Trojaner-Board - MyStart Incredibar lässt sich nicht entfernen

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - MyStart Incredibar lässt sich nicht entfernen (https://www.trojaner-board.de/123457-mystart-incredibar-laesst-entfernen.html)

MyStart Incredibar lässt sich nicht entfernen

Hallo ihr lieben,

hoffe ihr könnt mir helfen.
Seit einigen Tagen taucht MyStart Incredibar auf, wenn ich ein neues Tab in Mozilla Firefox 15.0 öffne.

Folgendes habe ich schon unternommen:
Add-Ons: Alles gelöscht, was damit zu tun hat
Kompletten Computer nach MyStart Incredibar durchsucht und Daten gelöscht
Systemsteuerungen: Alle Programme zu MyStart Incredibar gelöscht

Habe mit der Software: Malewarebytes einen Quick-Scan durchgeführt:

Code:

Malwarebytes Anti-Malware (Test) 1.62.0.1300

www.malwarebytes.org
 

Datenbank Version: v2012.09.03.07
 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Isabelle :: ISABELLE [Administrator]
 

Schutz: Aktiviert
 

04.09.2012 09:39:14

mbam-log-2012-09-04 (09-39-14).txt
 

Art des Suchlaufs: Quick-Scan

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 220086

Laufzeit: 2 Minute(n), 35 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

So langsam weiß ich nicht mehr was ich denn noch machen kann.
Ich hoffe ihr könnt mir helfen

Vielen Dank schonmal.
Isi1234

Bitte erstmal routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

Vielen Dank schonmal für die schnelle Antwort.

So habe nun den Vollscan mit Malewarebytes durchgeführt

Code:

Malwarebytes Anti-Malware (Test) 1.62.0.1300

www.malwarebytes.org
 

Datenbank Version: v2012.09.05.01
 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

Isabelle :: ISABELLE [Administrator]
 

Schutz: Deaktiviert
 

05.09.2012 08:20:00

mbam-log-2012-09-05 (08-20-00).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 349289

Laufzeit: 30 Minute(n), 43 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

und anschließend auch ESET laufen lassen

Code:

ESETSmartInstaller@High as downloader log:

all ok

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=7c3fb6d720191f4d82b993a4fba81158

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-09-05 07:58:15

# local_time=2012-09-05 09:58:15 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=5893 16776573 100 94 43778 98458373 0 0

# compatibility_mode=8192 67108863 100 0 264 264 0 0

# scanned=143938

# found=0

# cleaned=0

# scan_time=3393

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Suche.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

Oke, AdwCleaner Suche ausgeführt:

Code:

# AdwCleaner v2.000 - Datei am 09/05/2012 um 16:18:04 erstellt

# Aktualisiert am 30/08/2012 von Xplode

# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)

# Benutzer : Isabelle - ISABELLE

# Normaler Modus : Normal

# Ausgeführt unter : C:\Users\Isabelle\Desktop\adwcleaner.exe

# Option [Suche]
 
 

**** [Dienste] ****
 
 

***** [Dateien / Ordner] *****
 
 

***** [Registrierungsdatenbank] *****
 
 

***** [Internet Browser] *****
 

-\\ Internet Explorer v8.0.7601.17514
 

[OK] Die Registrierungsdatenbank ist sauber.
 

-\\ Mozilla Firefox v15.0 (de)
 

Profilname : default 

Datei : C:\Users\Isabelle\AppData\Roaming\Mozilla\Firefox\Profiles\kbx3rbvp.default\prefs.js
 

Gefunden : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb178?a=6PQIjk7ZZx&loc=FF_NT");

Gefunden : user_pref("browser.startup.homepage", "hxxps://accounts.google.com/ServiceLogin?service=mail&passive[...]
 

Profilname : default 

Datei : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\k2hlluo9.default\prefs.js
 

[OK] Die Datei ist sauber.
 

