6500_E709_eDocs
"{DFAA3D2B-7087-464E-823B-738A23C29C27}" = Microsoft Visual J# 2.0 Redistributable Package - SE
"{E333CA5F-00ED-4EEF-90E5-6A33A8FE969F}" = HP Help and Support
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F185B35D-38E5-4D88-B275-15C8C7FC4357}" = 6500_E709_Help
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{FA0F0A01-4631-4161-A6C2-948BF694382E}" = HP Officejet 6500 E709 Series
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"7-Zip" = 7-Zip 9.20
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Avira AntiVir Desktop" = Avira Free Antivirus
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"CCleaner" = CCleaner
"FileZilla Client" = FileZilla Client 3.2.6.1
"GPL Ghostscript 9.04" = GPL Ghostscript
"GRE POWERPREP" = GRE POWERPREP
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 12.0
"HPOCR" = OCR Software by I.R.I.S. 12.0
"ISI ResearchSoft - Export Helper" = ISI ResearchSoft - Export Helper
"KaloMa_is1" = KaloMa 4.93
"Kyocera FS-1100 / FS-1300D Printer Library" = Kyocera FS-1100 / FS-1300D Printer Library
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual J# 2.0 Redistributable Package - SE" = Microsoft Visual J# 2.0 Redistributable Package - SE
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Picasa 3" = Picasa 3
"PROHYBRIDR" = 2007 Microsoft Office system
"PROPLUSR" = Microsoft Office Professional Plus 2007
"PROSet" = Intel(R) Network Connections Drivers
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 7" = TeamViewer 7
"TOEFL Official Guide" = TOEFL Official Guide 2.05.0021
"Vensim Demonstration" = Vensim Demonstration
"Vensim PLE" = Vensim PLE
"VLC media player" = VLC media player 2.0.3
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}" = Pinnacle TVCenter Pro
"Dropbox" = Dropbox
"The MIT Beer Game" = The MIT Beer Game
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 23.08.2012 12:33:21 | Computer Name = 6720s-RV | Source = Perflib | ID = 1008
Description =
 
Error - 26.08.2012 07:36:03 | Computer Name = 6720s-RV | Source = Perflib | ID = 1010
Description =
 
Error - 26.08.2012 07:36:06 | Computer Name = 6720s-RV | Source = Perflib | ID = 1008
Description =
 
Error - 30.08.2012 11:08:39 | Computer Name = 6720s-RV | Source = Perflib | ID = 1010
Description =
 
Error - 30.08.2012 11:08:50 | Computer Name = 6720s-RV | Source = Perflib | ID = 1008
Description =
 
Error - 30.08.2012 11:20:13 | Computer Name = 6720s-RV | Source = VSS | ID = 12289
Description =
 
Error - 30.08.2012 12:01:53 | Computer Name = 6720s-RV | Source = VSS | ID = 12310
Description =
 
Error - 30.08.2012 12:01:53 | Computer Name = 6720s-RV | Source = VSS | ID = 12298
Description =
 
Error - 30.08.2012 17:50:52 | Computer Name = 6720s-RV | Source = VSS | ID = 8194
Description =
 
Error - 30.08.2012 21:22:46 | Computer Name = 6720s-RV | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung taskeng.exe, Version 6.0.6002.18342, Zeitstempel
 0x4cd2e07b, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x74000400,  Prozess-ID 0xa60, Anwendungsstartzeit
 01cd86fb8c5bb2a7.
 
[ OSession Events ]
Error - 07.04.2011 04:06:32 | Computer Name = 6720s-RV | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 21.05.2011 05:45:22 | Computer Name = 6720s-RV | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 02.06.2011 13:49:06 | Computer Name = 6720s-RV | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 02.06.2011 13:51:03 | Computer Name = 6720s-RV | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 02.06.2011 16:07:29 | Computer Name = 6720s-RV | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 02.06.2011 16:07:48 | Computer Name = 6720s-RV | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 02.06.2011 16:08:03 | Computer Name = 6720s-RV | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 02.06.2011 16:08:45 | Computer Name = 6720s-RV | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 18
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 02.06.2011 16:17:08 | Computer Name = 6720s-RV | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 15
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 13.12.2011 08:38:17 | Computer Name = 6720s-RV | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 10.08.2012 05:41:22 | Computer Name = 6720s-RV | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.5 für die Netzwerkkarte mit der Netzwerkadresse
 001F3C5D8866 wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
 eine DHCPNACK-Meldung gesendet).
 
Error - 11.08.2012 06:31:40 | Computer Name = 6720s-RV | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.2.109 für die Netzwerkkarte mit der Netzwerkadresse
 001F3C5D8866 wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 11.08.2012 09:44:25 | Computer Name = 6720s-RV | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.37 für die Netzwerkkarte mit der Netzwerkadresse
 001F3C5D8866 wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
 eine DHCPNACK-Meldung gesendet).
 
Error - 13.08.2012 04:56:42 | Computer Name = 6720s-RV | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.2.109 für die Netzwerkkarte mit der Netzwerkadresse
 001F3C5D8866 wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 15.08.2012 03:52:04 | Computer Name = 6720s-RV | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
 geantwortet.
 
Error - 24.08.2012 08:52:02 | Computer Name = 6720s-RV | Source = DCOM | ID = 10010
Description =
 
Error - 25.08.2012 20:08:41 | Computer Name = 6720s-RV | Source = DCOM | ID = 10010
Description =
 
Error - 30.08.2012 17:51:12 | Computer Name = 6720s-RV | Source = DCOM | ID = 10010
Description =
 
Error - 30.08.2012 18:03:59 | Computer Name = 6720s-RV | Source = DCOM | ID = 10010
Description =
 
Error - 31.08.2012 02:52:44 | Computer Name = 6720s-RV | Source = DCOM | ID = 10010
Description =
 
 
< End of report >

Was kann ich nun tun? Die umbenannte Datei löschen? Irgendwelche anderen Scans machen? Malwarebytes hat ja nichts mehr gefunden... Ich habe nun die Angst, dass irgendwo ein Rootkit installiert ist, bzw. mein PC befallen ist.

Bin für jede Hilfe dankbar!!!


Beste Grüße
Roman

cosinus 01.09.2012 13:18
Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

Seprom 01.09.2012 19:49
Vielen lieben Dank für die Antwort! :knuddel:

Im Anhang die Malwarebytes Logs. Habe drei Dateien in Quarantäne. :pfui: Sollen die gelöscht werden?

Hier noch ein Log von ESET, den ich heute ausgeführt hab.
Code:
C:\Program Files\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe        Win32/Toolbar.Widgi Anwendung        Gesäubert durch Löschen - in Quarantäne kopiert
C:\Users\Roman\AppData\Local\_prdvjrqga.exe        Win32/Adware.SecurityShield.D Anwendung        Gesäubert durch Löschen - in Quarantäne kopiert
Nochmals danke und auf bald
Roman

Seprom 02.09.2012 17:55
Habe jetzt darüber hinaus noch mal nen Scan mit Avira gemacht, dass ich immer brav up-to-date gehalten habe. Hatte vor einiger Zeit mal was gefunden und in Quarantäne gesetzt, dann aber nie mehr irgendwas. Waren ein paar False-Positives dabei.

Der wöchentliche Scan am Donnerstag hatte noch nichts gefunden. Der heutige Scan brachte dann das Folgende zu Tage:
Code:

Avira Free Antivirus
Erstellungsdatum der Reportdatei: Sonntag, 2. September 2012  15:22

Es wird nach 4204350 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer  : Avira AntiVir Personal - Free Antivirus
Seriennummer  : 0000149996-ADJIE-0000001
Plattform      : Windows Vista (TM) Business
Windowsversion : (Service Pack 2)  [6.0.6002]
Boot Modus    : Normal gebootet
Benutzername  : SYSTEM
Computername  : 6720S-RV

Versionsinformationen:
BUILD.DAT      : 12.0.0.1167    40870 Bytes  18.07.2012 19:07:00
AVSCAN.EXE    : 12.3.0.33    468472 Bytes  08.08.2012 11:06:45
AVSCAN.DLL    : 12.3.0.15      66256 Bytes  08.05.2012 17:57:02
LUKE.DLL      : 12.3.0.15      68304 Bytes  08.05.2012 17:57:03
AVSCPLR.DLL    : 12.3.0.14      97032 Bytes  08.05.2012 17:57:03
AVREG.DLL      : 12.3.0.17    232200 Bytes  10.05.2012 17:56:27
VBASE000.VDF  : 7.10.0.0    19875328 Bytes  06.11.2009 19:18:34
VBASE001.VDF  : 7.11.0.0    13342208 Bytes  14.12.2010 10:07:39
VBASE002.VDF  : 7.11.19.170 14374912 Bytes  20.12.2011 11:57:53
VBASE003.VDF  : 7.11.21.238  4472832 Bytes  01.02.2012 15:14:33
VBASE004.VDF  : 7.11.26.44  4329472 Bytes  28.03.2012 20:32:21
VBASE005.VDF  : 7.11.34.116  4034048 Bytes  29.06.2012 18:32:03
VBASE006.VDF  : 7.11.34.117    2048 Bytes  29.06.2012 18:32:03
VBASE007.VDF  : 7.11.34.118    2048 Bytes  29.06.2012 18:32:03
VBASE008.VDF  : 7.11.34.119    2048 Bytes  29.06.2012 18:32:03
VBASE009.VDF  : 7.11.34.120    2048 Bytes  29.06.2012 18:32:03
VBASE010.VDF  : 7.11.34.121    2048 Bytes  29.06.2012 18:32:03
VBASE011.VDF  : 7.11.34.122    2048 Bytes  29.06.2012 18:32:03
VBASE012.VDF  : 7.11.34.123    2048 Bytes  29.06.2012 18:32:03
VBASE013.VDF  : 7.11.34.124    2048 Bytes  29.06.2012 18:32:03
VBASE014.VDF  : 7.11.38.18  2554880 Bytes  30.07.2012 21:13:17
VBASE015.VDF  : 7.11.38.70    556032 Bytes  31.07.2012 21:13:18
VBASE016.VDF  : 7.11.38.143  171008 Bytes  02.08.2012 13:54:38
VBASE017.VDF  : 7.11.38.221  178176 Bytes  06.08.2012 18:56:02
VBASE018.VDF  : 7.11.39.37    168448 Bytes  08.08.2012 11:06:29
VBASE019.VDF  : 7.11.39.89    131072 Bytes  09.08.2012 11:05:45
VBASE020.VDF  : 7.11.39.145  142336 Bytes  11.08.2012 09:02:06
VBASE021.VDF  : 7.11.39.207  165888 Bytes  14.08.2012 05:05:32
VBASE022.VDF  : 7.11.40.9    156160 Bytes  16.08.2012 11:39:03
VBASE023.VDF  : 7.11.40.49    133120 Bytes  17.08.2012 11:39:03
VBASE024.VDF  : 7.11.40.95    156160 Bytes  20.08.2012 14:26:35
VBASE025.VDF  : 7.11.40.155  181760 Bytes  22.08.2012 14:26:40
VBASE026.VDF  : 7.11.40.205  203264 Bytes  23.08.2012 15:43:53
VBASE027.VDF  : 7.11.41.29    188416 Bytes  27.08.2012 15:05:46
VBASE028.VDF  : 7.11.41.87    250368 Bytes  30.08.2012 15:05:48
VBASE029.VDF  : 7.11.41.88      2048 Bytes  30.08.2012 15:05:48
VBASE030.VDF  : 7.11.41.89      2048 Bytes  30.08.2012 15:05:48
VBASE031.VDF  : 7.11.41.132  201216 Bytes  01.09.2012 17:26:41
Engineversion  : 8.2.10.150
AEVDF.DLL      : 8.1.2.10      102772 Bytes  11.07.2012 07:36:03
AESCRIPT.DLL  : 8.1.4.46      455034 Bytes  24.08.2012 15:46:05
AESCN.DLL      : 8.1.8.2      131444 Bytes  27.01.2012 10:26:26
AESBX.DLL      : 8.2.5.12      606578 Bytes  15.06.2012 19:16:02
AERDL.DLL      : 8.1.9.15      639348 Bytes  08.09.2011 22:16:06
AEPACK.DLL    : 8.3.0.32      811382 Bytes  24.08.2012 15:45:57
AEOFFICE.DLL  : 8.1.2.42      201083 Bytes  19.07.2012 17:34:51
AEHEUR.DLL    : 8.1.4.94    5230967 Bytes  30.08.2012 15:06:38
AEHELP.DLL    : 8.1.23.2      258422 Bytes  01.07.2012 18:32:05
AEGEN.DLL      : 8.1.5.36      434549 Bytes  24.08.2012 15:44:15
AEEXP.DLL      : 8.1.0.84      90485 Bytes  30.08.2012 15:06:45
AEEMU.DLL      : 8.1.3.2      393587 Bytes  11.07.2012 07:36:02
AECORE.DLL    : 8.1.27.4      201078 Bytes  08.08.2012 11:06:31
AEBB.DLL      : 8.1.1.0        53618 Bytes  01.09.2011 22:46:01
AVWINLL.DLL    : 12.3.0.15      27344 Bytes  08.05.2012 17:57:02
AVPREF.DLL    : 12.3.0.15      51920 Bytes  08.05.2012 17:57:02
AVREP.DLL      : 12.3.0.15    179208 Bytes  08.05.2012 17:57:03
AVARKT.DLL    : 12.3.0.15    211408 Bytes  08.05.2012 17:57:02
AVEVTLOG.DLL  : 12.3.0.15    169168 Bytes  08.05.2012 17:57:02
SQLITE3.DLL    : 3.7.0.1      398288 Bytes  08.05.2012 17:57:03
AVSMTP.DLL    : 12.3.0.32      63480 Bytes  08.08.2012 11:06:45
NETNT.DLL      : 12.3.0.15      17104 Bytes  08.05.2012 17:57:03
RCIMAGE.DLL    : 12.3.0.31    4444408 Bytes  08.08.2012 11:06:28
RCTEXT.DLL    : 12.3.0.31    100088 Bytes  08.08.2012 11:06:29

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, E:, F:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Abweichende Gefahrenkategorien........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,

Beginn des Suchlaufs: Sonntag, 2. September 2012  15:22

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'E:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'F:\'
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf nach versteckten Objekten wird begonnen.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'efsui.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '86' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamservice.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'hphc_service.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPHelper.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'sidebar.exe' - '92' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dropbox.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'WiFiMsg.EXE' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'BTTray.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'sidebar.exe' - '106' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamgui.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpwuschd2.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'HPWAMain.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'QLBCTRL.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'pthosttr.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'MSASCui.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'scheduler.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSvcM.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpqwmiex.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'DCSHelper.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '83' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '146' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSVC.EXE' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '9' Modul(e) wurden durchsucht
Durchsuche Prozess 'TeamViewer_Service.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'sqlwriter.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'sqlbrowser.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'LSSrvc.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'iviRegMgr.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'DCService.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'BcmSqlStartupSvc.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'agrsmsvc.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'AEADISRV.EXE' - '5' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '91' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '99' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'SLsvc.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '154' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '121' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
C:\Program Files\gs\gs9.04\uninstgs.exe
  [WARNUNG]  Unerwartetes Dateiende erreicht
Die Registry wurde durchsucht ( '4026' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\'
C:\Program Files\gs\gs9.04\uninstgs.exe
  [WARNUNG]  Unerwartetes Dateiende erreicht
C:\SwSetup\Roxio\EMC_HP_92\Data1.cab
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\SwSetup\Roxio\EMC_HP_92\Data11.cab
  [WARNUNG]  Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
C:\Users\Roman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J8C0L1HB\Kaloma493[1].zip
  [WARNUNG]  Unerwartetes Dateiende erreicht
C:\Users\Roman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\P9VCML6G\Kaloma493[1].zip
  [WARNUNG]  Unerwartetes Dateiende erreicht
C:\Users\Roman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UC540P02\Kaloma493[1].zip
  [WARNUNG]  Unerwartetes Dateiende erreicht
C:\Users\Roman\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\37de78e9-7c847dee
  [0] Archivtyp: ZIP
  --> a/mrqb.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2012-1723.ER
  --> a/jdtzmoehgq.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/JAVA.Rettilic.Gen
  --> a/dkpgqujcwdrsf.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2012-1723.EP
  --> a/bmvupoetkfzgstk.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/JAVA.Ivinest.Gen
  --> a/aqixyd.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2012-4681.A
  --> jnmxoty
      [FUND]      Ist das Trojanische Pferd TR/Fakealert.faw
Beginne mit der Suche in 'E:\' <OS_TOOLS>
Beginne mit der Suche in 'F:\' <HP_RECOVERY>

Beginne mit der Desinfektion:
C:\Users\Roman\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\37de78e9-7c847dee
  [FUND]      Ist das Trojanische Pferd TR/Fakealert.faw
  [HINWEIS]  Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '56b42803.qua' verschoben!


Ende des Suchlaufs: Sonntag, 2. September 2012  18:15
Benötigte Zeit:  1:59:31 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

  34386 Verzeichnisse wurden überprüft
 686448 Dateien wurden geprüft
      6 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      1 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
 686442 Dateien ohne Befall
  5882 Archive wurden durchsucht
      7 Warnungen
      1 Hinweise
 776872 Objekte wurden beim Rootkitscan durchsucht
      0 Versteckte Objekte wurden gefunden
Selbst mir als Laie ist nun klar: Hier ist wohl eine größere Infektion am Laufen. Stellt sich mir nun die Fragen...

(1) Wie schlimm ist es wirklich? Wie "bösartig" sind die Schadprogramme und der Befall insgesamt?
(2) Wie mit der Bereinigung vorgehen? Steps für Datensicherung und ggf. Neuaufspielen von Windows etc. Soll der PC dabei normal ausgeführt werden, oder erst mal nur per Linux-CD gebootet werden?
(3) Und wie der Rechner in Zukunft zu sichern wäre? Also welche Anti-Virus-Programme, ggf. welche Kombination dieser, in Zukunft genutzt werden sollten? Habe wie gesagt bisher auf Avira Free AV und Malwarebytes gesetzt, was jetzt ja keinen ausreichenden Schutz vor der Attacke gebracht hat. Was würden Sie empfehlen? Evtl. ne Sandbox? Hätte das in meinem Fall den Befall verhindern können?


Besten Dank!!!

cosinus 03.09.2012 19:30
Führ bitte auch ESET aus, danach sehen wir weiter.

Hinweis: ESET zeigt durchaus öfter ein paar Fehlalarme. Deswegen soll auch von ESET immer nur erst das Log gepostet und nichts entfernt werden.

ESET Online Scanner
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen
  • Dein Anti-Virus-Programm während des Scans deaktivieren.

    Im als Administrator geöffneten Browser diesen Link aufrufen => ESET Online Scanner
    • Firefox-User:
      Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
    • IE-User:
      müssen das Installieren eines ActiveX Elements erlauben.
  • Setze den einen Haken bei Yes, i accept the Terms of Use.
  • Drücke den http://img707.imageshack.us/img707/687/starteg.jpg Button.
  • Warte bis die Komponenten herunter geladen wurden.
  • Setze einen Haken bei "Scan archives".
  • Gehe sicher das bei Remove Found Threats kein Hacken gesetzt ist.
  • http://img707.imageshack.us/img707/687/starteg.jpg drücken.
  • Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.
Wenn der Scan beendet wurde
  • Klicke Finish.
  • Browser schließen.
Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + R Taste und kopiere folgenden Text in das Ausführen Fenster.
Code:
"%PROGRAMFILES%\Eset\Eset Online Scanner\log.txt"
Hinweis: Falls du ein 64-Bit-Windows einsetzt, lautet der Pfad so:

Code:
"%PROGRAMFILES(X86)%\Eset\Eset Online Scanner\log.txt"
Poste nun den Inhalt der log.txt.


Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

Seprom 05.09.2012 17:06
Hier der ESET log, wie aufgetragen:

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=8c8eebf4012bdd44be3e43aca27d303c
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-05 03:01:28
# local_time=2012-09-05 05:01:28 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 24886246 24886246 0 0
# compatibility_mode=5892 16776573 100 100 68325 184376935 0 0
# compatibility_mode=8192 67108863 100 0 156 156 0 0
# scanned=224125
# found=0
# cleaned=0
# scan_time=13054
Was nun?

Vielen Dank im Voraus!!!


lg Roman

cosinus 06.09.2012 12:24
adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

Seprom 11.09.2012 15:09
Hier das log vom AdwCleaner:

Code:
# AdwCleaner v2.001 - Datei am 09/11/2012 um 16:06:22 erstellt
# Aktualisiert am 09/09/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Business Service Pack 2 (32 bits)
# Benutzer : Roman - 6720S-RV
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Roman\Downloads\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gefunden : C:\Users\Roman\AppData\LocalLow\boost_interprocess
Ordner Gefunden : C:\Users\Roman\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\S

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.6001.19298

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v15.0 (de)

Profilname : default
Datei : C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\m4f927su.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [1101 octets] - [11/09/2012 16:06:22]

########## EOF - C:\AdwCleaner[R1].txt - [1161 octets] ##########

:dankeschoen: Was als nächstes?

cosinus 11.09.2012 21:15
adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Seprom 13.09.2012 20:37
Hier die nächste Log-Datei:

Code:
# AdwCleaner v2.001 - Datei am 09/13/2012 um 21:23:59 erstellt
# Aktualisiert am 09/09/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Business Service Pack 2 (32 bits)
# Benutzer : Roman - 6720S-RV
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Roman\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Users\Roman\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\Roman\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\S

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.6001.19298

Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0 (de)

Profilname : default
Datei : C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\m4f927su.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [1230 octets] - [11/09/2012 16:06:22]
AdwCleaner[S1].txt - [1606 octets] - [13/09/2012 21:23:59]

########## EOF - C:\AdwCleaner[S1].txt - [1666 octets] ##########

What's next? :daumenhoc

cosinus 14.09.2012 13:55
Hätte da mal zwei Fragen bevor es weiter geht (wir sind noch nicht fertig!)

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Seprom 19.09.2012 20:18
Hallo!

zu 1.) normale Modus geht und ging die ganze Zeit uneingeschränkt. War nur ein wenig langsam. Vor allem im Internet, also unter Browsernutzung (Firefox).
zu 2.) Sieht alles normal aus. Vermisse jetzt auf Anhieb keine Ordner. Alle Ordner sind gefüllt, bis auf Windows PowerShell 1.0. Allerdings kann ich dir nicht sagen, ob der jemals gefüllt war, da ich den meines Wissens noch nie geöffnet habe.

Wir sind noch nicht fertig, wie du sagtest. Mit was geht's weiter?

Beste Grüße

cosinus 20.09.2012 11:21
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Seprom 21.09.2012 12:41
FEHLER... wurde zweimal eingestellt, weil ich anfangs auf Direktantwort geklickt habe... Daher das hier ignorieren und weiter unten weiter lesen...

Seprom 21.09.2012 12:42
Hier das Log:

Code:
OTL logfile created on: 21.09.2012 13:10:52 - Run 2
OTL by OldTimer - Version 3.2.65.1    Folder = C:\Users\Roman\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 0,79 Gb Available Physical Memory | 39,75% Memory free
4,22 Gb Paging File | 2,71 Gb Available in Paging File | 64,22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 102,28 Gb Total Space | 24,09 Gb Free Space | 23,55% Space Free | Partition Type: NTFS
Drive E: | 1,55 Gb Total Space | 1,32 Gb Free Space | 84,89% Space Free | Partition Type: NTFS
Drive F: | 7,95 Gb Total Space | 0,98 Gb Free Space | 12,34% Space Free | Partition Type: NTFS
 
Computer Name: 6720S-RV | User Name: Roman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.21 13:09:30 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Users\Roman\Downloads\OTL.exe
PRC - [2012.09.11 17:28:42 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.08.08 13:06:44 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.07.16 16:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Roman\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.05.08 19:57:03 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 19:57:02 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 19:57:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010.12.10 19:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2010.12.10 19:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2010.08.19 10:52:14 | 000,241,664 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2010.08.19 10:52:04 | 000,229,376 | ---- | M] () -- C:\ProgramData\DatacardService\DCService.exe
PRC - [2009.11.11 14:00:54 | 000,076,856 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.03.18 17:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2008.01.19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007.06.06 15:34:02 | 000,715,912 | ---- | M] () -- C:\Windows\SMINST\Scheduler.exe
PRC - [2007.03.29 13:11:50 | 000,719,664 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007.02.06 08:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
PRC - [2007.01.09 16:52:36 | 000,145,184 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
PRC - [2007.01.04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.09.11 17:28:42 | 002,244,064 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2009.07.02 00:46:06 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
MOD - [2007.08.24 14:28:04 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
MOD - [2007.06.08 10:05:38 | 000,274,432 | ---- | M] () -- C:\Windows\System32\flcdlmsg.dll
MOD - [2007.06.06 15:34:02 | 000,715,912 | ---- | M] () -- C:\Windows\SMINST\Scheduler.exe
MOD - [2007.03.29 13:02:48 | 000,126,976 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2007.03.29 12:42:38 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll
MOD - [2007.02.15 17:37:00 | 000,446,464 | ---- | M] () -- C:\Windows\SMINST\naspp.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.09.21 12:13:45 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.11 17:28:42 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.16 16:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.07.03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.08 19:57:03 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 19:57:02 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010.12.10 19:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2010.12.10 19:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ)
SRV - [2010.12.10 19:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2010.12.10 19:29:30 | 000,044,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2010.08.19 10:52:04 | 000,229,376 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\DCService.exe -- (DCService.exe)
SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008.03.18 17:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007.06.08 10:06:42 | 000,172,131 | R--- | M] (Hewlett-Packard Ltd) [On_Demand | Stopped] -- C:\Windows\System32\flcdlock.exe -- (FLCDLOCK)
SRV - [2007.02.06 08:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2007.01.04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.05.08 19:57:03 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 19:57:03 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.19 17:56:15 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.08.27 13:53:46 | 000,116,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2010.08.07 17:48:42 | 000,106,880 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010.07.27 15:25:48 | 000,072,832 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2010.07.27 09:52:02 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2010.07.27 08:14:58 | 006,842,464 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2010.07.27 08:12:50 | 000,282,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2010.07.27 08:12:26 | 000,114,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2010.06.17 16:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.03.11 11:17:14 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV - [2010.02.25 01:03:16 | 000,014,904 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBTTN.sys -- (HBtnKey)
DRV - [2009.08.24 10:14:30 | 000,044,544 | ---- | M] (AzureWave Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\azvusb.sys -- (azvusb)
DRV - [2009.04.29 07:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2008.12.05 07:55:40 | 000,217,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2008.11.21 21:53:40 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008.11.17 16:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008.10.09 16:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008.03.29 17:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007.10.12 03:00:44 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007.10.12 02:56:22 | 000,490,776 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928)
DRV - [2007.09.14 17:42:04 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007.06.08 09:49:46 | 000,030,008 | R--- | M] (Hewlett-Packard Development Company L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DAMDrv.sys -- (DAMDrv)
DRV - [2007.01.29 20:20:04 | 000,361,728 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2007.01.29 20:19:48 | 000,039,680 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2007.01.18 17:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006.11.02 09:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006.11.02 03:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=74&bd=smb&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=74&bd=smb&pf=laptop
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{2B837857-67A1-4C72-9DB1-2D2A378C9A78}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcmnbie7-de-de
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-21-3045474442-3283016014-914664241-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3045474442-3283016014-914664241-1006\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3045474442-3283016014-914664241-1006\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3045474442-3283016014-914664241-1006\..\SearchScopes\{0579B8E0-5480-4051-A82C-8636BF5C2F2B}: "URL" = hxxp://search.ebay.de/search/search.dll?satitle={searchTerms}
IE - HKU\S-1-5-21-3045474442-3283016014-914664241-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-3045474442-3283016014-914664241-1006\..\SearchScopes\{169537B5-61AE-469C-BB97-83FD10990702}: "URL" = hxxp://www.amazon.de/gp/search?search-alias=aps&field-keywords={searchTerms}
IE - HKU\S-1-5-21-3045474442-3283016014-914664241-1006\..\SearchScopes\{2B837857-67A1-4C72-9DB1-2D2A378C9A78}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcmnbie7-de-de
IE - HKU\S-1-5-21-3045474442-3283016014-914664241-1006\..\SearchScopes\{4C6E59F8-C3A3-48C7-AA8E-C321635D00E4}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms}
IE - HKU\S-1-5-21-3045474442-3283016014-914664241-1006\..\SearchScopes\{6247DA3A-9DCB-4910-A6D3-9BB1D862BB58}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}
IE - HKU\S-1-5-21-3045474442-3283016014-914664241-1006\..\SearchScopes\{D60D28A7-939B-4DA6-A7F2-7FD457008A6B}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-3045474442-3283016014-914664241-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledAddons: en-GB@dictionaries.addons.mozilla.org:1.19.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Roman\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Roman\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Roman\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Roman\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.03.05 14:29:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2011.01.06 15:43:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.11 17:28:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.11 17:28:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2011.01.06 15:43:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.11 17:28:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.11 17:28:36 | 000,000,000 | ---D | M]
 
[2012.04.18 13:36:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Roman\AppData\Roaming\mozilla\Extensions
[2012.08.30 17:06:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Roman\AppData\Roaming\mozilla\Firefox\Profiles\m4f927su.default\extensions
[2012.04.18 13:59:15 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Roman\AppData\Roaming\mozilla\Firefox\Profiles\m4f927su.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2012.04.18 13:59:34 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\Roman\AppData\Roaming\mozilla\Firefox\Profiles\m4f927su.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2012.08.30 17:06:25 | 000,088,614 | ---- | M] () (No name found) -- C:\Users\Roman\AppData\Roaming\mozilla\firefox\profiles\m4f927su.default\extensions\extension@ciuvo.com.xpi
[2012.07.26 12:26:28 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Roman\AppData\Roaming\mozilla\firefox\profiles\m4f927su.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.04.18 14:10:35 | 000,001,692 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\mozilla\firefox\profiles\m4f927su.default\searchplugins\alle-preise---guenstigerde.xml
[2012.08.19 20:32:45 | 000,012,703 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\mozilla\firefox\profiles\m4f927su.default\searchplugins\imdb.xml
[2012.04.18 14:06:26 | 000,002,322 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\mozilla\firefox\profiles\m4f927su.default\searchplugins\openthesaurus.xml
[2012.04.18 14:02:19 | 000,002,006 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\mozilla\firefox\profiles\m4f927su.default\searchplugins\urban-dictionary.xml
[2012.04.18 14:02:41 | 000,001,330 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\mozilla\firefox\profiles\m4f927su.default\searchplugins\wikipedia-en.xml
[2012.04.18 14:02:55 | 000,002,446 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\mozilla\firefox\profiles\m4f927su.default\searchplugins\wiktionary-de.xml
[2012.04.18 14:01:58 | 000,001,997 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\mozilla\firefox\profiles\m4f927su.default\searchplugins\wolframalpha.xml
[2012.04.22 21:15:19 | 000,002,057 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\mozilla\firefox\profiles\m4f927su.default\searchplugins\youtube-videosuche.xml
[2012.09.11 17:28:33 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.09.11 17:28:42 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.07.14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.31 01:20:01 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.07.14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&output=chrome&hl={language}&q={searchTerms}
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1            localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [ST Recovery Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O4 - Startup: C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Roman\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1AE68D5B-3AD6-42B3-A1A7-304EE002046D}: DhcpNameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3992FE55-F80B-4794-AA86-7FF9206DA54C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62E1A4B8-18E1-400D-85B6-74F40BA9D696}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B6863DED-BCB9-4047-820F-43F1C596DE39}: DhcpNameServer = 193.189.244.225 193.189.244.206
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\Windows\System32\DeviceNP.dll (Hewlett-Packard Limited)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - Unable to obtain root file information for disk F:\
O33 - MountPoints2\{034c157c-b0f4-11de-9a1b-001f2991aeb0}\Shell\AutoRun\command - "" = H:\SamsungSoftware\APPInst.exe
O33 - MountPoints2\{4ab35dfd-fcaf-11e0-ac37-001f3c5d8866}\Shell - "" = AutoRun
O33 - MountPoints2\{4ab35dfd-fcaf-11e0-ac37-001f3c5d8866}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{4ab35e48-fcaf-11e0-ac37-001e101f2b52}\Shell - "" = AutoRun
O33 - MountPoints2\{4ab35e48-fcaf-11e0-ac37-001e101f2b52}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{67af874b-956d-11de-800b-001f2991aeb0}\Shell - "" = AutoRun
O33 - MountPoints2\{67af874b-956d-11de-800b-001f2991aeb0}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe
O33 - MountPoints2\{67af876d-956d-11de-800b-001f2991aeb0}\Shell - "" = AutoRun
O33 - MountPoints2\{67af876d-956d-11de-800b-001f2991aeb0}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe
O33 - MountPoints2\{94a89076-a150-11de-851b-001f2991aeb0}\Shell\AutoRun\command - "" = ps.bat
O33 - MountPoints2\{94a89076-a150-11de-851b-001f2991aeb0}\Shell\explore\Command - "" = ps.bat
O33 - MountPoints2\{94a89076-a150-11de-851b-001f2991aeb0}\Shell\open\Command - "" = ps.bat
O33 - MountPoints2\{98fda891-21ae-11e1-a3ff-001e101f50a4}\Shell - "" = AutoRun
O33 - MountPoints2\{98fda891-21ae-11e1-a3ff-001e101f50a4}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{f530994e-ce03-11de-99bc-001f2991aeb0}\Shell\AutoRun\command - "" = G:\avira.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DVD Check.lnk - C:\Programme\InterVideo\DVD Check\DVDCheck.exe - (InterVideo Inc.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Programme\Hp\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk -  - File not found
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= -  File not found
MsConfig - StartUpReg: DivXUpdate - hkey= - key= -  File not found
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Users\Roman\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: HotKeysCmds - hkey= - key= -  File not found
MsConfig - StartUpReg: IgfxTray - hkey= - key= -  File not found
MsConfig - StartUpReg: ISUSPM - hkey= - key= - C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
MsConfig - StartUpReg: LightScribe Control Panel - hkey= - key= - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
MsConfig - StartUpReg: LogitechCommunicationsManager - hkey= - key= -  File not found
MsConfig - StartUpReg: LogitechQuickCamRibbon - hkey= - key= -  File not found
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: Persistence - hkey= - key= -  File not found
MsConfig - StartUpReg: PMCLoader - hkey= - key= - C:\Programme\Pinnacle\TVCenter Pro\PMCLoader.exe (Pinnacle Systems GmbH)
MsConfig - StartUpReg: PMCRemote - hkey= - key= - C:\Programme\Pinnacle\Shared Files\Programs\Remote\remoterm.exe (Pinnacle Systems)
MsConfig - StartUpReg: RemoTerm.exe - hkey= - key= -  File not found
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: SoundMAXPnP - hkey= - key= - C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: WatchDog - hkey= - key= - C:\Programme\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
MsConfig - State: "startup" - 2
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /HideWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.I420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.19 21:32:10 | 000,000,000 | ---D | C] -- C:\Windows\QLB
[2012.09.11 17:28:32 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.09.05 14:45:05 | 000,000,000 | -HSD | C] -- C:\ProgramData\MPK
[2012.09.03 15:12:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.09.03 15:10:36 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.08.31 17:29:33 | 000,000,000 | ---D | C] -- C:\Users\Roman\Desktop\Trojaner Board
[2012.08.31 00:11:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.31 00:10:58 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.08.31 00:10:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.21 13:13:19 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.21 12:39:34 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.21 12:25:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3045474442-3283016014-914664241-1006UA.job
[2012.09.21 12:20:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.21 12:12:28 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.21 12:12:27 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.21 12:12:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.21 12:11:43 | 2136,297,472 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.21 12:07:10 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.09.21 12:00:45 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2012.09.21 12:00:45 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2012.09.21 12:00:33 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012.09.19 20:26:07 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3045474442-3283016014-914664241-1006Core.job
[2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.06 19:48:32 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2012.09.06 14:11:41 | 000,651,282 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.06 14:11:41 | 000,125,532 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.06 14:11:40 | 000,695,968 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.06 14:11:40 | 000,154,444 | ---- | M] () -- C:\Windows\System32\perfc007.dat
 
========== Files Created - No Company Name ==========
 
[2012.09.21 12:00:33 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012.08.02 14:19:21 | 000,000,218 | ---- | C] () -- C:\Users\Roman\.recently-used.xbel
[2012.08.02 14:19:18 | 000,000,314 | ---- | C] () -- C:\Users\Roman\AppData\Roaming\psppirerc
[2012.03.26 23:22:05 | 000,000,093 | ---- | C] () -- C:\Users\Roman\AppData\Local\fusioncache.dat
[2012.03.26 23:22:00 | 000,138,752 | ---- | C] () -- C:\Windows\System32\MASE32.DLL
[2012.03.26 23:22:00 | 000,057,856 | ---- | C] () -- C:\Windows\System32\MASD32.DLL
[2012.03.26 23:21:59 | 000,196,096 | ---- | C] () -- C:\Windows\System32\MACD32.DLL
[2012.03.26 23:21:59 | 000,136,192 | ---- | C] () -- C:\Windows\System32\MAMC32.DLL
[2012.03.26 23:21:59 | 000,027,648 | ---- | C] () -- C:\Windows\System32\MA32.DLL
[2011.11.06 22:08:42 | 000,278,386 | ---- | C] () -- C:\Users\Roman\AppData\Local\census.cache
[2011.11.06 22:08:14 | 000,201,735 | ---- | C] () -- C:\Users\Roman\AppData\Local\ars.cache
[2011.11.06 21:57:45 | 000,000,036 | ---- | C] () -- C:\Users\Roman\AppData\Local\housecall.guid.cache
[2011.10.18 21:19:07 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.01.06 22:59:20 | 000,078,210 | ---- | C] () -- C:\Windows\hpqins05.dat
[2011.01.06 15:15:07 | 000,214,743 | ---- | C] () -- C:\Windows\hpwins23.dat
[2010.01.18 21:49:03 | 000,024,206 | ---- | C] () -- C:\Users\Roman\AppData\Roaming\UserTile.png
[2009.12.29 14:42:28 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.12.18 16:56:53 | 000,000,680 | ---- | C] () -- C:\Users\Roman\AppData\Local\d3d9caps.dat
[2008.08.31 23:15:11 | 000,038,442 | ---- | C] () -- C:\Users\Roman\AppData\Roaming\Tabulatorgetrennte Werte (Windows).ADR
[2008.08.31 21:23:24 | 000,038,437 | ---- | C] () -- C:\Users\Roman\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2008.08.28 20:20:29 | 000,000,466 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008.08.27 20:07:43 | 000,211,968 | ---- | C] () -- C:\Users\Roman\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.08.25 22:13:44 | 000,001,074 | RH-- | C] () -- C:\Users\Roman\XrxWm.ini
[2008.08.25 22:13:44 | 000,000,522 | RH-- | C] () -- C:\Users\Roman\xw45cpdy.dyc
 
========== ZeroAccess Check ==========
 
[2007.03.29 15:41:28 | 000,000,165 | ---- | M] () -- C:\Users\All Users\Macrovision\FLEXnet Connect\6\ui\images\u.gif
[2012.07.19 15:05:54 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Roman\AppData\Roaming\Dropbox\shellext\l
[2012.05.15 11:19:02 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\LocalLow\Microsoft\Silverlight\is\oroshhpr.f2v\a40h5abu.nl5\1\l
[2012.09.06 19:31:20 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Dropbox\l
[2012.06.12 12:38:26 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Dropbox\installer\l
[2012.09.21 13:09:22 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Dropbox\shellext\l
[2006.11.02 14:54:18 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
========== LOP Check ==========
 