*************************
 

AdwCleaner[R1].txt - [12666 octets] - [03/09/2012 22:19:39]

AdwCleaner[R2].txt - [12727 octets] - [03/09/2012 22:24:01]

AdwCleaner[S1].txt - [12817 octets] - [03/09/2012 23:58:01]

AdwCleaner[R3].txt - [1292 octets] - [05/09/2012 16:18:04]
 

########## EOF - C:\AdwCleaner[R3].txt - [1352 octets] ##########

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Löschen.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

adwCleaner Löschen durchgeführt:

MyStart Incredibar ist leider immernoch da.

Code:

# AdwCleaner v2.000 - Datei am 09/05/2012 um 16:45:28 erstellt

# Aktualisiert am 30/08/2012 von Xplode

# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)

# Benutzer : Isabelle - ISABELLE

# Normaler Modus : Normal

# Ausgeführt unter : C:\Users\Isabelle\Desktop\adwcleaner.exe

# Option [Löschen]
 
 

**** [Dienste] ****
 
 

***** [Dateien / Ordner] *****
 
 

***** [Registrierungsdatenbank] *****
 
 

***** [Internet Browser] *****
 

-\\ Internet Explorer v8.0.7601.17514
 
 

-\\ Mozilla Firefox v15.0 (de)
 

Profilname : default 

Datei : C:\Users\Isabelle\AppData\Roaming\Mozilla\Firefox\Profiles\kbx3rbvp.default\prefs.js
 

Gelöscht : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb178?a=6PQIjk7ZZx&loc=FF_NT");

Gelöscht : user_pref("browser.startup.homepage", "hxxps://accounts.google.com/ServiceLogin?service=mail&passive[...]
 

Profilname : default 

Datei : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\k2hlluo9.default\prefs.js
 

[OK] Die Datei ist sauber.
 

*************************
 

AdwCleaner[R1].txt - [12666 octets] - [03/09/2012 22:19:39]

AdwCleaner[R2].txt - [12727 octets] - [03/09/2012 22:24:01]

AdwCleaner[S1].txt - [12817 octets] - [03/09/2012 23:58:01]

AdwCleaner[R3].txt - [1421 octets] - [05/09/2012 16:18:04]

AdwCleaner[S2].txt - [1308 octets] - [05/09/2012 16:45:28]
 

########## EOF - C:\AdwCleaner[S2].txt - [1368 octets] ##########

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Wie vorgegeben ausgeführt:

Code:

OTL logfile created on: 9/5/2012 5:35:21 PM - Run 4

OTL by OldTimer - Version 3.2.61.0     Folder = C:\Users\Isabelle\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

5.98 Gb Total Physical Memory | 4.50 Gb Available Physical Memory | 75.33% Memory free

11.96 Gb Paging File | 10.42 Gb Available in Paging File | 87.12% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 237.00 Gb Total Space | 185.47 Gb Free Space | 78.26% Space Free | Partition Type: NTFS

Drive D: | 437.74 Gb Total Space | 342.03 Gb Free Space | 78.14% Space Free | Partition Type: NTFS

Drive E: | 4.15 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

 

Computer Name: ISABELLE | User Name: Isabelle | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\Isabelle\Desktop\OTL(1).exe (OldTimer Tools)

PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)

PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)

PRC - C:\Users\Isabelle\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics)

PRC - C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe (SEC)

PRC - C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe (Samsung Electronics Co., Ltd.)

PRC - C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.)

PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe (Samsung Electronics Co., Ltd.)

PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)

PRC - C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe (CyberLink Corp.)

PRC - C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe (Samsung Electronics)

PRC - C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)

PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Program Files (x86)\Samsung\Movie Color Enhancer\WinCRT.dll ()

MOD - C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll ()

MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ()

MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ()

MOD - C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll ()

 

 
 ========== Services (SafeList) ==========

 

SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)

SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)

SRV:64bit: - (Samsung UPD Service) -- C:\Windows\SysNative\SUPDSvc.exe (Samsung Electronics CO., LTD.)

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)

SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - (aswSnx) -- C:\windows\SysNative\drivers\aswSnx.sys (AVAST Software)

DRV:64bit: - (aswSP) -- C:\windows\SysNative\drivers\aswSP.sys (AVAST Software)

DRV:64bit: - (aswTdi) -- C:\windows\SysNative\drivers\aswTdi.sys (AVAST Software)

DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)

DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)

DRV:64bit: - (aswFsBlk) -- C:\windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)

DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)

DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)

DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)

DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)

DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)

DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)

DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)

DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)

DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.)

DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)

DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)

DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys (Intel(R) Corporation)

DRV:64bit: - (SABI) -- C:\Windows\SysNative\drivers\SABI.sys (SAMSUNG ELECTRONICS)

DRV:64bit: - (SSPORT) -- C:\Windows\SysNative\drivers\SSPORT.sys (Samsung Electronics)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)

DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)

DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)

DRV:64bit: - (DslMNLwf) -- C:\Windows\SysNative\drivers\dslmnlwf.sys (T-Systems Enterprise Services GmbH)

DRV:64bit: - (PVUSB) -- C:\Windows\SysNative\drivers\CESG64.sys (CASIO COMPUTER CO.,LTD.)

DRV - (rtport) -- C:\Windows\SysWOW64\drivers\rtport.sys (Windows (R) 2003 DDK 3790 provider)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=417&sr=0&q={searchTerms}

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung.msn.com

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=417&sr=0&q={searchTerms}

 

 

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

 

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

 

IE - HKU\S-1-5-21-2027592733-4161651481-1790285415-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com

IE - HKU\S-1-5-21-2027592733-4161651481-1790285415-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com

IE - HKU\S-1-5-21-2027592733-4161651481-1790285415-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = 

IE - HKU\S-1-5-21-2027592733-4161651481-1790285415-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 

IE - HKU\S-1-5-21-2027592733-4161651481-1790285415-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-2027592733-4161651481-1790285415-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=417&sr=0&q={searchTerms}

IE - HKU\S-1-5-21-2027592733-4161651481-1790285415-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..extensions.enabledAddons: {1de0de3c-0b5c-4f67-90c6-689623894991}:0.3

FF - prefs.js..extensions.enabledAddons: {dc572301-7619-498c-a57d-39143191b318}:0.4.0.3

FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1466

FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.2

FF - prefs.js..extensions.enabledAddons: {2f149710-41a6-11e0-9207-0800200c9a66}:2.9.6

FF - prefs.js..network.proxy.backup.ftp: "218.247.129.7"

FF - prefs.js..network.proxy.backup.ftp_port: 80

FF - prefs.js..network.proxy.backup.socks: "218.247.129.7"

FF - prefs.js..network.proxy.backup.socks_port: 80

FF - prefs.js..network.proxy.backup.ssl: "218.247.129.7"

FF - prefs.js..network.proxy.backup.ssl_port: 80

FF - prefs.js..network.proxy.ftp: "124.160.133.204"

FF - prefs.js..network.proxy.ftp_port: 80

FF - prefs.js..network.proxy.http: "124.160.133.204"

FF - prefs.js..network.proxy.http_port: 80

FF - prefs.js..network.proxy.share_proxy_settings: true

FF - prefs.js..network.proxy.socks: "124.160.133.204"

FF - prefs.js..network.proxy.socks_port: 80

FF - prefs.js..network.proxy.ssl: "124.160.133.204"

FF - prefs.js..network.proxy.ssl_port: 80

FF - user.js - File not found

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()

FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files (x86)\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found

FF - HKCU\Software\MozillaPlugins\@phonostar.de/phonostar: C:\Program Files (x86)\phonostar-Player\npphonostarDetectNP.dll File not found

 

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/08/25 17:46:39 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/01 19:09:07 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/19 13:38:12 | 000,000,000 | ---D | M]

 

[2012/06/30 12:51:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Isabelle\AppData\Roaming\mozilla\Extensions

[2012/04/15 09:59:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Isabelle\AppData\Roaming\mozilla\Extensions\home2@tomtom.com