[2012.09.21 12:41:48 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Dropbox
[2012.09.11 17:53:24 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\EndNote
[2011.06.09 09:56:20 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\FileZilla
[2011.10.18 21:23:34 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\FreePDF
[2011.09.30 15:30:04 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\gtk-2.0
[2008.08.22 13:30:21 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Hewlett Packard
[2011.02.01 13:46:20 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\ICAClient
[2009.02.25 00:03:04 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\InterVideo
[2009.03.17 21:23:37 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Leadertech
[2010.12.29 23:04:49 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Local
[2010.04.13 11:17:59 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\M-HTOEFL
[2008.08.31 19:10:27 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Nokia
[2008.08.31 19:10:29 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\PC Suite
[2010.01.18 21:49:03 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\PeerNetworking
[2012.03.26 23:23:23 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Pinnacle
[2011.03.28 13:02:02 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\QuickScan
[2008.08.27 07:03:52 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\SampleView
[2011.03.14 23:25:41 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\TeamViewer
[2010.03.01 13:35:34 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Vensim
[2009.11.19 01:09:39 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Vensim Demo
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.12.10 14:42:50 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Adobe
[2011.11.22 13:34:51 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Avira
[2010.03.22 13:53:41 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\DivX
[2012.09.21 12:41:48 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Dropbox
[2010.11.05 17:49:32 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\dvdcss
[2012.09.11 17:53:24 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\EndNote
[2011.06.09 09:56:20 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\FileZilla
[2011.10.18 21:23:34 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\FreePDF
[2008.12.10 11:11:51 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\GTek
[2011.09.30 15:30:04 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\gtk-2.0
[2008.08.22 13:30:21 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Hewlett Packard
[2008.12.10 12:33:46 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Hewlett-Packard
[2009.12.13 22:59:30 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\HP
[2011.03.29 20:18:31 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\HpUpdate
[2011.02.01 13:46:20 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\ICAClient
[2008.08.22 13:37:48 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Identities
[2008.08.22 13:27:02 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\InstallShield
[2012.03.26 23:19:54 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\InstallShield Installation Information
[2009.02.25 00:03:04 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\InterVideo
[2009.03.17 21:23:37 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Leadertech
[2010.12.29 23:04:49 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Local
[2010.04.13 11:17:59 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\M-HTOEFL
[2008.08.22 13:37:28 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Macromedia
[2009.08.31 09:14:09 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Macrovision
[2011.11.07 19:58:45 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Malwarebytes
[2011.01.26 00:53:16 | 000,000,000 | --SD | M] -- C:\Users\Roman\AppData\Roaming\Microsoft
[2012.09.19 20:27:13 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Mozilla
[2008.08.31 19:10:27 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Nokia
[2008.08.31 19:10:29 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\PC Suite
[2010.01.18 21:49:03 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\PeerNetworking
[2012.03.26 23:23:23 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Pinnacle
[2011.03.28 13:02:02 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\QuickScan
[2012.03.11 18:25:59 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Roxio
[2008.08.27 07:03:52 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\SampleView
[2012.09.21 13:07:33 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Skype
[2010.11.28 17:11:45 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\skypePM
[2011.03.14 23:25:41 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\TeamViewer
[2010.03.01 13:35:34 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Vensim
[2009.11.19 01:09:39 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Vensim Demo
[2012.08.15 16:40:19 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\vlc
 
< %APPDATA%\*.exe /s >
[2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Roman\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2012.05.24 20:39:24 | 000,872,144 | ---- | M] (Dropbox, Inc.) -- C:\Users\Roman\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe
[2012.05.24 20:39:56 | 000,177,280 | ---- | M] (Dropbox, Inc.) -- C:\Users\Roman\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2007.02.15 14:32:38 | 000,114,176 | ---- | M] (InstallShield Software Corporation) -- C:\Users\Roman\AppData\Roaming\InstallShield Installation Information\{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}\setup.exe
[2011.11.16 17:41:18 | 000,045,126 | R--- | M] () -- C:\Users\Roman\AppData\Roaming\Microsoft\Installer\{A12EA295-32EA-42BB-8442-2C2BE852D4AA}\_00A2B159EC25728DD0F170.exe
[2011.11.16 17:41:18 | 000,045,126 | R--- | M] () -- C:\Users\Roman\AppData\Roaming\Microsoft\Installer\{A12EA295-32EA-42BB-8442-2C2BE852D4AA}\_0F16B68AE7780754B68FFC.exe
[2011.11.16 17:41:18 | 000,045,126 | R--- | M] () -- C:\Users\Roman\AppData\Roaming\Microsoft\Installer\{A12EA295-32EA-42BB-8442-2C2BE852D4AA}\_6FEFF9B68218417F98F549.exe
[2011.01.26 00:53:16 | 000,038,480 | R--- | M] () -- C:\Users\Roman\AppData\Roaming\Microsoft\Installer\{C49067A8-8212-4A82-A4D9-1519701644F0}\ARPICON.80486C74_ABED_4227_AF5C_9B1791CFA89C.exe
[2011.01.26 00:53:16 | 000,038,480 | R--- | M] () -- C:\Users\Roman\AppData\Roaming\Microsoft\Installer\{C49067A8-8212-4A82-A4D9-1519701644F0}\Icon80951CEC.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe
[2011.01.26 00:53:16 | 000,038,480 | R--- | M] () -- C:\Users\Roman\AppData\Roaming\Microsoft\Installer\{C49067A8-8212-4A82-A4D9-1519701644F0}\Icon80951CEC.exe.C76E2E86_AE54_4AF5_997C_63EBB83C7651.exe
[2011.01.26 00:53:16 | 000,026,192 | R--- | M] () -- C:\Users\Roman\AppData\Roaming\Microsoft\Installer\{C49067A8-8212-4A82-A4D9-1519701644F0}\Iconlights.ico.827545C6_7013_4DE1_8E6C_DAEE4C57F54A.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2007.12.14 02:32:14 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=313FF294978EA6AF715722D708FB249F -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20494_none_b858f78adaed51b3\AGP440.sys
[2007.12.14 02:32:15 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f2490cb0\AGP440.sys
[2007.12.14 02:32:15 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16399_none_b7d45c31c1cb309c\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.08.22 16:49:51 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.08.22 16:49:51 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.08.22 16:49:50 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2007.03.21 14:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\SwSetup\Drivers\32\HDD\iastor.sys
[2007.03.21 14:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\drivers\iaStor.sys
[2007.03.21 14:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_3a63e5a6\iaStor.sys
[2007.03.21 14:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_5f6e7be5\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2007.12.14 10:42:15 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2007.12.14 10:42:15 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2012.09.21 12:00:33 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2012.09.21 12:00:33 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
[2008.01.19 09:34:21 | 000,403,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll
 
<          >
[2006.11.02 15:01:23 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006.11.02 15:01:23 | 000,032,534 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2008.08.22 17:16:07 | 000,000,418 | -H-- | C] () -- C:\Windows\Tasks\User_Feed_Synchronization-{CC3E9DAD-3CAE-4881-A6FF-68E7ACDA3A43}.job
[2009.11.30 22:19:22 | 000,001,092 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2009.11.30 22:19:23 | 000,001,096 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2010.07.15 22:06:29 | 000,001,068 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3045474442-3283016014-914664241-1006Core.job
[2010.07.15 22:06:30 | 000,001,120 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3045474442-3283016014-914664241-1006UA.job
[2012.04.12 15:45:56 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

< End of report >

Gut? Schlecht? Was kann man daraus lesen? Was nun?

cosinus 21.09.2012 19:41
Sagmal ist das rein zufällig ein Büro-/Firmen-PC?

Seprom 23.09.2012 17:22
Nope! Kein Firmen-PC. Wird ausschließlich privat genutzt. Wie kommst du drauf? Wegen dem Betriebssystem?

Noch eine Frage bzgl. des Fixes, den wir mit OTL durchgeführt haben: Was haben wir da gemacht? Also was ist der Grund, dass zu tun? Nur das ich da grob verstehe, worum es geht. Interessiert mich natürlich.

cosinus 23.09.2012 18:56
Zitat:
Nope! Kein Firmen-PC. Wird ausschließlich privat genutzt. Wie kommst du drauf? Wegen dem Betriebssystem?
Ja, da läuft ein Vista Business drauf. Warum die Business-Edition?

Zitat:
Noch eine Frage bzgl. des Fixes, den wir mit OTL durchgeführt haben: Was haben wir da gemacht? Also was ist der Grund, dass zu tun? Nur das ich da grob verstehe, worum es geht. Interessiert mich natürlich.
Keine Ahnung wovon du redest, in diesem Strang hab ich noch keinen OTL-Fix angewiesen :pfeiff:

Seprom 23.09.2012 19:43
Die Business-Edition rührt daher, dass ich den Laptop während eines Praktikums vom Chef geschenkt bekam, weil mein eigener den Geist aufgegeben hat. Der Rechner wurde über den IT-Versorger des Unternehmens bezogen. Daher wohl die Business-Edition.

Meine Frage hat mein Unwissen also direkt offenbart. Ich wollte schlicht wissen was wir da tun und warum wir das tun? Ich will ja zumindest den Hauch eines Lerneffektes provozieren. :)

cosinus 23.09.2012 19:54
Wie OTL funktioniert und was bestimmte Sachen genau bedeuten sind interne Informationen, das posaunen wir nicht einfach so nach draußen :pfeiff:

Seprom 02.10.2012 16:39
Okay, also ist OTL eine Art Eigenentwicklung von euch, mit der Ihr nach Problemen sucht und diese, zumindest in Teilen, beheben könnt?

Warum, wenn man Fragen darf, die Geheimhaltung? Da damit sonst Schindluder durch Hacker und Konsorten getrieben werden kann?

Wie geht es denn jetzt bei mir weiter? Was wäre noch zu tun? Was ist das Zwischenergebnis? Wie schlimm ist es?


Vielen Grüße

cosinus 02.10.2012 19:45
Zitat:
Okay, also ist OTL eine Art Eigenentwicklung von euch, mit der Ihr nach Problemen sucht und diese, zumindest in Teilen, beheben könnt?
OTL ist keine Eigententwicklung, aber kann man das nicht einfach mal so stehenlassen, dass derartige Informationen vom Entwickler nicht für jeden zugänglich gemacht werden?
Sei doch froh, dass solche Tools für lau angewandt werden dürfen, was willst du mit der Dokumentation für Helfer? :wtf:

Zitat:
Wie geht es denn jetzt bei mir weiter? Was wäre noch zu tun? Was ist das Zwischenergebnis? Wie schlimm ist es?
Ich fürchte da ist noch Toolbar-Müll in deinem System
Bitte mal den aktuellen adwCleaner runterladen, also die alte adwcleaner löschen und neu runterladen

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

Seprom 13.10.2012 15:34
Hello again!

Zunächst, um unser am Rande erfolgendes Gespräch am Laufen zu halten :singsing:: Mir, als Laie geht es ja nicht darum irgendwie en détail zu verstehen wie irgendwelche Programme funktionieren. Wie deine Reaktion ja bereits offenlegt, kommt es wohl häufiger zu Anfragen hinsichtlich der anzuwendenden Programme. Ich denke, dass liegt schlicht an der herrschenden Ohnmacht eurer Hilfeempfänger. Wie soll man denn eure Ratschläge hinsichtlich besonderer Vorsicht beim Aufenthalt im iNet in Einklang mit der Geheimniskrämerei hinsichtlich eines auf dem eigenen PC auszuführenden Programms bringen? Ist doch klar, dass man da versucht zu erfahren, was man da eigentlich macht und vor allem, welche Risiken bei der Anwendung der Programme konkret für meinen Rechner und damit für mich bestehen. Daher die Anregung da vllt. auch mal mit ein paar Zeilen aufzuklären. Das muss ja keine spezifischen Angaben enthalten, dass jetzt irgendein böser Programmierer da was fieses gegen eure Nutzer bauen kann.

Sooooooo, hier das AdwCleaner-Log:
Code:
# AdwCleaner v2.004 - Datei am 13/10/2012 um 16:22:55 erstellt
# Aktualisiert am 06/10/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Business Service Pack 2 (32 bits)
# Benutzer : Roman - 6720S-RV
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Roman\Downloads\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gefunden : C:\Users\Roman\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKU\S-1-5-21-3045474442-3283016014-914664241-1006\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v15.0 (de)

Profilname : default
Datei : C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\m4f927su.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [1230 octets] - [11/09/2012 16:06:22]
AdwCleaner[S1].txt - [1735 octets] - [13/09/2012 21:23:59]
AdwCleaner[R2].txt - [1498 octets] - [13/10/2012 16:22:55]

########## EOF - C:\AdwCleaner[R2].txt - [1558 octets] ##########

Und, alles gut? Oder doch noch irgendwie komisch? Was soll ich machen?


Beste Grüße und vielen Dank!!!!!!!!!!

cosinus 13.10.2012 17:36
Ok du hast danach gefragt also lies es auch bitte :pfeiff: => http://www.smokey-services.eu/forums...?topic=68252.0

Seprom 13.10.2012 18:08
Danke! :daumenhoc

Les mir das jetzt sofort mal durch.

Schon crazy! Da sieht man mal, wie so was aufgebaut ist. Auch super geschrieben, das Tutorial! Da versteht man zumindest die gruben Zusammenhänge, auch wenn man sich nicht auskennt. Danke nochmal für den Link!!!! :daumenhoc

Bzgl. des AdwCleaner-Logs: Was kannst Du da rauslesen bzw. was soll ich noch tun? Wie geht's weiter? Ich bin quasi vor dem Wagen angespannt und ready for :zzwhip:


Beste Grüße

cosinus 13.10.2012 20:52
adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Seprom 15.10.2012 13:49
Done! Unten folgt das Log. Was nun?

Code:
# AdwCleaner v2.004 - Datei am 15/10/2012 um 14:18:24 erstellt
# Aktualisiert am 06/10/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Business Service Pack 2 (32 bits)
# Benutzer : Roman - 6720S-RV
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Roman\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Users\Roman\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v15.0 (de)

Profilname : default
Datei : C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\m4f927su.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [1230 octets] - [11/09/2012 16:06:22]
AdwCleaner[S1].txt - [1735 octets] - [13/09/2012 21:23:59]
AdwCleaner[R2].txt - [1627 octets] - [13/10/2012 16:22:55]
AdwCleaner[S2].txt - [1399 octets] - [15/10/2012 14:18:24]

########## EOF - C:\AdwCleaner[S2].txt - [1459 octets] ##########

cosinus 15.10.2012 15:13
Bitte mal den aktuellen adwCleaner v2.005 runterladen, also die alte adwcleaner löschen und neu runterladen

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

Seprom 15.10.2012 17:22
Sooooo, bitte schön:

Code:
# AdwCleaner v2.005 - Datei am 15/10/2012 um 18:20:31 erstellt
# Aktualisiert am 14/10/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Business Service Pack 2 (32 bits)
# Benutzer : Roman - 6720S-RV
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Roman\Downloads\adwcleaner(1).exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v15.0 (de)

Profilname : default
Datei : C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\m4f927su.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [1230 octets] - [11/09/2012 16:06:22]
AdwCleaner[S1].txt - [1735 octets] - [13/09/2012 21:23:59]
AdwCleaner[R2].txt - [1627 octets] - [13/10/2012 16:22:55]
AdwCleaner[S2].txt - [1528 octets] - [15/10/2012 14:18:24]
AdwCleaner[R3].txt - [1169 octets] - [15/10/2012 18:20:31]

########## EOF - C:\AdwCleaner[R3].txt - [1229 octets] ##########

Wie geht's weiter?


Beste Grüße

cosinus 15.10.2012 18:35
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Seprom 15.10.2012 19:58
Hier die OTL-Log:

Code:
OTL logfile created on: 15.10.2012 20:14:15 - Run 3
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Roman\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,11 Gb Available Physical Memory | 55,70% Memory free
4,22 Gb Paging File | 2,91 Gb Available in Paging File | 69,11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 102,28 Gb Total Space | 23,48 Gb Free Space | 22,95% Space Free | Partition Type: NTFS
Drive E: | 1,55 Gb Total Space | 1,32 Gb Free Space | 84,89% Space Free | Partition Type: NTFS
Drive F: | 7,95 Gb Total Space | 0,98 Gb Free Space | 12,34% Space Free | Partition Type: NTFS
 
Computer Name: 6720S-RV | User Name: Roman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.15 20:11:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Roman\Downloads\OTL.exe
PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.08.08 13:06:44 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.07.16 16:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Roman\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.05.08 19:57:03 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 19:57:02 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 19:57:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010.12.10 19:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2010.12.10 19:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2010.08.19 10:52:14 | 000,241,664 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2010.08.19 10:52:04 | 000,229,376 | ---- | M] () -- C:\ProgramData\DatacardService\DCService.exe
PRC - [2009.11.11 14:00:54 | 000,076,856 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.03.18 17:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2008.01.19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007.06.06 15:34:02 | 000,715,912 | ---- | M] () -- C:\Windows\SMINST\Scheduler.exe
PRC - [2007.03.29 13:11:50 | 000,719,664 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007.02.06 08:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
PRC - [2007.01.09 16:52:36 | 000,145,184 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
PRC - [2007.01.04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009.07.02 00:46:06 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
MOD - [2007.08.24 14:28:04 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
MOD - [2007.06.08 10:05:38 | 000,274,432 | ---- | M] () -- C:\Windows\System32\flcdlmsg.dll
MOD - [2007.06.06 15:34:02 | 000,715,912 | ---- | M] () -- C:\Windows\SMINST\Scheduler.exe
MOD - [2007.03.29 13:02:48 | 000,126,976 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2007.03.29 12:42:38 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll
MOD - [2007.02.15 17:37:00 | 000,446,464 | ---- | M] () -- C:\Windows\SMINST\naspp.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.10.13 15:10:31 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.12 13:13:23 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.16 16:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.07.03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.08 19:57:03 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 19:57:02 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010.12.10 19:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2010.12.10 19:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ)
SRV - [2010.12.10 19:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2010.12.10 19:29:30 | 000,044,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2010.08.19 10:52:04 | 000,229,376 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\DCService.exe -- (DCService.exe)
SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008.03.18 17:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007.06.08 10:06:42 | 000,172,131 | R--- | M] (Hewlett-Packard Ltd) [On_Demand | Stopped] -- C:\Windows\System32\flcdlock.exe -- (FLCDLOCK)
SRV - [2007.02.06 08:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2007.01.04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.05.08 19:57:03 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 19:57:03 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.19 17:56:15 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.08.27 13:53:46 | 000,116,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2010.08.07 17:48:42 | 000,106,880 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010.07.27 15:25:48 | 000,072,832 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2010.07.27 09:52:02 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2010.07.27 08:14:58 | 006,842,464 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2010.07.27 08:12:50 | 000,282,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2010.07.27 08:12:26 | 000,114,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2010.06.17 16:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.03.11 11:17:14 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV - [2010.02.25 01:03:16 | 000,014,904 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBTTN.sys -- (HBtnKey)
DRV - [2009.08.24 10:14:30 | 000,044,544 | ---- | M] (AzureWave Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\azvusb.sys -- (azvusb)
DRV - [2009.04.29 07:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2008.12.05 07:55:40 | 000,217,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2008.11.21 21:53:40 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008.11.17 16:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008.10.09 16:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008.03.29 17:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007.10.12 03:00:44 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007.10.12 02:56:22 | 000,490,776 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928)
DRV - [2007.09.14 17:42:04 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007.06.08 09:49:46 | 000,030,008 | R--- | M] (Hewlett-Packard Development Company L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DAMDrv.sys -- (DAMDrv)
DRV - [2007.01.29 20:20:04 | 000,361,728 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2007.01.29 20:19:48 | 000,039,680 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2007.01.18 17:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006.11.02 09:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006.11.02 03:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=74&bd=smb&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=74&bd=smb&pf=laptop
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{2B837857-67A1-4C72-9DB1-2D2A378C9A78}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcmnbie7-de-de
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-3045474442-3283016014-914664241-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3045474442-3283016014-914664241-1006\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3045474442-3283016014-914664241-1006\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3045474442-3283016014-914664241-1006\..\SearchScopes\{0579B8E0-5480-4051-A82C-8636BF5C2F2B}: "URL" = hxxp://search.ebay.de/search/search.dll?satitle={searchTerms}
IE - HKU\S-1-5-21-3045474442-3283016014-914664241-1006\..\SearchScopes\{169537B5-61AE-469C-BB97-83FD10990702}: "URL" = hxxp://www.amazon.de/gp/search?search-alias=aps&field-keywords={searchTerms}
IE - HKU\S-1-5-21-3045474442-3283016014-914664241-1006\..\SearchScopes\{2B837857-67A1-4C72-9DB1-2D2A378C9A78}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcmnbie7-de-de
IE - HKU\S-1-5-21-3045474442-3283016014-914664241-1006\..\SearchScopes\{4C6E59F8-C3A3-48C7-AA8E-C321635D00E4}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms}
IE - HKU\S-1-5-21-3045474442-3283016014-914664241-1006\..\SearchScopes\{6247DA3A-9DCB-4910-A6D3-9BB1D862BB58}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}
IE - HKU\S-1-5-21-3045474442-3283016014-914664241-1006\..\SearchScopes\{D60D28A7-939B-4DA6-A7F2-7FD457008A6B}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-3045474442-3283016014-914664241-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: en-GB@dictionaries.addons.mozilla.org:1.19.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Roman\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Roman\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Roman\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Roman\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.03.05 14:29:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2011.01.06 15:43:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.13 15:10:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.13 15:10:24 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2011.01.06 15:43:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.13 15:10:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.13 15:10:24 | 000,000,000 | ---D | M]
 
[2012.04.18 13:36:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Roman\AppData\Roaming\mozilla\Extensions
[2012.10.13 14:00:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Roman\AppData\Roaming\mozilla\Firefox\Profiles\m4f927su.default\extensions
[2012.10.13 14:00:07 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Roman\AppData\Roaming\mozilla\Firefox\Profiles\m4f927su.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2012.04.18 13:59:34 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\Roman\AppData\Roaming\mozilla\Firefox\Profiles\m4f927su.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2012.08.30 17:06:25 | 000,088,614 | ---- | M] () (No name found) -- C:\Users\Roman\AppData\Roaming\mozilla\firefox\profiles\m4f927su.default\extensions\extension@ciuvo.com.xpi
[2012.07.26 12:26:28 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Roman\AppData\Roaming\mozilla\firefox\profiles\m4f927su.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.04.18 14:10:35 | 000,001,692 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\mozilla\firefox\profiles\m4f927su.default\searchplugins\alle-preise---guenstigerde.xml
[2012.08.19 20:32:45 | 000,012,703 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\mozilla\firefox\profiles\m4f927su.default\searchplugins\imdb.xml
[2012.04.18 14:06:26 | 000,002,322 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\mozilla\firefox\profiles\m4f927su.default\searchplugins\openthesaurus.xml
[2012.04.18 14:02:19 | 000,002,006 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\mozilla\firefox\profiles\m4f927su.default\searchplugins\urban-dictionary.xml
[2012.04.18 14:02:41 | 000,001,330 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\mozilla\firefox\profiles\m4f927su.default\searchplugins\wikipedia-en.xml
[2012.04.18 14:02:55 | 000,002,446 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\mozilla\firefox\profiles\m4f927su.default\searchplugins\wiktionary-de.xml
[2012.04.18 14:01:58 | 000,001,997 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\mozilla\firefox\profiles\m4f927su.default\searchplugins\wolframalpha.xml
[2012.04.22 21:15:19 | 000,002,057 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\mozilla\firefox\profiles\m4f927su.default\searchplugins\youtube-videosuche.xml
[2012.10.13 15:10:20 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.10.13 15:10:31 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.07.14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.31 01:20:01 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.07.14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&output=chrome&hl={language}&q={searchTerms}
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1            localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [ST Recovery Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O4 - Startup: C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Roman\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1AE68D5B-3AD6-42B3-A1A7-304EE002046D}: DhcpNameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3992FE55-F80B-4794-AA86-7FF9206DA54C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62E1A4B8-18E1-400D-85B6-74F40BA9D696}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B6863DED-BCB9-4047-820F-43F1C596DE39}: DhcpNameServer = 193.189.244.225 193.189.244.206
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\Windows\System32\DeviceNP.dll (Hewlett-Packard Limited)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - Unable to obtain root file information for disk F:\
O33 - MountPoints2\{034c157c-b0f4-11de-9a1b-001f2991aeb0}\Shell\AutoRun\command - "" = H:\SamsungSoftware\APPInst.exe
O33 - MountPoints2\{4ab35dfd-fcaf-11e0-ac37-001f3c5d8866}\Shell - "" = AutoRun
O33 - MountPoints2\{4ab35dfd-fcaf-11e0-ac37-001f3c5d8866}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{4ab35e48-fcaf-11e0-ac37-001e101f2b52}\Shell - "" = AutoRun
O33 - MountPoints2\{4ab35e48-fcaf-11e0-ac37-001e101f2b52}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{67af874b-956d-11de-800b-001f2991aeb0}\Shell - "" = AutoRun
O33 - MountPoints2\{67af874b-956d-11de-800b-001f2991aeb0}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe
O33 - MountPoints2\{67af876d-956d-11de-800b-001f2991aeb0}\Shell - "" = AutoRun
O33 - MountPoints2\{67af876d-956d-11de-800b-001f2991aeb0}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe
O33 - MountPoints2\{94a89076-a150-11de-851b-001f2991aeb0}\Shell\AutoRun\command - "" = ps.bat
O33 - MountPoints2\{94a89076-a150-11de-851b-001f2991aeb0}\Shell\explore\Command - "" = ps.bat
O33 - MountPoints2\{94a89076-a150-11de-851b-001f2991aeb0}\Shell\open\Command - "" = ps.bat
O33 - MountPoints2\{98fda891-21ae-11e1-a3ff-001e101f50a4}\Shell - "" = AutoRun
O33 - MountPoints2\{98fda891-21ae-11e1-a3ff-001e101f50a4}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{f530994e-ce03-11de-99bc-001f2991aeb0}\Shell\AutoRun\command - "" = G:\avira.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DVD Check.lnk - C:\Programme\InterVideo\DVD Check\DVDCheck.exe - (InterVideo Inc.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Programme\Hp\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk -  - File not found
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= -  File not found
MsConfig - StartUpReg: DivXUpdate - hkey= - key= -  File not found
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Users\Roman\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: HotKeysCmds - hkey= - key= -  File not found
MsConfig - StartUpReg: IgfxTray - hkey= - key= -  File not found
MsConfig - StartUpReg: ISUSPM - hkey= - key= - C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
MsConfig - StartUpReg: LightScribe Control Panel - hkey= - key= - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
MsConfig - StartUpReg: LogitechCommunicationsManager - hkey= - key= -  File not found
MsConfig - StartUpReg: LogitechQuickCamRibbon - hkey= - key= -  File not found
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: Persistence - hkey= - key= -  File not found
MsConfig - StartUpReg: PMCLoader - hkey= - key= - C:\Programme\Pinnacle\TVCenter Pro\PMCLoader.exe (Pinnacle Systems GmbH)
MsConfig - StartUpReg: PMCRemote - hkey= - key= - C:\Programme\Pinnacle\Shared Files\Programs\Remote\remoterm.exe (Pinnacle Systems)
MsConfig - StartUpReg: RemoTerm.exe - hkey= - key= -  File not found
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: SoundMAXPnP - hkey= - key= - C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: WatchDog - hkey= - key= - C:\Programme\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
MsConfig - State: "startup" - 2
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /HideWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.I420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.14 21:44:04 | 000,000,000 | ---D | C] -- C:\Users\Roman\Desktop\Uni Sport FFM
[2012.10.13 15:10:19 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.10.12 13:29:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2012.10.12 13:29:28 | 000,081,920 | ---- | C] (pdfforge GbR) -- C:\Windows\System32\pdfcmon.dll
[2012.10.03 17:48:48 | 000,000,000 | ---D | C] -- C:\Users\Roman\Documents\Villa Andreae-Dateien
[2012.09.21 14:19:05 | 000,000,000 | ---D | C] -- C:\Users\Roman\AppData\Roaming\elsterformular
[2012.09.21 14:17:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
[2012.09.21 14:17:53 | 000,000,000 | ---D | C] -- C:\ProgramData\elsterformular
[2012.09.21 14:17:34 | 000,000,000 | ---D | C] -- C:\Program Files\ElsterFormular
[2012.09.19 21:32:10 | 000,000,000 | ---D | C] -- C:\Windows\QLB
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.15 20:13:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.15 19:25:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3045474442-3283016014-914664241-1006UA.job
[2012.10.15 19:25:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.15 18:21:34 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.15 18:21:34 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.15 14:22:17 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.15 14:21:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.15 14:21:25 | 2138,365,952 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.15 14:18:56 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.10.13 20:25:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3045474442-3283016014-914664241-1006Core.job
[2012.10.12 13:34:06 | 000,051,718 | ---- | M] () -- C:\Users\Roman\Documents\Studienbescheinigung FFM_WS 2012.pdf
[2012.10.12 13:19:37 | 001,358,815 | ---- | M] () -- C:\Users\Roman\Documents\Studienbescheinigung FFM_WS 2012.jpg
[2012.10.03 17:48:59 | 000,195,120 | ---- | M] () -- C:\Users\Roman\Documents\Villa Andreae.htm
[2012.10.02 18:23:15 | 000,695,968 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.02 18:23:15 | 000,651,282 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.02 18:23:15 | 000,154,444 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.02 18:23:15 | 000,125,532 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.21 14:17:55 | 000,001,022 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2012.09.21 12:00:45 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2012.09.21 12:00:45 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2012.09.21 12:00:33 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
 
========== Files Created - No Company Name ==========
 
[2012.10.12 13:32:00 | 000,051,718 | ---- | C] () -- C:\Users\Roman\Documents\Studienbescheinigung FFM_WS 2012.pdf
[2012.10.12 13:19:36 | 001,358,815 | ---- | C] () -- C:\Users\Roman\Documents\Studienbescheinigung FFM_WS 2012.jpg
[2012.10.03 17:48:48 | 000,195,120 | ---- | C] () -- C:\Users\Roman\Documents\Villa Andreae.htm
[2012.09.21 14:17:55 | 000,001,022 | ---- | C] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2012.09.21 12:00:33 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012.08.02 14:19:21 | 000,000,218 | ---- | C] () -- C:\Users\Roman\.recently-used.xbel
[2012.08.02 14:19:18 | 000,000,314 | ---- | C] () -- C:\Users\Roman\AppData\Roaming\psppirerc
[2012.03.26 23:22:05 | 000,000,093 | ---- | C] () -- C:\Users\Roman\AppData\Local\fusioncache.dat
[2012.03.26 23:22:00 | 000,138,752 | ---- | C] () -- C:\Windows\System32\MASE32.DLL
[2012.03.26 23:22:00 | 000,057,856 | ---- | C] () -- C:\Windows\System32\MASD32.DLL
[2012.03.26 23:21:59 | 000,196,096 | ---- | C] () -- C:\Windows\System32\MACD32.DLL
[2012.03.26 23:21:59 | 000,136,192 | ---- | C] () -- C:\Windows\System32\MAMC32.DLL
[2012.03.26 23:21:59 | 000,027,648 | ---- | C] () -- C:\Windows\System32\MA32.DLL
[2011.11.06 22:08:42 | 000,278,386 | ---- | C] () -- C:\Users\Roman\AppData\Local\census.cache
[2011.11.06 22:08:14 | 000,201,735 | ---- | C] () -- C:\Users\Roman\AppData\Local\ars.cache
[2011.11.06 21:57:45 | 000,000,036 | ---- | C] () -- C:\Users\Roman\AppData\Local\housecall.guid.cache
[2011.10.18 21:19:07 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.01.06 22:59:20 | 000,078,210 | ---- | C] () -- C:\Windows\hpqins05.dat
[2011.01.06 15:15:07 | 000,214,743 | ---- | C] () -- C:\Windows\hpwins23.dat
[2010.01.18 21:49:03 | 000,024,206 | ---- | C] () -- C:\Users\Roman\AppData\Roaming\UserTile.png
[2009.12.29 14:42:28 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.12.18 16:56:53 | 000,000,680 | ---- | C] () -- C:\Users\Roman\AppData\Local\d3d9caps.dat
[2008.08.31 23:15:11 | 000,038,442 | ---- | C] () -- C:\Users\Roman\AppData\Roaming\Tabulatorgetrennte Werte (Windows).ADR
[2008.08.31 21:23:24 | 000,038,437 | ---- | C] () -- C:\Users\Roman\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2008.08.28 20:20:29 | 000,000,466 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008.08.27 20:07:43 | 000,211,968 | ---- | C] () -- C:\Users\Roman\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.08.25 22:13:44 | 000,001,074 | RH-- | C] () -- C:\Users\Roman\XrxWm.ini
[2008.08.25 22:13:44 | 000,000,522 | RH-- | C] () -- C:\Users\Roman\xw45cpdy.dyc
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:18 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.10.15 14:24:51 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Dropbox
[2012.09.21 14:19:21 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\elsterformular
[2012.10.15 10:02:25 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\EndNote
[2011.06.09 09:56:20 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\FileZilla
[2011.10.18 21:23:34 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\FreePDF
[2011.09.30 15:30:04 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\gtk-2.0
[2008.08.22 13:30:21 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Hewlett Packard
[2011.02.01 13:46:20 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\ICAClient
[2009.02.25 00:03:04 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\InterVideo
[2009.03.17 21:23:37 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Leadertech
[2010.12.29 23:04:49 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Local
[2010.04.13 11:17:59 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\M-HTOEFL
[2008.08.31 19:10:27 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Nokia
[2008.08.31 19:10:29 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\PC Suite
[2010.01.18 21:49:03 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\PeerNetworking
[2012.03.26 23:23:23 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Pinnacle
[2011.03.28 13:02:02 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\QuickScan
[2008.08.27 07:03:52 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\SampleView
[2011.03.14 23:25:41 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\TeamViewer
[2010.03.01 13:35:34 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Vensim
[2009.11.19 01:09:39 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Vensim Demo
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.12.10 14:42:50 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Adobe
[2011.11.22 13:34:51 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Avira
[2010.03.22 13:53:41 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\DivX
[2012.10.15 14:24:51 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Dropbox
[2010.11.05 17:49:32 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\dvdcss
[2012.09.21 14:19:21 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\elsterformular
[2012.10.15 10:02:25 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\EndNote
[2011.06.09 09:56:20 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\FileZilla
[2011.10.18 21:23:34 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\FreePDF
[2008.12.10 11:11:51 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\GTek
[2011.09.30 15:30:04 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\gtk-2.0
[2008.08.22 13:30:21 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Hewlett Packard
[2008.12.10 12:33:46 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Hewlett-Packard
[2009.12.13 22:59:30 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\HP
[2011.03.29 20:18:31 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\HpUpdate
[2011.02.01 13:46:20 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\ICAClient
[2008.08.22 13:37:48 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Identities
[2008.08.22 13:27:02 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\InstallShield
[2012.03.26 23:19:54 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\InstallShield Installation Information
[2009.02.25 00:03:04 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\InterVideo
[2009.03.17 21:23:37 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Leadertech
[2010.12.29 23:04:49 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Local
[2010.04.13 11:17:59 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\M-HTOEFL
[2008.08.22 13:37:28 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Macromedia
[2009.08.31 09:14:09 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Macrovision
[2011.11.07 19:58:45 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Malwarebytes
[2011.01.26 00:53:16 | 000,000,000 | --SD | M] -- C:\Users\Roman\AppData\Roaming\Microsoft
[2012.10.12 17:25:08 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Mozilla
[2008.08.31 19:10:27 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Nokia
[2008.08.31 19:10:29 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\PC Suite
[2010.01.18 21:49:03 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\PeerNetworking
[2012.03.26 23:23:23 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Pinnacle
[2011.03.28 13:02:02 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\QuickScan
[2012.03.11 18:25:59 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Roxio
[2008.08.27 07:03:52 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\SampleView
[2012.09.21 13:07:33 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Skype
[2010.11.28 17:11:45 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\skypePM
[2011.03.14 23:25:41 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\TeamViewer
[2010.03.01 13:35:34 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Vensim
[2009.11.19 01:09:39 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Vensim Demo
[2012.08.15 16:40:19 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\vlc
 
< %APPDATA%\*.exe /s >
[2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Roman\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2012.05.24 20:39:24 | 000,872,144 | ---- | M] (Dropbox, Inc.) -- C:\Users\Roman\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe
[2012.05.24 20:39:56 | 000,177,280 | ---- | M] (Dropbox, Inc.) -- C:\Users\Roman\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2007.02.15 14:32:38 | 000,114,176 | ---- | M] (InstallShield Software Corporation) -- C:\Users\Roman\AppData\Roaming\InstallShield Installation Information\{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}\setup.exe
[2011.11.16 17:41:18 | 000,045,126 | R--- | M] () -- C:\Users\Roman\AppData\Roaming\Microsoft\Installer\{A12EA295-32EA-42BB-8442-2C2BE852D4AA}\_00A2B159EC25728DD0F170.exe
[2011.11.16 17:41:18 | 000,045,126 | R--- | M] () -- C:\Users\Roman\AppData\Roaming\Microsoft\Installer\{A12EA295-32EA-42BB-8442-2C2BE852D4AA}\_0F16B68AE7780754B68FFC.exe
[2011.11.16 17:41:18 | 000,045,126 | R--- | M] () -- C:\Users\Roman\AppData\Roaming\Microsoft\Installer\{A12EA295-32EA-42BB-8442-2C2BE852D4AA}\_6FEFF9B68218417F98F549.exe
[2011.01.26 00:53:16 | 000,038,480 | R--- | M] () -- C:\Users\Roman\AppData\Roaming\Microsoft\Installer\{C49067A8-8212-4A82-A4D9-1519701644F0}\ARPICON.80486C74_ABED_4227_AF5C_9B1791CFA89C.exe
[2011.01.26 00:53:16 | 000,038,480 | R--- | M] () -- C:\Users\Roman\AppData\Roaming\Microsoft\Installer\{C49067A8-8212-4A82-A4D9-1519701644F0}\Icon80951CEC.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe
[2011.01.26 00:53:16 | 000,038,480 | R--- | M] () -- C:\Users\Roman\AppData\Roaming\Microsoft\Installer\{C49067A8-8212-4A82-A4D9-1519701644F0}\Icon80951CEC.exe.C76E2E86_AE54_4AF5_997C_63EBB83C7651.exe
[2011.01.26 00:53:16 | 000,026,192 | R--- | M] () -- C:\Users\Roman\AppData\Roaming\Microsoft\Installer\{C49067A8-8212-4A82-A4D9-1519701644F0}\Iconlights.ico.827545C6_7013_4DE1_8E6C_DAEE4C57F54A.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2007.12.14 02:32:14 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=313FF294978EA6AF715722D708FB249F -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20494_none_b858f78adaed51b3\AGP440.sys
[2007.12.14 02:32:15 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f2490cb0\AGP440.sys
[2007.12.14 02:32:15 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16399_none_b7d45c31c1cb309c\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.08.22 16:49:51 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.08.22 16:49:51 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.08.22 16:49:50 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2007.03.21 14:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\SwSetup\Drivers\32\HDD\iastor.sys
[2007.03.21 14:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\drivers\iaStor.sys
[2007.03.21 14:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_3a63e5a6\iaStor.sys
[2007.03.21 14:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_5f6e7be5\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2007.12.14 10:42:15 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2007.12.14 10:42:15 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2012.09.21 12:00:33 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2012.09.21 12:00:33 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
[2008.01.19 09:34:21 | 000,403,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll
 
<          >
[2006.11.02 15:01:23 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006.11.02 15:01:23 | 000,032,534 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2008.08.22 17:16:07 | 000,000,418 | -H-- | C] () -- C:\Windows\Tasks\User_Feed_Synchronization-{CC3E9DAD-3CAE-4881-A6FF-68E7ACDA3A43}.job
[2009.11.30 22:19:22 | 000,001,092 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2009.11.30 22:19:23 | 000,001,096 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2010.07.15 22:06:29 | 000,001,068 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3045474442-3283016014-914664241-1006Core.job
[2010.07.15 22:06:30 | 000,001,120 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3045474442-3283016014-914664241-1006UA.job
[2012.04.12 15:45:56 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

< End of report >


Neue Erkenntnisse? :confused: What's next?


Danke und auf Bald!

cosinus 16.10.2012 11:33
DU musst hier nicht bei jedem Post nachfragen wie es weitergeht! Ich poste schon etwas nachdem ich das Log gesehen habe

Mach einen OTL-Fix, beende dazu alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
:Files
C:\Users\Roman\XrxWm.ini
C:\Users\Roman\xw45cpdy.dyc
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Seprom 16.10.2012 13:45
Meine wiederholten Äußerungen hinsichtlich des weiteren Verfahrens sind mir auch schon aufgestoßen. Ich habe dies aber schlicht als eine Geste der Höflichkeit angesehen und empfand es als deutlich besser, als eben nichts zu schreiben. In jedem Fall aber kann ich der "neuen Effizienz" Vorteile abgewinnen und will das nun so, wie von Dir vorgeschlagen handhaben. In jedem Fall guter Einwurf!

Code:
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
========== FILES ==========
C:\Users\Roman\XrxWm.ini moved successfully.
C:\Users\Roman\xw45cpdy.dyc moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Roman\Downloads\cmd.bat deleted successfully.
C:\Users\Roman\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: Roman
->Temp folder emptied: 328432084 bytes
->Temporary Internet Files folder emptied: 67680029 bytes
->Java cache emptied: 14223181 bytes
->FireFox cache emptied: 818733698 bytes
->Google Chrome cache emptied: 84019836 bytes
->Flash cache emptied: 18075 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 158436990 bytes
RecycleBin emptied: 114021354 bytes
 
Total Files Cleaned = 1.512,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 10162012_141627

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

cosinus 17.10.2012 11:47
Ich brauch den Quarantäneordner von OTL. Bitte folgendes machen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinflussen!
2.) Ordner MovedFiles in C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten!