[2012/09/03 08:25:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Isabelle\AppData\Roaming\mozilla\Firefox\Profiles\kbx3rbvp.default\extensions

[2012/08/31 08:42:37 | 000,000,000 | ---D | M] (FT PureWhite) -- C:\Users\Isabelle\AppData\Roaming\mozilla\Firefox\Profiles\kbx3rbvp.default\extensions\{2f149710-41a6-11e0-9207-0800200c9a66}

[2012/09/01 10:32:22 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Isabelle\AppData\Roaming\mozilla\Firefox\Profiles\kbx3rbvp.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2012/05/17 15:28:26 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Isabelle\AppData\Roaming\mozilla\Firefox\Profiles\kbx3rbvp.default\extensions\ich@maltegoetz.de

[2012/08/31 08:45:24 | 000,000,000 | ---D | M] (LavaFox V2) -- C:\Users\Isabelle\AppData\Roaming\mozilla\Firefox\Profiles\kbx3rbvp.default\extensions\info@djzig.com

[2012/08/31 08:45:29 | 000,000,000 | ---D | M] (LavaFox V2-Purple) -- C:\Users\Isabelle\AppData\Roaming\mozilla\Firefox\Profiles\kbx3rbvp.default\extensions\zigboom555@aol.com

[2012/01/12 19:54:44 | 000,005,739 | ---- | M] () (No name found) -- C:\Users\Isabelle\AppData\Roaming\mozilla\firefox\profiles\kbx3rbvp.default\extensions\{1de0de3c-0b5c-4f67-90c6-689623894991}.xpi

[2012/08/29 19:28:10 | 000,527,328 | ---- | M] () (No name found) -- C:\Users\Isabelle\AppData\Roaming\mozilla\firefox\profiles\kbx3rbvp.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

[2012/07/25 12:21:09 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Isabelle\AppData\Roaming\mozilla\firefox\profiles\kbx3rbvp.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

[2012/07/21 20:43:33 | 000,702,524 | ---- | M] () (No name found) -- C:\Users\Isabelle\AppData\Roaming\mozilla\firefox\profiles\kbx3rbvp.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi

[2012/09/01 19:09:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/08/25 17:46:39 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

[2012/08/25 04:00:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012/08/25 04:49:52 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012/08/25 04:49:52 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/08/25 04:49:52 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2012/08/25 04:49:52 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2012/08/25 04:49:52 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2012/08/25 04:49:52 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Samsung BHO Class) - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\bin\jp2ssv.dll (Oracle Corporation)

O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-2027592733-4161651481-1790285415-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Isabelle\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk =  File not found

O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk =  File not found

O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk =  File not found

O4 - Startup: C:\Users\Isabelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Isabelle\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 File not found

O8:64bit: - Extra context menu item: 使用快车3下载 - C:\Users\Isabelle\AppData\Roaming\FlashGetBHO\GetUrl.htm ()

O8:64bit: - Extra context menu item: 使用快车3下载全部链接 - C:\Users\Isabelle\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\SysWow64\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: 使用快车3下载 - C:\Users\Isabelle\AppData\Roaming\FlashGetBHO\GetUrl.htm ()

O8 - Extra context menu item: 使用快车3下载全部链接 - C:\Users\Isabelle\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()

O9 - Extra Button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()

O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.6.2)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{71DEE413-63EB-4D97-B36C-806F379CE74F}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{86C72A8A-BA44-413D-8B4C-3C52CAAF88C6}: DhcpNameServer = 192.168.2.1 192.168.2.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2002/04/05 11:08:13 | 000,000,043 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]

O33 - MountPoints2\{6e0aebcd-b8d1-11e0-9be6-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{6e0aebcd-b8d1-11e0-9be6-806e6f6e6963}\Shell\AutoRun\command - "" = E:\menue.exe -- [2006/02/03 15:03:32 | 000,872,132 | R--- | M] (3rd Eye Solutions                                                                                                                                                                                                        )