4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten

Seprom 17.10.2012 12:27
BESCHEID! Zip-Ordner ist hochgeladen.

cosinus 17.10.2012 15:54
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtg4nzy0ywy5/settings_2012-09-04.png

Seprom 18.10.2012 14:02
Hat 10 Threads gefunden. Hab alle geskippt.

Code:
14:57:52.0926 2600  TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
14:57:53.0176 2600  ============================================================
14:57:53.0176 2600  Current date / time: 2012/10/18 14:57:53.0176
14:57:53.0176 2600  SystemInfo:
14:57:53.0176 2600 
14:57:53.0176 2600  OS Version: 6.0.6002 ServicePack: 2.0
14:57:53.0176 2600  Product type: Workstation
14:57:53.0176 2600  ComputerName: 6720S-RV
14:57:53.0176 2600  UserName: Roman
14:57:53.0176 2600  Windows directory: C:\Windows
14:57:53.0176 2600  System windows directory: C:\Windows
14:57:53.0176 2600  Processor architecture: Intel x86
14:57:53.0176 2600  Number of processors: 2
14:57:53.0176 2600  Page size: 0x1000
14:57:53.0176 2600  Boot type: Normal boot
14:57:53.0176 2600  ============================================================
14:57:54.0362 2600  Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:57:54.0424 2600  ============================================================
14:57:54.0424 2600  \Device\Harddisk0\DR0:
14:57:54.0440 2600  MBR partitions:
14:57:54.0440 2600  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xCC917C1
14:57:54.0440 2600  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xCC91800, BlocksNum 0xFE6000
14:57:54.0440 2600  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xDC79800, BlocksNum 0x31A800
14:57:54.0440 2600  ============================================================
14:57:54.0455 2600  C: <-> \Device\Harddisk0\DR0\Partition1
14:57:54.0549 2600  E: <-> \Device\Harddisk0\DR0\Partition3
14:57:54.0627 2600  F: <-> \Device\Harddisk0\DR0\Partition2
14:57:54.0689 2600  ============================================================
14:57:54.0689 2600  Initialize success
14:57:54.0689 2600  ============================================================
14:58:07.0497 4988  ============================================================
14:58:07.0497 4988  Scan started
14:58:07.0497 4988  Mode: Manual; SigCheck; TDLFS;
14:58:07.0497 4988  ============================================================
14:58:08.0168 4988  ================ Scan system memory ========================
14:58:08.0168 4988  System memory - ok
14:58:08.0168 4988  ================ Scan services =============================
14:58:08.0402 4988  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
14:58:08.0620 4988  ACPI - ok
14:58:08.0667 4988  [ FB9ECE3F7B8A03E474E611031AD4CD23 ] ADIHdAudAddService C:\Windows\system32\drivers\ADIHdAud.sys
14:58:08.0948 4988  ADIHdAudAddService - ok
14:58:09.0119 4988  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
14:58:09.0150 4988  AdobeARMservice - ok
14:58:09.0244 4988  [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:58:09.0275 4988  AdobeFlashPlayerUpdateSvc - ok
14:58:09.0338 4988  [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx        C:\Windows\system32\drivers\adp94xx.sys
14:58:09.0416 4988  adp94xx - ok
14:58:09.0431 4988  [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci        C:\Windows\system32\drivers\adpahci.sys
14:58:09.0447 4988  adpahci - ok
14:58:09.0462 4988  [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
14:58:09.0478 4988  adpu160m - ok
14:58:09.0509 4988  [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320        C:\Windows\system32\drivers\adpu320.sys
14:58:09.0525 4988  adpu320 - ok
14:58:09.0572 4988  [ 12D23758621B00B8D3134095EC3325FD ] AEADIFilters    C:\Windows\system32\AEADISRV.EXE
14:58:09.0650 4988  AEADIFilters - ok
14:58:09.0681 4988  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
14:58:09.0790 4988  AeLookupSvc - ok
14:58:09.0868 4988  [ 3911B972B55FEA0478476B2E777B29FA ] AFD            C:\Windows\system32\drivers\afd.sys
14:58:09.0930 4988  AFD - ok
14:58:09.0977 4988  [ EFBC44FBD75E4F80BD927AEBF6E7EADE ] AgereModemAudio C:\Windows\system32\agrsmsvc.exe
14:58:10.0024 4988  AgereModemAudio - ok
14:58:10.0102 4988  [ 3712986CC3ABF0DC656B43525B9D1279 ] AgereSoftModem  C:\Windows\system32\DRIVERS\AGRSM.sys
14:58:10.0289 4988  AgereSoftModem - ok
14:58:10.0367 4988  [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440          C:\Windows\system32\drivers\agp440.sys
14:58:10.0398 4988  agp440 - ok
14:58:10.0445 4988  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx        C:\Windows\system32\drivers\djsvs.sys
14:58:10.0476 4988  aic78xx - ok
14:58:10.0508 4988  [ A1545B731579895D8CC44FC0481C1192 ] ALG            C:\Windows\System32\alg.exe
14:58:10.0695 4988  ALG - ok
14:58:10.0710 4988  [ 90395B64600EBB4552E26E178C94B2E4 ] aliide          C:\Windows\system32\drivers\aliide.sys
14:58:10.0742 4988  aliide - ok
14:58:10.0788 4988  [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
14:58:10.0804 4988  amdagp - ok
14:58:10.0835 4988  [ 0577DF1D323FE75A739C787893D300EA ] amdide          C:\Windows\system32\drivers\amdide.sys
14:58:10.0882 4988  amdide - ok
14:58:10.0913 4988  [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7          C:\Windows\system32\drivers\amdk7.sys
14:58:11.0132 4988  AmdK7 - ok
14:58:11.0163 4988  [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8          C:\Windows\system32\DRIVERS\amdk8.sys
14:58:11.0241 4988  AmdK8 - ok
14:58:11.0319 4988  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
14:58:11.0350 4988  AntiVirSchedulerService - ok
14:58:11.0366 4988  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
14:58:11.0381 4988  AntiVirService - ok
14:58:11.0444 4988  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo        C:\Windows\System32\appinfo.dll
14:58:11.0490 4988  Appinfo - ok
14:58:11.0537 4988  [ 0FE769CAE5855B53C90E23F85E7E89FF ] AppMgmt        C:\Windows\System32\appmgmts.dll
14:58:11.0584 4988  AppMgmt - ok
14:58:11.0631 4988  [ 5F673180268BB1FDB69C99B6619FE379 ] arc            C:\Windows\system32\drivers\arc.sys
14:58:11.0646 4988  arc - ok
14:58:11.0678 4988  [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
14:58:11.0693 4988  arcsas - ok
14:58:11.0740 4988  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
14:58:11.0787 4988  AsyncMac - ok
14:58:11.0818 4988  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi          C:\Windows\system32\drivers\atapi.sys
14:58:11.0834 4988  atapi - ok
14:58:11.0927 4988  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:58:11.0958 4988  AudioEndpointBuilder - ok
14:58:11.0974 4988  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
14:58:12.0005 4988  Audiosrv - ok
14:58:12.0036 4988  [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
14:58:12.0068 4988  avgntflt - ok
14:58:12.0083 4988  [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
14:58:12.0099 4988  avipbb - ok
14:58:12.0130 4988  [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
14:58:12.0146 4988  avkmgr - ok
14:58:12.0224 4988  [ 0A5E8178EFF1D8F109A95235AEB7D76F ] azvusb          C:\Windows\system32\DRIVERS\azvusb.sys
14:58:12.0270 4988  azvusb - ok
14:58:12.0333 4988  [ CF6A67C90951E3E763D2135DEDE44B85 ] BCM43XV        C:\Windows\system32\DRIVERS\bcmwl6.sys
14:58:12.0395 4988  BCM43XV - ok
14:58:12.0411 4988  [ 08015D34F6FDD0B355805BAD978497C3 ] bcm4sbxp        C:\Windows\system32\DRIVERS\bcm4sbxp.sys
14:58:12.0489 4988  bcm4sbxp - ok
14:58:12.0551 4988  [ 6163664C7E9CD110AF70180C126C3FDC ] BcmSqlStartupSvc C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
14:58:12.0567 4988  BcmSqlStartupSvc - ok
14:58:12.0598 4988  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
14:58:12.0645 4988  Beep - ok
14:58:12.0692 4988  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE            C:\Windows\System32\bfe.dll
14:58:12.0738 4988  BFE - ok
14:58:12.0816 4988  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\System32\qmgr.dll
14:58:12.0941 4988  BITS - ok
14:58:12.0957 4988  blbdrive - ok
14:58:13.0019 4988  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
14:58:13.0082 4988  bowser - ok
14:58:13.0113 4988  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
14:58:13.0160 4988  BrFiltLo - ok
14:58:13.0175 4988  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
14:58:13.0206 4988  BrFiltUp - ok
14:58:13.0238 4988  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser        C:\Windows\System32\browser.dll
14:58:13.0316 4988  Browser - ok
14:58:13.0347 4988  [ B304E75CFF293029EDDF094246747113 ] Brserid        C:\Windows\system32\drivers\brserid.sys
14:58:13.0409 4988  Brserid - ok
14:58:13.0440 4988  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
14:58:13.0518 4988  BrSerWdm - ok
14:58:13.0534 4988  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
14:58:13.0612 4988  BrUsbMdm - ok
14:58:13.0659 4988  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
14:58:13.0721 4988  BrUsbSer - ok
14:58:13.0752 4988  [ 6D39C954799B63BA866910234CF7D726 ] BthEnum        C:\Windows\system32\DRIVERS\BthEnum.sys
14:58:13.0799 4988  BthEnum - ok
14:58:13.0830 4988  [ 9A966A8E86D1771911AE34A20D11BFF3 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
14:58:13.0877 4988  BTHMODEM - ok
14:58:13.0893 4988  [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
14:58:13.0955 4988  BthPan - ok
14:58:14.0018 4988  [ 611FF3F2F095C8D4A6D4CFD9DCC09793 ] BTHPORT        C:\Windows\system32\Drivers\BTHport.sys
14:58:14.0096 4988  BTHPORT - ok
14:58:14.0158 4988  [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ        C:\Windows\System32\bthserv.dll
14:58:14.0205 4988  BthServ - ok
14:58:14.0236 4988  [ D330803EAB2A15CAEC7F011F1D4CB30E ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
14:58:14.0283 4988  BTHUSB - ok
14:58:14.0408 4988  [ 636F45A8500C1438CFA7DEE15FC5C184 ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
14:58:14.0454 4988  btwaudio - ok
14:58:14.0501 4988  [ BF9256FF01B093A5D90BB7A35EC90410 ] btwavdt        C:\Windows\system32\drivers\btwavdt.sys
14:58:14.0548 4988  btwavdt - ok
14:58:14.0579 4988  [ 0AB8C1AC177AFB27309E1072FAF34A37 ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
14:58:14.0595 4988  btwrchid - ok
14:58:14.0642 4988  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
14:58:14.0688 4988  cdfs - ok
14:58:14.0751 4988  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom          C:\Windows\system32\DRIVERS\cdrom.sys
14:58:14.0829 4988  cdrom - ok
14:58:14.0876 4988  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc    C:\Windows\System32\certprop.dll
14:58:14.0922 4988  CertPropSvc - ok
14:58:14.0969 4988  [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass        C:\Windows\system32\drivers\circlass.sys
14:58:15.0032 4988  circlass - ok
14:58:15.0063 4988  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
14:58:15.0078 4988  CLFS - ok
14:58:15.0188 4988  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:58:15.0219 4988  clr_optimization_v2.0.50727_32 - ok
14:58:15.0266 4988  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:58:15.0281 4988  clr_optimization_v4.0.30319_32 - ok
14:58:15.0328 4988  [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
14:58:15.0359 4988  CmBatt - ok
14:58:15.0390 4988  [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
14:58:15.0406 4988  cmdide - ok
14:58:15.0484 4988  [ C7A0E61D5714AC20DE52D4F66EC773B8 ] Com4QLBEx      C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
14:58:15.0531 4988  Com4QLBEx - ok
14:58:15.0562 4988  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
14:58:15.0578 4988  Compbatt - ok
14:58:15.0578 4988  COMSysApp - ok
14:58:15.0624 4988  [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk        C:\Windows\system32\drivers\crcdisk.sys
14:58:15.0640 4988  crcdisk - ok
14:58:15.0656 4988  [ 22A7F883508176489F559EE745B5BF5D ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
14:58:15.0749 4988  Crusoe - ok
14:58:15.0812 4988  [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
14:58:15.0858 4988  CryptSvc - ok
14:58:15.0905 4988  [ 9BDB2E89BE8D0EF37B1F25C3D3FC192C ] CSC            C:\Windows\system32\drivers\csc.sys
14:58:15.0952 4988  CSC - ok
14:58:16.0030 4988  [ 0A2095F92F6AE4FE6484D911B0C21E95 ] CscService      C:\Windows\System32\cscsvc.dll
14:58:16.0108 4988  CscService - ok
14:58:16.0155 4988  [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA          C:\Windows\system32\DRIVERS\CVirtA.sys
14:58:16.0202 4988  CVirtA - ok
14:58:16.0233 4988  [ 5D5984255A4BFAA4262FB750DF7CD537 ] DAMDrv          C:\Windows\system32\DRIVERS\DAMDrv.sys
14:58:16.0295 4988  DAMDrv ( UnsignedFile.Multi.Generic ) - warning
14:58:16.0295 4988  DAMDrv - detected UnsignedFile.Multi.Generic (1)
14:58:16.0373 4988  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
14:58:16.0482 4988  DcomLaunch - ok
14:58:16.0576 4988  [ 3B604417EBAE4E1E66E6ABD8CC55FD76 ] DCService.exe  C:\ProgramData\DatacardService\DCService.exe
14:58:16.0592 4988  DCService.exe ( UnsignedFile.Multi.Generic ) - warning
14:58:16.0592 4988  DCService.exe - detected UnsignedFile.Multi.Generic (1)
14:58:16.0623 4988  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
14:58:16.0670 4988  DfsC - ok
14:58:16.0810 4988  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
14:58:17.0044 4988  DFSR - ok
14:58:17.0106 4988  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
14:58:17.0169 4988  Dhcp - ok
14:58:17.0216 4988  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
14:58:17.0247 4988  disk - ok
14:58:17.0294 4988  [ 86D52C32A308F84BBC626BFF7C1FB710 ] DNE            C:\Windows\system32\DRIVERS\dne2000.sys
14:58:17.0340 4988  DNE - ok
14:58:17.0387 4988  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
14:58:17.0450 4988  Dnscache - ok
14:58:17.0496 4988  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc        C:\Windows\System32\dot3svc.dll
14:58:17.0590 4988  dot3svc - ok
14:58:17.0637 4988  [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
14:58:17.0730 4988  Dot4 - ok
14:58:17.0762 4988  [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print      C:\Windows\system32\DRIVERS\Dot4Prt.sys
14:58:17.0824 4988  Dot4Print - ok
14:58:17.0871 4988  [ C55004CA6B419B6695970DFE849B122F ] dot4usb        C:\Windows\system32\DRIVERS\dot4usb.sys
14:58:17.0949 4988  dot4usb - ok
14:58:17.0980 4988  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS            C:\Windows\system32\dps.dll
14:58:18.0074 4988  DPS - ok
14:58:18.0120 4988  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
14:58:18.0183 4988  drmkaud - ok
14:58:18.0323 4988  [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
14:58:18.0417 4988  DXGKrnl - ok
14:58:18.0464 4988  [ ABFD0739BDA1A9295B872A4B27326B9C ] e1express      C:\Windows\system32\DRIVERS\e1e6032.sys
14:58:18.0495 4988  e1express - ok
14:58:18.0557 4988  [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60          C:\Windows\system32\DRIVERS\E1G60I32.sys
14:58:18.0682 4988  E1G60 - ok
14:58:18.0760 4988  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost        C:\Windows\System32\eapsvc.dll
14:58:18.0791 4988  EapHost - ok
14:58:18.0822 4988  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
14:58:18.0838 4988  Ecache - ok
14:58:18.0885 4988  [ E8F3F21A71720C84BCF423B80028359F ] elxstor        C:\Windows\system32\drivers\elxstor.sys
14:58:18.0900 4988  elxstor - ok
14:58:19.0056 4988  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt        C:\Windows\system32\emdmgmt.dll
14:58:19.0181 4988  EMDMgmt - ok
14:58:19.0290 4988  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem    C:\Windows\system32\es.dll
14:58:19.0368 4988  EventSystem - ok
14:58:19.0415 4988  [ E1556AF3FB0284C32896B9AC8494D9C2 ] ewusbnet        C:\Windows\system32\DRIVERS\ewusbnet.sys
14:58:19.0478 4988  ewusbnet - ok
14:58:19.0524 4988  [ 57C171EA22F0A7F068FCB0CAEDD1E8E7 ] ew_hwusbdev    C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
14:58:19.0571 4988  ew_hwusbdev - ok
14:58:19.0665 4988  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat          C:\Windows\system32\drivers\exfat.sys
14:58:19.0727 4988  exfat - ok
14:58:19.0758 4988  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat        C:\Windows\system32\drivers\fastfat.sys
14:58:19.0790 4988  fastfat - ok
14:58:19.0836 4988  [ DFBA0F60FA301E5B1BFB1403A93EE23E ] Fax            C:\Windows\system32\fxssvc.exe
14:58:19.0914 4988  Fax - ok
14:58:19.0946 4988  [ 63BDADA84951B9C03E641800E176898A ] fdc            C:\Windows\system32\DRIVERS\fdc.sys
14:58:20.0008 4988  fdc - ok
14:58:20.0024 4988  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost        C:\Windows\system32\fdPHost.dll
14:58:20.0086 4988  fdPHost - ok
14:58:20.0117 4988  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
14:58:20.0195 4988  FDResPub - ok
14:58:20.0211 4988  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
14:58:20.0226 4988  FileInfo - ok
14:58:20.0258 4988  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
14:58:20.0336 4988  Filetrace - ok
14:58:20.0367 4988  [ 224138E0CCDF7CE3281298473F6FD1D2 ] FLCDLOCK        C:\Windows\system32\flcdlock.exe
14:58:20.0398 4988  FLCDLOCK ( UnsignedFile.Multi.Generic ) - warning
14:58:20.0398 4988  FLCDLOCK - detected UnsignedFile.Multi.Generic (1)
14:58:20.0429 4988  [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
14:58:20.0492 4988  flpydisk - ok
14:58:20.0538 4988  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
14:58:20.0554 4988  FltMgr - ok
14:58:20.0679 4988  [ 8CE364388C8ECA59B14B539179276D44 ] FontCache      C:\Windows\system32\FntCache.dll
14:58:20.0726 4988  FontCache - ok
14:58:20.0866 4988  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:58:20.0897 4988  FontCache3.0.0.0 - ok
14:58:20.0913 4988  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
14:58:20.0960 4988  Fs_Rec - ok
14:58:20.0991 4988  [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
14:58:21.0006 4988  gagp30kx - ok
14:58:21.0131 4988  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc          C:\Windows\System32\gpsvc.dll
14:58:21.0194 4988  gpsvc - ok
14:58:21.0256 4988  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate        C:\Program Files\Google\Update\GoogleUpdate.exe
14:58:21.0272 4988  gupdate - ok
14:58:21.0287 4988  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
14:58:21.0303 4988  gupdatem - ok
14:58:21.0365 4988  [ C1B577B2169900F4CF7190C39F085794 ] gusvc          C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
14:58:21.0381 4988  gusvc - ok
14:58:21.0412 4988  [ 93AEE3434935FC2F805FEFD8DC5ED1B4 ] HBtnKey        C:\Windows\system32\DRIVERS\cpqbttn.sys
14:58:21.0428 4988  HBtnKey - ok
14:58:21.0459 4988  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:58:21.0537 4988  HdAudAddService - ok
14:58:21.0677 4988  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
14:58:21.0755 4988  HDAudBus - ok
14:58:21.0771 4988  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
14:58:21.0911 4988  HidBth - ok
14:58:21.0942 4988  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr          C:\Windows\system32\drivers\hidir.sys
14:58:22.0052 4988  HidIr - ok
14:58:22.0083 4988  [ 84067081F3318162797385E11A8F0582 ] hidserv        C:\Windows\system32\hidserv.dll
14:58:22.0114 4988  hidserv - ok
14:58:22.0161 4988  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
14:58:22.0192 4988  HidUsb - ok
14:58:22.0223 4988  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
14:58:22.0270 4988  hkmsvc - ok
14:58:22.0317 4988  [ A19B0BB5A7EB6DF2DD4A0711D36955EE ] HP Health Check Service c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
14:58:22.0317 4988  HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning
14:58:22.0317 4988  HP Health Check Service - detected UnsignedFile.Multi.Generic (1)
14:58:22.0348 4988  [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs        C:\Windows\system32\drivers\hpcisss.sys
14:58:22.0364 4988  HpCISSs - ok
14:58:22.0535 4988  [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08        C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
14:58:22.0582 4988  hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
14:58:22.0582 4988  hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
14:58:22.0629 4988  [ 7DA3211AC63EDD90B8ECA1CA1ABFD43B ] hpqddsvc        C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
14:58:22.0644 4988  hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
14:58:22.0644 4988  hpqddsvc - detected UnsignedFile.Multi.Generic (1)
14:58:22.0707 4988  [ 1210960FF8928950D2A786895B0C424A ] HpqKbFiltr      C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
14:58:22.0754 4988  HpqKbFiltr - ok
14:58:22.0863 4988  [ FDF273A845F1FFCCEADF363AAF47582F ] hpqwmiex        C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
14:58:22.0910 4988  hpqwmiex - ok
14:58:22.0988 4988  [ 14229263AA19C704E0D6D2E7404A8455 ] HPSLPSVC        C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
14:58:23.0034 4988  HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
14:58:23.0034 4988  HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
14:58:23.0081 4988  [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL        C:\Windows\system32\DRIVERS\VSTAZL3.SYS
14:58:23.0159 4988  HSFHWAZL - ok
14:58:23.0362 4988  [ EC36F1D542ED4252390D446BF6D4DFD0 ] HSF_DPV        C:\Windows\system32\DRIVERS\VSTDPV3.SYS
14:58:23.0502 4988  HSF_DPV - ok
14:58:23.0565 4988  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
14:58:23.0674 4988  HTTP - ok
14:58:23.0705 4988  [ 92548543D50C9BCCDB31FFB7EC39249D ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
14:58:23.0752 4988  huawei_enumerator - ok
14:58:23.0768 4988  [ A89423D0132C8AB69BA621B6CE191714 ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
14:58:23.0814 4988  hwdatacard - ok
14:58:23.0861 4988  [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp          C:\Windows\system32\drivers\i2omp.sys
14:58:23.0877 4988  i2omp - ok
14:58:23.0924 4988  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
14:58:23.0955 4988  i8042prt - ok
14:58:23.0986 4988  [ 997E8F5939F2D12CD9F2E6B395724C16 ] iaStor          C:\Windows\system32\drivers\iastor.sys
14:58:24.0002 4988  iaStor - ok
14:58:24.0080 4988  [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV        C:\Windows\system32\drivers\iastorv.sys
14:58:24.0111 4988  iaStorV - ok
14:58:24.0173 4988  [ 6F95324909B502E2651442C1548AB12F ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
14:58:24.0220 4988  IDriverT ( UnsignedFile.Multi.Generic ) - warning
14:58:24.0220 4988  IDriverT - detected UnsignedFile.Multi.Generic (1)
14:58:24.0376 4988  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc          C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:58:24.0516 4988  idsvc - ok
14:58:24.0641 4988  [ BBACE0293B73BF8C7CB591F2D06F26FA ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
14:58:24.0813 4988  igfx - ok
14:58:24.0860 4988  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp          C:\Windows\system32\drivers\iirsp.sys
14:58:24.0891 4988  iirsp - ok
14:58:24.0938 4988  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
14:58:25.0031 4988  IKEEXT - ok
14:58:25.0062 4988  [ 97469037714070E45194ED318D636401 ] intelide        C:\Windows\system32\drivers\intelide.sys
14:58:25.0062 4988  intelide - ok
14:58:25.0094 4988  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
14:58:25.0140 4988  intelppm - ok
14:58:25.0172 4988  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
14:58:25.0187 4988  IPBusEnum - ok
14:58:25.0218 4988  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:58:25.0265 4988  IpFilterDriver - ok
14:58:25.0296 4988  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
14:58:25.0343 4988  iphlpsvc - ok
14:58:25.0343 4988  IpInIp - ok
14:58:25.0374 4988  [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV        C:\Windows\system32\drivers\ipmidrv.sys
14:58:25.0421 4988  IPMIDRV - ok
14:58:25.0468 4988  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT          C:\Windows\system32\DRIVERS\ipnat.sys
14:58:25.0499 4988  IPNAT - ok
14:58:25.0530 4988  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
14:58:25.0577 4988  IRENUM - ok
14:58:25.0608 4988  [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
14:58:25.0608 4988  isapnp - ok
14:58:25.0655 4988  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
14:58:25.0671 4988  iScsiPrt - ok
14:58:25.0686 4988  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
14:58:25.0702 4988  iteatapi - ok
14:58:25.0718 4988  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid        C:\Windows\system32\drivers\iteraid.sys
14:58:25.0733 4988  iteraid - ok
14:58:25.0796 4988  [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr      C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
14:58:25.0811 4988  IviRegMgr - ok
14:58:25.0827 4988  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
14:58:25.0842 4988  kbdclass - ok
14:58:25.0858 4988  [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
14:58:25.0905 4988  kbdhid - ok
14:58:25.0936 4988  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
14:58:25.0983 4988  KeyIso - ok
14:58:26.0014 4988  [ 566C5FD480FDBCE3BA5CF9FBCFFAEA9A ] KMWDFILTER      C:\Windows\system32\DRIVERS\KMWDFILTER.sys
14:58:26.0061 4988  KMWDFILTER - ok
14:58:26.0108 4988  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
14:58:26.0170 4988  KSecDD - ok
14:58:26.0201 4988  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm          C:\Windows\system32\msdtckrm.dll
14:58:26.0248 4988  KtmRm - ok
14:58:26.0279 4988  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\system32\srvsvc.dll
14:58:26.0357 4988  LanmanServer - ok
14:58:26.0404 4988  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:58:26.0451 4988  LanmanWorkstation - ok
14:58:26.0498 4988  [ 31D8B705DCD5F2366186E731F87C7A71 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
14:58:26.0513 4988  LightScribeService - ok
14:58:26.0544 4988  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
14:58:26.0607 4988  lltdio - ok
14:58:26.0638 4988  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc        C:\Windows\System32\lltdsvc.dll
14:58:26.0685 4988  lltdsvc - ok
14:58:26.0716 4988  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts        C:\Windows\System32\lmhsvc.dll
14:58:26.0778 4988  lmhosts - ok
14:58:26.0825 4988  [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
14:58:26.0841 4988  LSI_FC - ok
14:58:26.0856 4988  [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS        C:\Windows\system32\drivers\lsi_sas.sys
14:58:26.0872 4988  LSI_SAS - ok
14:58:26.0888 4988  [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
14:58:26.0903 4988  LSI_SCSI - ok
14:58:26.0934 4988  [ 8F5C7426567798E62A3B3614965D62CC ] luafv          C:\Windows\system32\drivers\luafv.sys
14:58:26.0966 4988  luafv - ok
14:58:27.0012 4988  [ CBF0BF6AF73A704211BBB52EFACAA8A0 ] lvpopflt        C:\Windows\system32\DRIVERS\lvpopflt.sys
14:58:27.0028 4988  lvpopflt - ok
14:58:27.0106 4988  [ 6917B407DBEC11B3A078ABFC2EC2AC7C ] LVRS            C:\Windows\system32\DRIVERS\lvrs.sys
14:58:27.0122 4988  LVRS - ok
14:58:27.0153 4988  [ BE5E104BE263921D6842C555DB6A5C23 ] LVUSBSta        C:\Windows\system32\drivers\LVUSBSta.sys
14:58:27.0168 4988  LVUSBSta - ok
14:58:27.0356 4988  [ 44876E70E07E9A653BBE423DBFA35A1A ] LVUVC          C:\Windows\system32\DRIVERS\lvuvc.sys
14:58:27.0792 4988  LVUVC - ok
14:58:27.0870 4988  [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector  C:\Windows\system32\drivers\mbam.sys
14:58:27.0886 4988  MBAMProtector - ok
14:58:27.0917 4988  [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler  C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
14:58:27.0933 4988  MBAMScheduler - ok
14:58:27.0964 4988  [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
14:58:28.0011 4988  MBAMService - ok
14:58:28.0073 4988  [ D153B14FC6598EAE8422A2037553ADCE ] megasas        C:\Windows\system32\drivers\megasas.sys
14:58:28.0073 4988  megasas - ok
14:58:28.0120 4988  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS          C:\Windows\system32\mmcss.dll
14:58:28.0167 4988  MMCSS - ok
14:58:28.0198 4988  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem          C:\Windows\system32\drivers\modem.sys
14:58:28.0229 4988  Modem - ok
14:58:28.0260 4988  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
14:58:28.0307 4988  monitor - ok
14:58:28.0338 4988  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
14:58:28.0354 4988  mouclass - ok
14:58:28.0370 4988  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
14:58:28.0432 4988  mouhid - ok
14:58:28.0463 4988  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
14:58:28.0494 4988  MountMgr - ok
14:58:28.0572 4988  [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
14:58:28.0604 4988  MozillaMaintenance - ok
14:58:28.0635 4988  [ 583A41F26278D9E0EA548163D6139397 ] mpio            C:\Windows\system32\drivers\mpio.sys
14:58:28.0666 4988  mpio - ok
14:58:28.0697 4988  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
14:58:28.0760 4988  mpsdrv - ok
14:58:28.0791 4988  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
14:58:28.0884 4988  MpsSvc - ok
14:58:28.0916 4988  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
14:58:28.0931 4988  Mraid35x - ok
14:58:28.0962 4988  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
14:58:28.0994 4988  MRxDAV - ok
14:58:29.0025 4988  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
14:58:29.0072 4988  mrxsmb - ok
14:58:29.0118 4988  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:58:29.0134 4988  mrxsmb10 - ok
14:58:29.0150 4988  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:58:29.0196 4988  mrxsmb20 - ok
14:58:29.0228 4988  [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci          C:\Windows\system32\drivers\msahci.sys
14:58:29.0243 4988  msahci - ok
14:58:29.0274 4988  [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm          C:\Windows\system32\drivers\msdsm.sys
14:58:29.0290 4988  msdsm - ok
14:58:29.0321 4988  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC          C:\Windows\System32\msdtc.exe
14:58:29.0368 4988  MSDTC - ok
14:58:29.0399 4988  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
14:58:29.0446 4988  Msfs - ok
14:58:29.0477 4988  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
14:58:29.0493 4988  msisadrv - ok
14:58:29.0524 4988  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
14:58:29.0571 4988  MSiSCSI - ok
14:58:29.0586 4988  msiserver - ok
14:58:29.0618 4988  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
14:58:29.0649 4988  MSKSSRV - ok
14:58:29.0680 4988  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
14:58:29.0727 4988  MSPCLOCK - ok
14:58:29.0742 4988  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
14:58:29.0789 4988  MSPQM - ok
14:58:29.0820 4988  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
14:58:29.0836 4988  MsRPC - ok
14:58:29.0867 4988  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
14:58:29.0883 4988  mssmbios - ok
14:58:29.0945 4988  MSSQL$MSSMLBIZ - ok
14:58:29.0976 4988  [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
14:58:29.0976 4988  MSSQLServerADHelper - ok
14:58:30.0008 4988  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
14:58:30.0054 4988  MSTEE - ok
14:58:30.0086 4988  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup            C:\Windows\system32\Drivers\mup.sys
14:58:30.0101 4988  Mup - ok
14:58:30.0132 4988  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
14:58:30.0179 4988  napagent - ok
14:58:30.0242 4988  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
14:58:30.0257 4988  NativeWifiP - ok
14:58:30.0288 4988  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
14:58:30.0320 4988  NDIS - ok
14:58:30.0366 4988  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
14:58:30.0413 4988  NdisTapi - ok
14:58:30.0444 4988  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
14:58:30.0476 4988  Ndisuio - ok
14:58:30.0507 4988  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
14:58:30.0538 4988  NdisWan - ok
14:58:30.0554 4988  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
14:58:30.0616 4988  NDProxy - ok
14:58:30.0647 4988  [ 2969D26EEE289BE7422AA46FC55F4E38 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
14:58:30.0647 4988  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
14:58:30.0647 4988  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
14:58:30.0678 4988  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
14:58:30.0725 4988  NetBIOS - ok
14:58:30.0756 4988  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt          C:\Windows\system32\DRIVERS\netbt.sys
14:58:30.0803 4988  netbt - ok
14:58:30.0819 4988  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
14:58:30.0850 4988  Netlogon - ok
14:58:30.0866 4988  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
14:58:30.0912 4988  Netman - ok
14:58:30.0944 4988  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
14:58:31.0006 4988  netprofm - ok
14:58:31.0037 4988  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:58:31.0053 4988  NetTcpPortSharing - ok
14:58:31.0131 4988  [ 25ACCCFC33DD448B9D3037C5E439E830 ] NETw4v32        C:\Windows\system32\DRIVERS\NETw4v32.sys
14:58:31.0334 4988  NETw4v32 - ok
14:58:31.0490 4988  [ 8DE67BD902095A13329FD82C85A1FA09 ] NETw5v32        C:\Windows\system32\DRIVERS\NETw5v32.sys
14:58:31.0755 4988  NETw5v32 - ok
14:58:31.0802 4988  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960        C:\Windows\system32\drivers\nfrd960.sys
14:58:31.0833 4988  nfrd960 - ok
14:58:31.0880 4988  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
14:58:31.0942 4988  NlaSvc - ok
14:58:31.0973 4988  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
14:58:31.0989 4988  Npfs - ok
14:58:32.0020 4988  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi            C:\Windows\system32\nsisvc.dll
14:58:32.0098 4988  nsi - ok
14:58:32.0129 4988  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
14:58:32.0160 4988  nsiproxy - ok
14:58:32.0207 4988  [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
14:58:32.0316 4988  Ntfs - ok
14:58:32.0363 4988  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi      C:\Windows\system32\drivers\ntrigdigi.sys
14:58:32.0410 4988  ntrigdigi - ok
14:58:32.0426 4988  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
14:58:32.0472 4988  Null - ok
14:58:32.0504 4988  [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
14:58:32.0519 4988  nvraid - ok
14:58:32.0535 4988  [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor          C:\Windows\system32\drivers\nvstor.sys
14:58:32.0550 4988  nvstor - ok
14:58:32.0582 4988  [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
14:58:32.0597 4988  nv_agp - ok
14:58:32.0597 4988  NwlnkFlt - ok
14:58:32.0597 4988  NwlnkFwd - ok
14:58:32.0706 4988  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:58:32.0738 4988  odserv - ok
14:58:32.0784 4988  [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
14:58:32.0862 4988  ohci1394 - ok
14:58:32.0909 4988  [ 5A432A042DAE460ABE7199B758E8606C ] ose            C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:58:32.0925 4988  ose - ok
14:58:32.0987 4988  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
14:58:33.0081 4988  p2pimsvc - ok
14:58:33.0112 4988  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
14:58:33.0143 4988  p2psvc - ok
14:58:33.0206 4988  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport        C:\Windows\system32\drivers\parport.sys
14:58:33.0268 4988  Parport - ok
14:58:33.0299 4988  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr        C:\Windows\system32\drivers\partmgr.sys
14:58:33.0315 4988  partmgr - ok
14:58:33.0330 4988  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
14:58:33.0377 4988  Parvdm - ok
14:58:33.0393 4988  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
14:58:33.0455 4988  PcaSvc - ok
14:58:33.0471 4988  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci            C:\Windows\system32\drivers\pci.sys
14:58:33.0486 4988  pci - ok
14:58:33.0518 4988  [ 1636D43F10416AEB483BC6001097B26C ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
14:58:33.0533 4988  pciide - ok
14:58:33.0596 4988  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
14:58:33.0611 4988  pcmcia - ok
14:58:33.0658 4988  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
14:58:33.0752 4988  PEAUTH - ok
14:58:33.0798 4988  [ 3551190E9CF1EB4C0971BDEF4269CA25 ] PID_0928        C:\Windows\system32\DRIVERS\LV561AV.SYS
14:58:33.0845 4988  PID_0928 - ok
14:58:33.0908 4988  [ B1689DF169143F57053F795390C99DB3 ] pla            C:\Windows\system32\pla.dll
14:58:34.0032 4988  pla - ok
14:58:34.0064 4988  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
14:58:34.0110 4988  PlugPlay - ok
14:58:34.0188 4988  [ BAFC9706BDF425A02B66468AB2605C59 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
14:58:34.0204 4988  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
14:58:34.0204 4988  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
14:58:34.0251 4988  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg    C:\Windows\system32\p2psvc.dll
14:58:34.0282 4988  PNRPAutoReg - ok
14:58:34.0329 4988  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc        C:\Windows\system32\p2psvc.dll
14:58:34.0376 4988  PNRPsvc - ok
14:58:34.0422 4988  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
14:58:34.0500 4988  PolicyAgent - ok
14:58:34.0547 4988  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
14:58:34.0594 4988  PptpMiniport - ok
14:58:34.0625 4988  [ 0E3CEF5D28B40CF273281D620C50700A ] Processor      C:\Windows\system32\drivers\processr.sys
14:58:34.0703 4988  Processor - ok
14:58:34.0734 4988  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc        C:\Windows\system32\profsvc.dll
14:58:34.0781 4988  ProfSvc - ok
14:58:34.0812 4988  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
14:58:34.0828 4988  ProtectedStorage - ok
14:58:34.0844 4988  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
14:58:34.0890 4988  PSched - ok
14:58:34.0922 4988  [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys
14:58:34.0937 4988  PxHelp20 - ok
14:58:35.0000 4988  [ CCDAC889326317792480C0A67156A1EC ] ql2300          C:\Windows\system32\drivers\ql2300.sys
14:58:35.0062 4988  ql2300 - ok
14:58:35.0093 4988  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
14:58:35.0109 4988  ql40xx - ok
14:58:35.0156 4988  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE          C:\Windows\system32\qwave.dll
14:58:35.0202 4988  QWAVE - ok
14:58:35.0234 4988  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
14:58:35.0280 4988  QWAVEdrv - ok
14:58:35.0374 4988  [ E642B131FB74CAF4BB8A014F31113142 ] R300            C:\Windows\system32\DRIVERS\atikmdag.sys
14:58:35.0592 4988  R300 - ok
14:58:35.0639 4988  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
14:58:35.0686 4988  RasAcd - ok
14:58:35.0702 4988  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto        C:\Windows\System32\rasauto.dll
14:58:35.0764 4988  RasAuto - ok
14:58:35.0795 4988  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
14:58:35.0842 4988  Rasl2tp - ok
14:58:35.0889 4988  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
14:58:35.0936 4988  RasMan - ok
14:58:35.0967 4988  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
14:58:36.0029 4988  RasPppoe - ok
14:58:36.0045 4988  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
14:58:36.0092 4988  RasSstp - ok
14:58:36.0123 4988  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
14:58:36.0170 4988  rdbss - ok
14:58:36.0185 4988  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
14:58:36.0232 4988  RDPCDD - ok
14:58:36.0263 4988  [ 943B18305EAE3935598A9B4A3D560B4C ] rdpdr          C:\Windows\system32\DRIVERS\rdpdr.sys
14:58:36.0294 4988  rdpdr - ok
14:58:36.0294 4988  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
14:58:36.0326 4988  RDPENCDD - ok
14:58:36.0372 4988  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
14:58:36.0419 4988  RDPWD - ok
14:58:36.0450 4988  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
14:58:36.0513 4988  RemoteAccess - ok
14:58:36.0544 4988  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
14:58:36.0575 4988  RemoteRegistry - ok
14:58:36.0622 4988  [ 6482707F9F4DA0ECBAB43B2E0398A101 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
14:58:36.0638 4988  RFCOMM - ok
14:58:36.0731 4988  [ 229933CE97A9421F5F1673A20473726F ] RoxMediaDB9    c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
14:58:36.0840 4988  RoxMediaDB9 - ok
14:58:36.0903 4988  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
14:58:36.0965 4988  RpcLocator - ok
14:58:37.0028 4988  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs          C:\Windows\system32\rpcss.dll
14:58:37.0059 4988  RpcSs - ok
14:58:37.0090 4988  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
14:58:37.0152 4988  rspndr - ok
14:58:37.0184 4988  [ A3E186B4B935905B829219502557314E ] SamSs          C:\Windows\system32\lsass.exe
14:58:37.0199 4988  SamSs - ok
14:58:37.0230 4988  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
14:58:37.0246 4988  sbp2port - ok
14:58:37.0262 4988  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
14:58:37.0308 4988  SCardSvr - ok
14:58:37.0355 4988  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
14:58:37.0449 4988  Schedule - ok
14:58:37.0480 4988  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc    C:\Windows\System32\certprop.dll
14:58:37.0511 4988  SCPolicySvc - ok
14:58:37.0527 4988  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
14:58:37.0558 4988  SDRSVC - ok
14:58:37.0589 4988  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
14:58:37.0652 4988  secdrv - ok
14:58:37.0683 4988  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
14:58:37.0714 4988  seclogon - ok
14:58:37.0745 4988  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
14:58:37.0761 4988  SENS - ok
14:58:37.0792 4988  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum        C:\Windows\system32\drivers\serenum.sys
14:58:37.0839 4988  Serenum - ok
14:58:37.0854 4988  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
14:58:37.0901 4988  Serial - ok
14:58:37.0932 4988  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
14:58:37.0948 4988  sermouse - ok
14:58:37.0995 4988  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
14:58:38.0026 4988  SessionEnv - ok
14:58:38.0057 4988  [ 51CF56AA8BCC241F134B420B8F850406 ] sffdisk        C:\Windows\system32\drivers\sffdisk.sys
14:58:38.0073 4988  sffdisk - ok
14:58:38.0088 4988  [ 96DED8B20C734AC41641CE275250E55D ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
14:58:38.0104 4988  sffp_mmc - ok
14:58:38.0120 4988  [ 8B08CAB1267B2C377883FC9E56981F90 ] sffp_sd        C:\Windows\system32\drivers\sffp_sd.sys
14:58:38.0135 4988  sffp_sd - ok
14:58:38.0151 4988  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy        C:\Windows\system32\drivers\sfloppy.sys
14:58:38.0198 4988  sfloppy - ok
14:58:38.0213 4988  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
14:58:38.0276 4988  SharedAccess - ok
14:58:38.0322 4988  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:58:38.0354 4988  ShellHWDetection - ok
14:58:38.0369 4988  [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
14:58:38.0385 4988  sisagp - ok
14:58:38.0416 4988  [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
14:58:38.0432 4988  SiSRaid2 - ok
14:58:38.0463 4988  [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
14:58:38.0478 4988  SiSRaid4 - ok
14:58:38.0541 4988  [ EA396139541706B4B433641D62EA53CE ] SkypeUpdate    C:\Program Files\Skype\Updater\Updater.exe
14:58:38.0556 4988  SkypeUpdate - ok
14:58:38.0650 4988  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc          C:\Windows\system32\SLsvc.exe
14:58:38.0884 4988  slsvc - ok
14:58:38.0931 4988  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
14:58:38.0993 4988  SLUINotify - ok
14:58:39.0024 4988  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb            C:\Windows\system32\DRIVERS\smb.sys
14:58:39.0071 4988  Smb - ok
14:58:39.0118 4988  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
14:58:39.0165 4988  SNMPTRAP - ok
14:58:39.0180 4988  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr          C:\Windows\system32\drivers\spldr.sys
14:58:39.0212 4988  spldr - ok
14:58:39.0243 4988  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler        C:\Windows\System32\spoolsv.exe
14:58:39.0274 4988  Spooler - ok
14:58:39.0305 4988  [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser      c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
14:58:39.0321 4988  SQLBrowser - ok
14:58:39.0336 4988  [ D89083C4EB02DACA8F944B0E05E57F9D ] SQLWriter      c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
14:58:39.0368 4988  SQLWriter - ok
14:58:39.0399 4988  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv            C:\Windows\system32\DRIVERS\srv.sys
14:58:39.0461 4988  srv - ok
14:58:39.0492 4988  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
14:58:39.0539 4988  srv2 - ok
14:58:39.0570 4988  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
14:58:39.0617 4988  srvnet - ok
14:58:39.0648 4988  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
14:58:39.0680 4988  SSDPSRV - ok
14:58:39.0711 4988  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
14:58:39.0726 4988  ssmdrv - ok
14:58:39.0773 4988  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc        C:\Windows\system32\sstpsvc.dll
14:58:39.0820 4988  SstpSvc - ok
14:58:39.0851 4988  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
14:58:39.0929 4988  stisvc - ok
14:58:39.0992 4988  [ E5FF667E416DAC99BFF16B626234A379 ] stllssvr        c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
14:58:40.0007 4988  stllssvr - ok
14:58:40.0054 4988  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
14:58:40.0070 4988  swenum - ok
14:58:40.0101 4988  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv          C:\Windows\System32\swprv.dll
14:58:40.0179 4988  swprv - ok
14:58:40.0210 4988  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx        C:\Windows\system32\drivers\symc8xx.sys
14:58:40.0241 4988  Symc8xx - ok
14:58:40.0257 4988  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
14:58:40.0288 4988  Sym_hi - ok
14:58:40.0288 4988  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
14:58:40.0319 4988  Sym_u3 - ok
14:58:40.0350 4988  [ F5D926807BD9BC0AF68F9376144DE425 ] SynTP          C:\Windows\system32\DRIVERS\SynTP.sys
14:58:40.0366 4988  SynTP - ok
14:58:40.0397 4988  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain        C:\Windows\system32\sysmain.dll
14:58:40.0491 4988  SysMain - ok
14:58:40.0538 4988  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:58:40.0569 4988  TabletInputService - ok
14:58:40.0631 4988  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv        C:\Windows\System32\tapisrv.dll
14:58:40.0678 4988  TapiSrv - ok
14:58:40.0709 4988  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS            C:\Windows\System32\tbssvc.dll
14:58:40.0725 4988  TBS - ok
14:58:40.0772 4988  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
14:58:40.0818 4988  Tcpip - ok
14:58:40.0865 4988  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
14:58:40.0896 4988  Tcpip6 - ok
14:58:40.0974 4988  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
14:58:41.0006 4988  tcpipreg - ok
14:58:41.0021 4988  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
14:58:41.0052 4988  TDPIPE - ok
14:58:41.0084 4988  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
14:58:41.0130 4988  TDTCP - ok
14:58:41.0177 4988  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
14:58:41.0208 4988  tdx - ok
14:58:41.0349 4988  [ 2BBB318EA9F34FDC508CEA4AAB98D770 ] TeamViewer7    C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
14:58:41.0520 4988  TeamViewer7 - ok
14:58:41.0552 4988  [ 9101FFFCFCCD1A30E870A5B8A9091B10 ] teamviewervpn  C:\Windows\system32\DRIVERS\teamviewervpn.sys
14:58:41.0598 4988  teamviewervpn - ok
14:58:41.0614 4988  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
14:58:41.0645 4988  TermDD - ok
14:58:41.0676 4988  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService    C:\Windows\System32\termsrv.dll
14:58:41.0754 4988  TermService - ok
14:58:41.0786 4988  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
14:58:41.0801 4988  Themes - ok
14:58:41.0817 4988  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER    C:\Windows\system32\mmcss.dll
14:58:41.0848 4988  THREADORDER - ok
14:58:41.0879 4988  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
14:58:41.0926 4988  TrkWks - ok
14:58:41.0973 4988  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:58:42.0004 4988  TrustedInstaller - ok
14:58:42.0051 4988  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
14:58:42.0082 4988  tssecsrv - ok
14:58:42.0113 4988  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp          C:\Windows\system32\DRIVERS\tunmp.sys
14:58:42.0144 4988  tunmp - ok
14:58:42.0191 4988  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
14:58:42.0238 4988  tunnel - ok
14:58:42.0269 4988  [ C3ADE15414120033A36C0F293D4A4121 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
14:58:42.0285 4988  uagp35 - ok
14:58:42.0316 4988  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
14:58:42.0363 4988  udfs - ok
14:58:42.0410 4988  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect      C:\Windows\system32\UI0Detect.exe
14:58:42.0441 4988  UI0Detect - ok
14:58:42.0456 4988  [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
14:58:42.0472 4988  uliagpkx - ok
14:58:42.0503 4988  [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci        C:\Windows\system32\drivers\uliahci.sys
14:58:42.0519 4988  uliahci - ok
14:58:42.0534 4988  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
14:58:42.0550 4988  UlSata - ok
14:58:42.0566 4988  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2        C:\Windows\system32\drivers\ulsata2.sys
14:58:42.0581 4988  ulsata2 - ok
14:58:42.0612 4988  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus          C:\Windows\system32\DRIVERS\umbus.sys
14:58:42.0644 4988  umbus - ok
14:58:42.0659 4988  [ 8A66360F38F81E960E2367B428CBD5D9 ] UmRdpService    C:\Windows\System32\umrdp.dll
14:58:42.0690 4988  UmRdpService - ok
14:58:42.0737 4988  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
14:58:42.0768 4988  upnphost - ok
14:58:42.0831 4988  [ 9B01CE1EDA6AD1ACFD4F865D6CB0A790 ] USB28xxBGA      C:\Windows\system32\DRIVERS\emBDA.sys
14:58:42.0878 4988  USB28xxBGA - ok
14:58:42.0909 4988  [ C93E4F6BD1CBD163662E7C9BE021B895 ] USB28xxOEM      C:\Windows\system32\DRIVERS\emOEM.sys
14:58:42.0940 4988  USB28xxOEM - ok
14:58:42.0971 4988  [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
14:58:43.0018 4988  usbaudio - ok
14:58:43.0049 4988  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
14:58:43.0080 4988  usbccgp - ok
14:58:43.0096 4988  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
14:58:43.0158 4988  usbcir - ok
14:58:43.0174 4988  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci        C:\Windows\system32\DRIVERS\usbehci.sys
14:58:43.0205 4988  usbehci - ok
14:58:43.0236 4988  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
14:58:43.0268 4988  usbhub - ok
14:58:43.0283 4988  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci        C:\Windows\system32\DRIVERS\usbohci.sys
14:58:43.0346 4988  usbohci - ok
14:58:43.0392 4988  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
14:58:43.0424 4988  usbprint - ok
14:58:43.0455 4988  [ A508C9BD8724980512136B039BBA65E9 ] usbscan        C:\Windows\system32\DRIVERS\usbscan.sys
14:58:43.0502 4988  usbscan - ok
14:58:43.0533 4988  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:58:43.0564 4988  USBSTOR - ok
14:58:43.0595 4988  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci        C:\Windows\system32\DRIVERS\usbuhci.sys
14:58:43.0626 4988  usbuhci - ok
14:58:43.0673 4988  [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
14:58:43.0704 4988  usbvideo - ok
14:58:43.0736 4988  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms          C:\Windows\System32\uxsms.dll
14:58:43.0782 4988  UxSms - ok
14:58:43.0829 4988  [ CD88D1B7776DC17A119049742EC07EB4 ] vds            C:\Windows\System32\vds.exe
14:58:43.0892 4988  vds - ok
14:58:43.0938 4988  [ 7D92BE0028ECDEDEC74617009084B5EF ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
14:58:44.0001 4988  vga - ok
14:58:44.0016 4988  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave        C:\Windows\System32\drivers\vga.sys
14:58:44.0048 4988  VgaSave - ok
14:58:44.0063 4988  [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp          C:\Windows\system32\drivers\viaagp.sys
14:58:44.0079 4988  viaagp - ok
14:58:44.0094 4988  [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7          C:\Windows\system32\drivers\viac7.sys
14:58:44.0157 4988  ViaC7 - ok
14:58:44.0188 4988  [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide          C:\Windows\system32\drivers\viaide.sys
14:58:44.0188 4988  viaide - ok
14:58:44.0219 4988  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
14:58:44.0235 4988  volmgr - ok
14:58:44.0266 4988  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
14:58:44.0282 4988  volmgrx - ok
14:58:44.0313 4988  [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap        C:\Windows\system32\drivers\volsnap.sys
14:58:44.0344 4988  volsnap - ok
14:58:44.0360 4988  [ D984439746D42B30FC65A4C3546C6829 ] vsmraid        C:\Windows\system32\drivers\vsmraid.sys
14:58:44.0375 4988  vsmraid - ok
14:58:44.0422 4988  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS            C:\Windows\system32\vssvc.exe
14:58:44.0484 4988  VSS - ok
14:58:44.0531 4988  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time        C:\Windows\system32\w32time.dll
14:58:44.0578 4988  W32Time - ok
14:58:44.0609 4988  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
14:58:44.0687 4988  WacomPen - ok
14:58:44.0734 4988  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
14:58:44.0781 4988  Wanarp - ok
14:58:44.0796 4988  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
14:58:44.0812 4988  Wanarpv6 - ok
14:58:44.0859 4988  [ 20B23332885DFB93FE0185362EE811E9 ] wbengine        C:\Windows\system32\wbengine.exe
14:58:44.0968 4988  wbengine - ok
14:58:44.0999 4988  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc        C:\Windows\System32\wcncsvc.dll
14:58:45.0062 4988  wcncsvc - ok
14:58:45.0108 4988  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:58:45.0140 4988  WcsPlugInService - ok
14:58:45.0171 4988  [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd              C:\Windows\system32\drivers\wd.sys
14:58:45.0171 4988  Wd - ok
14:58:45.0218 4988  [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
14:58:45.0249 4988  Wdf01000 - ok
14:58:45.0280 4988  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
14:58:45.0311 4988  WdiServiceHost - ok
14:58:45.0327 4988  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost  C:\Windows\system32\wdi.dll
14:58:45.0358 4988  WdiSystemHost - ok
14:58:45.0374 4988  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient      C:\Windows\System32\webclnt.dll
14:58:45.0405 4988  WebClient - ok
14:58:45.0452 4988  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
14:58:45.0514 4988  Wecsvc - ok
14:58:45.0530 4988  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport  C:\Windows\System32\wercplsupport.dll
14:58:45.0576 4988  wercplsupport - ok
14:58:45.0608 4988  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
14:58:45.0639 4988  WerSvc - ok
14:58:45.0670 4988  [ F9AD3A5E3FD7E0BDB18B8202B0FDD4E4 ] WimFltr        C:\Windows\system32\DRIVERS\wimfltr.sys
14:58:45.0686 4988  WimFltr - ok
14:58:45.0732 4988  [ 5C7BDCF5864DB00323FE2D90FA26A8A2 ] winachsf        C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
14:58:45.0826 4988  winachsf - ok
14:58:45.0857 4988  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend      C:\Program Files\Windows Defender\mpsvc.dll
14:58:45.0888 4988  WinDefend - ok
14:58:45.0888 4988  WinHttpAutoProxySvc - ok
14:58:45.0920 4988  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
14:58:45.0951 4988  Winmgmt - ok
14:58:46.0029 4988  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM          C:\Windows\system32\WsmSvc.dll
14:58:46.0107 4988  WinRM - ok
14:58:46.0154 4988  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc        C:\Windows\System32\wlansvc.dll
14:58:46.0216 4988  Wlansvc - ok
14:58:46.0310 4988  [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc        C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:58:46.0403 4988  wlidsvc - ok
14:58:46.0450 4988  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi        C:\Windows\system32\DRIVERS\wmiacpi.sys
14:58:46.0497 4988  WmiAcpi - ok
14:58:46.0544 4988  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
14:58:46.0590 4988  wmiApSrv - ok
14:58:46.0653 4988  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc  C:\Program Files\Windows Media Player\wmpnetwk.exe
14:58:46.0762 4988  WMPNetworkSvc - ok
14:58:46.0793 4988  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
14:58:46.0840 4988  WPDBusEnum - ok
14:58:46.0949 4988  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
14:58:47.0012 4988  WPFFontCache_v0400 - ok
14:58:47.0043 4988  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
14:58:47.0105 4988  ws2ifsl - ok
14:58:47.0152 4988  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\System32\wscsvc.dll
14:58:47.0199 4988  wscsvc - ok
14:58:47.0199 4988  WSearch - ok
14:58:47.0292 4988  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
14:58:47.0417 4988  wuauserv - ok
14:58:47.0464 4988  [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
14:58:47.0511 4988  WUDFRd - ok
14:58:47.0542 4988  [ 575A4190D989F64732119E4114045A4F ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
14:58:47.0589 4988  wudfsvc - ok
14:58:47.0636 4988  ================ Scan global ===============================
14:58:47.0651 4988  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
14:58:47.0682 4988  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
14:58:47.0714 4988  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
14:58:47.0745 4988  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
14:58:47.0745 4988  [Global] - ok
14:58:47.0760 4988  ================ Scan MBR ==================================
14:58:47.0760 4988  [ 6A34BB27D697BDD9E543BD56A6679BC9 ] \Device\Harddisk0\DR0
14:58:48.0057 4988  \Device\Harddisk0\DR0 - ok
14:58:48.0057 4988  ================ Scan VBR ==================================
14:58:48.0057 4988  [ 62DD8BEA18810D2D6745E9B9A15952E8 ] \Device\Harddisk0\DR0\Partition1
14:58:48.0057 4988  \Device\Harddisk0\DR0\Partition1 - ok
14:58:48.0072 4988  [ 894B770430D83C5C015B81C7B2162A59 ] \Device\Harddisk0\DR0\Partition2
14:58:48.0072 4988  \Device\Harddisk0\DR0\Partition2 - ok
14:58:48.0088 4988  [ C00DB3C72900936911E2CA4888596DBE ] \Device\Harddisk0\DR0\Partition3
14:58:48.0088 4988  \Device\Harddisk0\DR0\Partition3 - ok
14:58:48.0088 4988  ============================================================
14:58:48.0088 4988  Scan finished
14:58:48.0088 4988  ============================================================
14:58:48.0104 4692  Detected object count: 10
14:58:48.0104 4692  Actual detected object count: 10
15:00:42.0327 4692  DAMDrv ( UnsignedFile.Multi.Generic ) - skipped by user
15:00:42.0327 4692  DAMDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:00:42.0342 4692  DCService.exe ( UnsignedFile.Multi.Generic ) - skipped by user
15:00:42.0342 4692  DCService.exe ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:00:42.0342 4692  FLCDLOCK ( UnsignedFile.Multi.Generic ) - skipped by user
15:00:42.0342 4692  FLCDLOCK ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:00:42.0342 4692  HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:00:42.0342 4692  HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:00:42.0342 4692  hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
15:00:42.0342 4692  hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:00:42.0358 4692  hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
15:00:42.0358 4692  hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:00:42.0358 4692  HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
15:00:42.0358 4692  HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:00:42.0358 4692  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
15:00:42.0358 4692  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:00:42.0374 4692  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
15:00:42.0374 4692  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:00:42.0374 4692  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
15:00:42.0374 4692  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 18.10.2012 14:46
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Seprom 19.10.2012 12:20
Hab jetzt gerade dem unten stehenden Log entnommen, dass Windows Defender aktiv ist. Das war mir unbekannt und deshalb hab ich den nicht deaktiviert. Soll ich das ganze nochmal mit deaktiviertem Defender machen?