O33 - MountPoints2\{a4ce0959-3d3b-11e1-a36f-e81132c3ad0b}\Shell - "" = AutoRun

O33 - MountPoints2\{a4ce0959-3d3b-11e1-a36f-e81132c3ad0b}\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

 

 

SafeBootMin:64bit: AppMgmt - Service

SafeBootMin:64bit: Base - Driver Group

SafeBootMin:64bit: Boot Bus Extender - Driver Group

SafeBootMin:64bit: Boot file system - Driver Group

SafeBootMin:64bit: File system - Driver Group

SafeBootMin:64bit: Filter - Driver Group

SafeBootMin:64bit: HelpSvc - Service

SafeBootMin:64bit: PCI Configuration - Driver Group

SafeBootMin:64bit: PNP Filter - Driver Group

SafeBootMin:64bit: Primary disk - Driver Group

SafeBootMin:64bit: sacsvr - Service

SafeBootMin:64bit: SCSI Class - Driver Group

SafeBootMin:64bit: System Bus Extender - Driver Group

SafeBootMin:64bit: vmms - Service

SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet:64bit: AppMgmt - Service

SafeBootNet:64bit: Base - Driver Group

SafeBootNet:64bit: Boot Bus Extender - Driver Group

SafeBootNet:64bit: Boot file system - Driver Group

SafeBootNet:64bit: File system - Driver Group

SafeBootNet:64bit: Filter - Driver Group

SafeBootNet:64bit: HelpSvc - Service

SafeBootNet:64bit: Messenger - Service

SafeBootNet:64bit: NDIS Wrapper - Driver Group

SafeBootNet:64bit: NetBIOSGroup - Driver Group

SafeBootNet:64bit: NetDDEGroup - Driver Group

SafeBootNet:64bit: Network - Driver Group

SafeBootNet:64bit: NetworkProvider - Driver Group

SafeBootNet:64bit: PCI Configuration - Driver Group

SafeBootNet:64bit: PNP Filter - Driver Group

SafeBootNet:64bit: PNP_TDI - Driver Group

SafeBootNet:64bit: Primary disk - Driver Group

SafeBootNet:64bit: rdsessmgr - Service

SafeBootNet:64bit: sacsvr - Service

SafeBootNet:64bit: SCSI Class - Driver Group

SafeBootNet:64bit: Streams Drivers - Driver Group

SafeBootNet:64bit: System Bus Extender - Driver Group

SafeBootNet:64bit: TDI - Driver Group

SafeBootNet:64bit: vmms - Service

SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SafeBootNet:64bit: WudfUsbccidDriver - Driver

SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\windows\system32\cmd.exe /D /C start C:\windows\system32\ie4uinit.exe -ClearIconCache

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\windows\system32\cmd.exe /D /C start C:\windows\system32\ie4uinit.exe -ClearIconCache

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32:64bit: vidc.i420 -  File not found

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.)

Drivers32: vidc.i420 - lvcodec2.dll File not found

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012/09/05 17:34:12 | 000,599,040 | ---- | C] (OldTimer Tools) -- C:\Users\Isabelle\Desktop\OTL(1).exe

[2012/09/05 09:00:04 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Isabelle\Desktop\esetsmartinstaller_enu.exe

[2012/09/05 08:57:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012/09/05 08:18:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/09/05 08:18:42 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys

[2012/09/05 08:18:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/09/04 09:12:59 | 000,599,040 | ---- | C] (OldTimer Tools) -- C:\Users\Isabelle\Desktop\OTL.exe

[2012/09/03 22:53:09 | 000,000,000 | ---D | C] -- C:\Users\Isabelle\Documents\Youcam

[2012/09/01 19:09:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service

[2012/09/01 18:24:10 | 000,000,000 | ---D | C] -- C:\Users\Isabelle\AppData\Roaming\Malwarebytes

[2012/09/01 18:23:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/09/01 11:26:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileMenuTools

[2012/09/01 10:32:21 | 000,000,000 | ---D | C] -- C:\Users\Isabelle\AppData\Roaming\DVDVideoSoftIEHelpers