Code:
ComboFix 12-10-18.03 - Roman 19.10.2012  12:30:27.1.2 - x86
Microsoft® Windows Vista™ Business  6.0.6002.2.1252.49.1031.18.2039.900 [GMT 2:00]
ausgeführt von:: c:\users\Roman\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Roman\AppData\Local\Vensim
c:\users\Roman\AppData\Local\Vensim\venple.err
c:\users\Roman\AppData\Roaming\Local
c:\users\Roman\AppData\Roaming\Local\Temp\DDM\Settings\11.ddi
c:\users\Roman\AppData\Roaming\Local\Temp\DDM\Settings\12.ddi
c:\users\Roman\AppData\Roaming\Local\Temp\DDM\Settings\13.ddi
c:\users\Roman\AppData\Roaming\Local\Temp\DDM\Settings\99b5cc565c7330b63f45056bbb3d8cd21290207677.avi.ddr
c:\users\Roman\AppData\Roaming\Local\Temp\DDM\Settings\ind_fockers.avi.ddr
c:\users\Roman\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\Roman\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\99b5cc565c7330b63f45056bbb3d8cd21290207677.avi
c:\users\Roman\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\a198998cd3b6bf1f10baacafaba1ca0c.avi(2).ddp
c:\users\Roman\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\a198998cd3b6bf1f10baacafaba1ca0c.avi.ddp
c:\users\Roman\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\ba2559d5df99e3053db3ffd2e6eab4d9.ddp
c:\users\Roman\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\FILE260030D760921(2).ddp
c:\users\Roman\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\FILE260030D760921(3).ddp
c:\users\Roman\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\FILE260030D760921(4).ddp
c:\users\Roman\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\FILE260030D760921.ddp
c:\users\Roman\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\FILE72C7CE96F224F.plong(2).ddp
c:\users\Roman\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\FILE72C7CE96F224F.plong.ddp
c:\users\Roman\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\ind_fockers.avi
c:\users\Roman\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\intro_casinojack_dvd_2010_eng.avi.ddp
c:\users\Roman\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\pt_shark_s01e11.avi(2).ddp
c:\users\Roman\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\pt_shark_s01e11.avi(3).ddp
c:\users\Roman\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\pt_shark_s01e11.avi.ddp
c:\users\Roman\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\pt_shark_s01e12.avi(2).ddp
c:\users\Roman\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\pt_shark_s01e12.avi(3).ddp
c:\users\Roman\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\pt_shark_s01e12.avi.ddp
c:\users\Roman\AppData\Roaming\Local\Temp\DDM\Settings\the.simpsons.s21e01.hdtv.xvid_fqm.avi.ddr
c:\windows\system32\msstdfmt.dll
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
F:\Autorun.inf
.
Infizierte Kopie von c:\windows\system32\userinit.exe wurde gefunden und desinfiziert
Kopie von - c:\combofix\HarddiskVolumeShadowCopy9_!Windows!System32!userinit.exe wurde wiederhergestellt
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-09-19 bis 2012-10-19  ))))))))))))))))))))))))))))))
.
.
2012-10-19 10:42 . 2012-10-19 10:42        8646        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2012-10-19 10:42 . 2012-10-19 10:42        6429        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2012-10-19 10:42 . 2012-10-19 10:42        63115        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2012-10-19 10:42 . 2012-10-19 10:42        4599        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2012-10-19 10:42 . 2012-10-19 10:42        9310        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2012-10-19 10:42 . 2012-10-19 10:42        8613        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2012-10-19 10:42 . 2012-10-19 10:42        8288        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2012-10-19 10:42 . 2012-10-19 10:42        6910        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2012-10-19 10:42 . 2012-10-19 10:42        6208        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2012-10-19 10:42 . 2012-10-19 10:42        5927        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2012-10-19 10:42 . 2012-10-19 10:42        18541        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2012-10-19 10:42 . 2012-10-19 10:42        1651        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2012-10-19 10:41 . 2012-10-19 10:41        8782        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2012-10-19 10:41 . 2012-10-19 10:41        7271        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2012-10-19 10:41 . 2012-10-19 10:41        51852        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2012-10-19 10:41 . 2012-10-19 10:41        23327        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2012-10-19 10:41 . 2012-10-19 10:41        20719        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2012-10-19 10:40 . 2012-10-19 10:40        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-10-19 09:27 . 2012-10-17 00:32        6918632        ------w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{C49E0101-D965-4A7F-92A5-9EEABBA3823F}\mpengine.dll
2012-10-16 12:16 . 2012-10-17 11:28        --------        d-----w-        C:\_OTL
2012-10-12 11:29 . 2012-05-05 09:54        137000        ----a-w-        c:\windows\system32\MSMAPI32.OCX
2012-10-12 11:29 . 2012-07-29 11:59        81920        ----a-w-        c:\windows\system32\pdfcmon.dll
2012-10-12 11:29 . 2012-05-05 09:54        23552        ----a-w-        c:\windows\system32\MSMPIDE.DLL
2012-10-12 11:29 . 1998-07-06 16:56        125712        ----a-w-        c:\windows\system32\VB6DE.DLL
2012-10-12 11:29 . 1998-07-06 16:55        158208        ----a-w-        c:\windows\system32\MSCMCDE.DLL
2012-10-12 11:29 . 1998-07-06 16:55        64512        ----a-w-        c:\windows\system32\MSCC2DE.DLL
2012-10-12 10:13 . 2012-06-02 00:02        985088        ----a-w-        c:\windows\system32\crypt32.dll
2012-10-12 10:13 . 2012-06-02 00:02        98304        ----a-w-        c:\windows\system32\cryptnet.dll
2012-10-12 10:13 . 2012-06-02 00:02        133120        ----a-w-        c:\windows\system32\cryptsvc.dll
2012-10-12 10:13 . 2012-08-24 15:53        172544        ----a-w-        c:\windows\system32\wintrust.dll
2012-10-12 10:13 . 2012-09-13 13:28        2048        ----a-w-        c:\windows\system32\tzres.dll
2012-10-12 10:13 . 2012-08-29 11:27        3602816        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2012-10-12 10:13 . 2012-08-29 11:27        3550080        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-09-21 12:19 . 2012-09-21 12:19        --------        d-----w-        c:\users\Roman\AppData\Roaming\elsterformular
2012-09-21 12:17 . 2012-09-21 12:18        --------        d-----w-        c:\programdata\elsterformular
2012-09-21 12:17 . 2012-09-21 12:17        --------        d-----w-        c:\program files\ElsterFormular
2012-09-19 19:33 . 2012-09-19 19:33        --------        d-----w-        c:\users\Default\AppData\Roaming\hpqLog
2012-09-19 19:32 . 2012-09-19 19:33        --------        d-----w-        c:\windows\QLB
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-12 11:13 . 2012-04-12 13:45        696760        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-10-12 11:13 . 2011-09-14 10:21        73656        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-07 15:04 . 2012-08-30 22:10        22856        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-09-03 13:10 . 2012-09-03 13:10        93672        ----a-w-        c:\windows\system32\WindowsAccessBridge.dll
2012-09-03 13:10 . 2010-05-05 16:09        746984        ----a-w-        c:\windows\system32\deployJava1.dll
2009-05-01 21:02 . 2012-10-13 13:10        1044480        ----a-w-        c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2012-10-13 13:10        200704        ----a-w-        c:\program files\mozilla firefox\plugins\ssldivx.dll
2012-10-13 13:10 . 2012-10-13 13:10        261600        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        ----a-w-        c:\users\Roman\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        ----a-w-        c:\users\Roman\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        ----a-w-        c:\users\Roman\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-01-12 49208]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-11 287800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ST Recovery Launcher"="c:\windows\SMINST\launcher.exe" [2007-06-06 44168]
.
c:\users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Roman\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-3-29 719664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2007-06-08 08:04        49152        ----a-r-        c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DVD Check.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\DVD Check.lnk
backup=c:\windows\pss\DVD Check.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51        919008        ----a-w-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-03-18 10:29        136176        ----atw-        c:\users\Roman\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-09-24 14:44        154136        ----a-w-        c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-09-24 14:44        141848        ----a-w-        c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2007-03-29 13:41        222128        ----a-w-        c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-04-19 12:26        484904        ----a-w-        c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 20:12        3872080        ----a-w-        c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-09-24 14:44        129560        ----a-w-        c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCLoader]
2007-02-22 14:20        105544        ------w-        c:\program files\Pinnacle\TVCenter Pro\PMCLoader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCRemote]
2007-02-12 18:12        253000        ------w-        c:\program files\Pinnacle\Shared Files\Programs\Remote\remoterm.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-07-03 11:23        17417392        ----a-r-        c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2007-02-21 13:14        1183744        ----a-w-        c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 07:04        252848        ----a-w-        c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
2007-05-23 09:00        192512        ----a-w-        c:\program files\InterVideo\DVD Check\DVDCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork        REG_MULTI_SZ          PLA DPS BFE mpssvc
bthsvcs        REG_MULTI_SZ          BthServ
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt        REG_MULTI_SZ          hpqcxs08 hpqddsvc
HPService        REG_MULTI_SZ          HPSLPSVC
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 12:23        452136        ----a-w-        c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 11:13]
.
2012-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-30 20:19]
.
2012-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-30 20:19]
.
2012-10-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3045474442-3283016014-914664241-1006Core.job
- c:\users\Roman\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-15 10:29]
.
2012-10-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3045474442-3283016014-914664241-1006UA.job
- c:\users\Roman\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-15 10:29]
.
2011-11-06 c:\windows\Tasks\User_Feed_Synchronization-{CC3E9DAD-3CAE-4881-A6FF-68E7ACDA3A43}.job
- c:\windows\system32\msfeedssync.exe [2012-09-21 10:00]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=74&bd=smb&pf=laptop
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\m4f927su.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - ExtSQL: !HIDDEN! 2011-01-06 14:43; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-DivXUpdate - c:\program files\DivX\DivX Update\DivXUpdate.exe
MSConfigStartUp-LogitechCommunicationsManager - c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
MSConfigStartUp-LogitechQuickCamRibbon - c:\program files\Logitech\QuickCam\Quickcam.exe
MSConfigStartUp-RemoTerm - c:\program files\Common Files\PCTV Systems\RemoTerm\RemoTerm.exe
AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel
AddRemove- FS-1300D Printer Library - c:\program files\Kyocera\FS-1100
AddRemove-{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA} - c:\users\Roman\AppData\Roaming\InstallShield Installation Information\{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}\Setup.exeUNINSTALL
.
.
.
**************************************************************************
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien:
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(3964)
c:\users\Roman\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\windows\system32\AEADISRV.EXE
c:\windows\system32\agrsmsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\programdata\DatacardService\DCService.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\TeamViewer\Version7\TeamViewer_Service.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conime.exe
c:\windows\SMINST\scheduler.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-10-19  12:52:31 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-10-19 10:50
.
Vor Suchlauf: 9 Verzeichnis(se), 27.864.752.128 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 27.710.889.984 Bytes frei
.
- - End Of File - - BC39CD497C22CCFE1ECD457F7004B6F6