[2012/09/01 10:32:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft

[2012/09/01 10:32:19 | 000,405,152 | ---- | C] (Newtonsoft) -- C:\windows\SysWow64\Newtonsoft.Json.Net20.dll

[2012/09/01 10:32:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft

[2012/09/01 10:32:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free YouTube to MP3 Converter

[2012/08/27 16:43:51 | 000,000,000 | -H-D | C] -- C:\Users\Isabelle\Desktop\.picasaoriginals

[2012/08/26 13:31:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\lib

[2012/08/26 13:30:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\bin

[2012/08/26 13:25:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2012/08/19 20:08:33 | 000,177,640 | ---- | C] (MCCI Corporation) -- C:\windows\SysNative\drivers\ssadmdm.sys

[2012/08/19 20:08:33 | 000,157,672 | ---- | C] (MCCI Corporation) -- C:\windows\SysNative\drivers\ssadbus.sys

[2012/08/19 20:08:33 | 000,016,872 | ---- | C] (MCCI Corporation) -- C:\windows\SysNative\drivers\ssadmdfl.sys

[2012/08/19 20:08:33 | 000,013,800 | ---- | C] (MCCI Corporation) -- C:\windows\SysNative\drivers\ssadwhnt.sys

[2012/08/19 20:08:33 | 000,013,288 | ---- | C] (MCCI Corporation) -- C:\windows\SysNative\drivers\ssadcmnt.sys

[2012/08/19 20:08:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\USB Drivers

[2012/08/19 20:06:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kies

[2012/08/19 20:04:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMedia Recode

[2012/08/19 20:04:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XMedia Recode

[2012/08/19 13:38:04 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2012/08/13 14:57:26 | 000,000,000 | ---D | C] -- C:\Users\Isabelle\AppData\Local\fotokasten comfort

[2012/08/13 14:57:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\fotokasten comfort

[2012/08/13 14:56:50 | 000,000,000 | ---D | C] -- C:\ProgramData\fotokasten comfort

[2012/08/13 14:56:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\fotokasten comfort

 
 ========== Files - Modified Within 30 Days ==========

 

[2012/09/05 17:34:21 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Isabelle\Desktop\OTL(1).exe

[2012/09/05 16:54:10 | 000,021,200 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/09/05 16:54:10 | 000,021,200 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/09/05 16:46:35 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2012/09/05 16:46:30 | 2126,036,991 | -HS- | M] () -- C:\hiberfil.sys

[2012/09/05 16:17:39 | 000,511,265 | ---- | M] () -- C:\Users\Isabelle\Desktop\adwcleaner.exe

[2012/09/05 09:00:04 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Isabelle\Desktop\esetsmartinstaller_enu.exe

[2012/09/05 08:18:43 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/09/04 10:41:46 | 001,498,742 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI

[2012/09/04 10:41:46 | 000,654,400 | ---- | M] () -- C:\windows\SysNative\perfh007.dat

[2012/09/04 10:41:46 | 000,616,242 | ---- | M] () -- C:\windows\SysNative\perfh009.dat

[2012/09/04 10:41:46 | 000,130,240 | ---- | M] () -- C:\windows\SysNative\perfc007.dat

[2012/09/04 10:41:46 | 000,106,622 | ---- | M] () -- C:\windows\SysNative\perfc009.dat

[2012/09/04 09:13:00 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Isabelle\Desktop\OTL.exe

[2012/09/01 20:39:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job

[2012/09/01 19:09:08 | 000,001,094 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012/09/01 15:19:23 | 000,000,136 | ---- | M] () -- C:\Users\Isabelle\Desktop\Spider Solitär.lnk

[2012/09/01 15:19:20 | 000,000,136 | ---- | M] () -- C:\Users\Isabelle\Desktop\Mahjong Titans.lnk

[2012/09/01 15:19:18 | 000,000,136 | ---- | M] () -- C:\Users\Isabelle\Desktop\Hearts.lnk

[2012/09/01 15:19:16 | 000,000,136 | ---- | M] () -- C:\Users\Isabelle\Desktop\FreeCell.lnk