cosinus 19.10.2012 15:00
ist schon ok so

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Seprom 22.10.2012 19:45
GMER-Log:

Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-10-22 20:25:19
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST912081 rev.3.AH
Running: 4jj9fcng.exe; Driver: C:\Users\Roman\AppData\Local\Temp\kgdiapog.sys


---- System - GMER 1.0.15 ----

SSDT            8DDBF39E                                                                                                            ZwCreateSection
SSDT            8DDBF3A8                                                                                                            ZwRequestWaitReplyPort
SSDT            8DDBF3A3                                                                                                            ZwSetContextThread
SSDT            8DDBF3AD                                                                                                            ZwSetSecurityObject
SSDT            8DDBF3B2                                                                                                            ZwSystemDebugControl
SSDT            8DDBF33F                                                                                                            ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!KeSetEvent + 215                                                                                      828B28D8 4 Bytes  [9E, F3, DB, 8D]
.text          ntkrnlpa.exe!KeSetEvent + 539                                                                                      828B2BFC 4 Bytes  [A8, F3, DB, 8D]
.text          ntkrnlpa.exe!KeSetEvent + 56D                                                                                      828B2C30 4 Bytes  [A3, F3, DB, 8D]
.text          ntkrnlpa.exe!KeSetEvent + 5D1                                                                                      828B2C94 4 Bytes  [AD, F3, DB, 8D]
.text          ntkrnlpa.exe!KeSetEvent + 619                                                                                      828B2CDC 4 Bytes  [B2, F3, DB, 8D]
.text          ...                                                                                                               

---- User IAT/EAT - GMER 1.0.15 ----

IAT            C:\Windows\Explorer.EXE[4008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                              [74AA7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[4008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                                [74AEB4E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[4008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                            [74AABB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[4008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]                      [74A9F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[4008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                                [74AA75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[4008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                            [74A9E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[4008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]                [74AD73F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[4008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]                    [74AADA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[4008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                            [74A9FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[4008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                            [74A9FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[4008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                              [74A971CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[4008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]                      [74B2CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[4008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]                        [74ACC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[4008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                            [74A9D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[4008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                                      [74A96853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[4008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                                    [74A9687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[4008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]                        [74AA2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                            Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016411f4768                                       
Reg            HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e37624b73                                       
Reg            HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186316121                                       
Reg            HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186316121@0016bc31297e                            0xC6 0x96 0x87 0xE6 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186316121@080046ca4898                            0x79 0x90 0x93 0x5D ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186316121@0021d2566fb2                            0x11 0xE6 0xD7 0xD3 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186316121@00265f7f73c8                            0xB8 0x1D 0xC6 0xB2 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186316121@001e7da8410f                            0x2D 0xF7 0x8E 0x2F ...
Reg            HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0016411f4768 (not active ControlSet)                   
Reg            HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e37624b73 (not active ControlSet)                   
Reg            HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002186316121 (not active ControlSet)                   
Reg            HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002186316121@0016bc31297e                                0xC6 0x96 0x87 0xE6 ...
Reg            HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002186316121@080046ca4898                                0x79 0x90 0x93 0x5D ...
Reg            HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002186316121@0021d2566fb2                                0x11 0xE6 0xD7 0xD3 ...
Reg            HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002186316121@00265f7f73c8                                0xB8 0x1D 0xC6 0xB2 ...
Reg            HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002186316121@001e7da8410f                                0x2D 0xF7 0x8E 0x2F ...
Reg            HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32                                 
Reg            HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel                    Apartment
Reg            HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg            HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b  0xC8 0x28 0x51 0xAF ...
Reg            HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32                                 
Reg            HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel                    Apartment
Reg            HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg            HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b  0x6A 0x9C 0xD6 0x61 ...
Reg            HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32                                 
Reg            HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel                    Apartment
Reg            HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg            HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016  0xFF 0x7C 0x85 0xE0 ...
Reg            HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32                                 
Reg            HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel                    Apartment
Reg            HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg            HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48  0x86 0x8C 0x21 0x01 ...
Reg            HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32                                 
Reg            HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel                    Apartment
Reg            HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg            HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472  0xF5 0x1D 0x4D 0x73 ...
Reg            HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32                                 
Reg            HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel                    Apartment
Reg            HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg            HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d  0xDF 0x20 0x58 0x62 ...
Reg            HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32                                 
Reg            HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel                    Apartment
Reg            HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg            HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b  0x31 0x77 0xE1 0xBA ...
Reg            HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32                                 
Reg            HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel                    Apartment
Reg            HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg            HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d  0x83 0x6C 0x56 0x8B ...
Reg            HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32                                 
Reg            HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel                    Apartment
Reg            HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg            HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3  0xF6 0x0F 0x4E 0x58 ...
Reg            HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32                                 
Reg            HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel                    Apartment
Reg            HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg            HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b  0x3D 0xCE 0xEA 0x26 ...
Reg            HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32                                 
Reg            HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel                    Apartment
Reg            HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg            HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6  0xE3 0x0E 0x66 0xD5 ...
Reg            HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32                                 
Reg            HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel                    Apartment
Reg            HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg            HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2  0x6C 0x43 0x2D 0x1E ...

---- EOF - GMER 1.0.15 ----

OSAM-Log:

Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 20:35:57 on 22.10.2012

OS: Windows Vista Business Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 16.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-3045474442-3283016014-914664241-1006Core.job" - "Google Inc." - C:\Users\Roman\AppData\Local\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-3045474442-3283016014-914664241-1006UA.job" - "Google Inc." - C:\Users\Roman\AppData\Local\Google\Update\GoogleUpdate.exe
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"ISUSPM.cpl" - "Macrovision Corporation" - C:\Windows\system32\ISUSPM.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"CinePlayer DVD Decoder Options" - "Sonic Solutions" - c:\Program Files\Roxio\CinePlayer Decoder Pack\cmdvdpak.cpl
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\MLCFG32.CPL

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"DAMDrv" (DAMDrv) - "Hewlett-Packard Development Company L.P." - C:\Windows\System32\DRIVERS\DAMDrv.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"kgdiapog" (kgdiapog) - ? - C:\Users\Roman\AppData\Local\Temp\kgdiapog.sys  (Hidden registry entry, rootkit activity | File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"WimFltr" (WimFltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\wimfltr.sys

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -  (File not found | COM-object registry key not found)
{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -  (File not found | COM-object registry key not found)
{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -  (File not found | COM-object registry key not found)
{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" - "Hewlett-Packard Company" - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -  (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -  (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -  (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\MSOHEVI.DLL
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Windows\system32\btncopy.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\OLKFSTUB.DLL
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{7F67036B-66F1-411A-AD85-759FB9C5B0DB} "SampleView" - "XSS" - C:\Windows\System32\ShellvRTF.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{0a4286ea-e355-44fb-8086-af3df7645bd9} "Windows Media Player" - ? -  (File not found | COM-object registry key not found)
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -  (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} "Java Plug-in 1.7.0_05" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 10.7.2" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 10.7.2" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
{0B4350D1-055F-47A3-B112-5F2F2B0D6F08} "ClsidExtension" - "Google Inc." - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
{DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Intelligente Auswahl" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} "Google Gears Helper" - "Google Inc." - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Dropbox.lnk" - "Dropbox, Inc." - C:\Users\Roman\AppData\Roaming\Dropbox\bin\Dropbox.exe  (Shortcut exists | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"BTTray.lnk" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe  (Shortcut exists | File exists)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"HP Health Check Scheduler" - "Hewlett-Packard" - c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"HP Software Update" - "Hewlett-Packard" - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
"hpWirelessAssistant" - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
"PTHOSTTR" - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
"QlbCtrl.exe" - " Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce )-----
"ST Recovery Launcher" - "soft thinks" - %WINDIR%\SMINST\launcher.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"KM Language Monitor" - "KYOCERA MITA Corporation" - C:\Windows\system32\KMPJLMN.DLL
"PCL hpf3l082" - "Hewlett-Packard Company" - C:\Windows\system32\hpf3l082.dll
"pdfcmon" - "pdfforge GbR" - C:\Windows\system32\pdfcmon.dll
"Redirected Port" - ? - C:\Windows\system32\redmonnt.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Com4QLBEx" (Com4QLBEx) - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
"DCService.exe" (DCService.exe) - ? - C:\ProgramData\DatacardService\DCService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Updater Service" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
"HP Health Check Service" (HP Health Check Service) - "Hewlett-Packard" - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
"HP Network Devices Support" (HPSLPSVC) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
"HP ProtectTools Gerätesperre/Überwachung" (FLCDLOCK) - "Hewlett-Packard Ltd" - C:\Windows\system32\flcdlock.exe
"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
"hpqwmiex" (hpqwmiex) - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"IviRegMgr" (IviRegMgr) - "InterVideo" - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
"MBAMScheduler" (MBAMScheduler) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll
"RoxMediaDB9" (RoxMediaDB9) - "Sonic Solutions" - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
"Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files\Skype\Updater\Updater.exe
"SQL Server (MSSMLBIZ)" (MSSQL$MSSMLBIZ) - "Microsoft Corporation" - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
"SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
"SQL Server-Browser" (SQLBrowser) - "Microsoft Corporation" - c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
"SQL Server-Startdienst für Business Contact Manager" (BcmSqlStartupSvc) - "Microsoft Corporation" - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
"stllssvr" (stllssvr) - "MicroVision Development, Inc." - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
"TeamViewer 7" (TeamViewer7) - "TeamViewer GmbH" - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

[Winlogon]
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"DeviceNP" - "Hewlett-Packard Limited" - C:\Windows\system32\DeviceNP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

aswMBR-Log:

Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-22 20:38:33
-----------------------------
20:38:33.746    OS Version: Windows 6.0.6002 Service Pack 2
20:38:33.746    Number of processors: 2 586 0xF0D
20:38:33.746    ComputerName: 6720S-RV  UserName: Roman
20:38:41.920    Initialze error 0
20:40:43.905    AVAST engine defs: 12102200
20:40:54.013    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
20:40:54.013    Disk 0 Vendor: ST912081 3.AH Size: 114473MB BusType: 3
20:40:55.121    Disk 0 MBR read successfully
20:40:55.261    Disk 0 MBR scan
20:40:55.308    Disk 0 unknown MBR code
20:40:55.464    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS      104738 MB offset 63
20:40:55.620    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS        8140 MB offset 214505472
20:40:55.792    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS        1589 MB offset 231184384
20:40:56.665    Disk 0 scanning sectors +234438656
20:40:57.336    Disk 0 scanning C:\Windows\system32\drivers
20:40:57.336    Service scanning
20:40:58.600    Modules scanning
20:40:59.754    Disk 0 trace - called modules:
20:40:59.957    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iastor.sys
20:40:59.973    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86679ac8]
20:40:59.973    3 CLASSPNP.SYS[889a88b3] -> nt!IofCallDriver -> [0x85636768]
20:40:59.973    5 acpi.sys[8068b6bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8563b030]
20:41:00.597    AVAST engine scan C:\Windows
20:41:03.061    AVAST engine scan C:\Windows\system32
20:41:07.757    AVAST engine scan C:\Windows\system32\drivers
20:41:10.222    AVAST engine scan C:\Users\Roman
20:41:12.499    AVAST engine scan C:\ProgramData
20:41:12.515    Scan finished successfully
20:42:20.962    Disk 0 MBR has been saved successfully to "C:\Users\Roman\Downloads\MBR.dat"
20:42:20.993    The log file has been saved successfully to "C:\Users\Roman\Downloads\aswMBR.txt"

cosinus 23.10.2012 15:45
Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.

Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar.
Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast

Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Anschließend Windows neu starten und ein neues Log mit aswMBR machen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 15:15 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131