[2012/09/01 13:06:34 | 000,001,082 | ---- | M] () -- C:\Users\Isabelle\Desktop\regedit.lnk

[2012/08/31 15:11:42 | 000,017,611 | ---- | M] () -- C:\Users\Isabelle\Desktop\microsim-schablone.pdf

[2012/08/26 13:31:00 | 000,000,450 | ---- | M] () -- C:\Program Files (x86)\release

[2012/08/26 13:30:59 | 000,003,409 | ---- | M] () -- C:\Program Files (x86)\COPYRIGHT

[2012/08/26 13:30:59 | 000,000,983 | ---- | M] () -- C:\Program Files (x86)\Welcome.html

[2012/08/26 13:30:59 | 000,000,041 | ---- | M] () -- C:\Program Files (x86)\LICENSE

[2012/08/25 17:46:40 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt

[2012/08/24 15:58:36 | 000,405,152 | ---- | M] (Newtonsoft) -- C:\windows\SysWow64\Newtonsoft.Json.Net20.dll

[2012/08/21 11:13:13 | 000,969,200 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys

[2012/08/21 11:13:13 | 000,359,464 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys

[2012/08/21 11:13:13 | 000,059,728 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswTdi.sys

[2012/08/21 11:13:12 | 000,071,600 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys

[2012/08/21 11:13:12 | 000,054,072 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr2.sys

[2012/08/21 11:13:11 | 000,025,232 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswFsBlk.sys

[2012/08/21 11:12:33 | 000,041,224 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr

[2012/08/21 11:12:23 | 000,227,648 | ---- | M] (AVAST Software) -- C:\windows\SysWow64\aswBoot.exe

[2012/08/21 11:12:02 | 000,285,328 | ---- | M] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe

[2012/08/16 07:29:42 | 000,320,504 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT

 
 ========== Files Created - No Company Name ==========

 

[2012/09/05 16:17:25 | 000,511,265 | ---- | C] () -- C:\Users\Isabelle\Desktop\adwcleaner.exe

[2012/09/05 08:18:43 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/09/01 19:15:25 | 000,000,884 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job

[2012/09/01 19:09:08 | 000,001,106 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

[2012/09/01 19:09:08 | 000,001,094 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012/09/01 15:19:23 | 000,000,136 | ---- | C] () -- C:\Users\Isabelle\Desktop\Spider Solitär.lnk

[2012/09/01 15:19:20 | 000,000,136 | ---- | C] () -- C:\Users\Isabelle\Desktop\Mahjong Titans.lnk

[2012/09/01 15:19:18 | 000,000,136 | ---- | C] () -- C:\Users\Isabelle\Desktop\Hearts.lnk

[2012/09/01 15:19:16 | 000,000,136 | ---- | C] () -- C:\Users\Isabelle\Desktop\FreeCell.lnk

[2012/09/01 13:06:25 | 000,001,082 | ---- | C] () -- C:\Users\Isabelle\Desktop\regedit.lnk

[2012/08/31 15:11:42 | 000,017,611 | ---- | C] () -- C:\Users\Isabelle\Desktop\microsim-schablone.pdf

[2012/08/26 13:31:00 | 000,000,450 | ---- | C] () -- C:\Program Files (x86)\release

[2012/08/26 13:30:59 | 000,003,409 | ---- | C] () -- C:\Program Files (x86)\COPYRIGHT

[2012/08/26 13:30:59 | 000,000,983 | ---- | C] () -- C:\Program Files (x86)\Welcome.html

[2012/08/26 13:30:59 | 000,000,041 | ---- | C] () -- C:\Program Files (x86)\LICENSE

[2012/05/13 12:25:24 | 000,456,192 | ---- | C] () -- C:\windows\SetACL.exe

[2012/05/13 11:48:57 | 000,000,694 | ---- | C] () -- C:\Users\Isabelle\Isabelle - Verknüpfung.lnk

[2012/02/16 21:08:20 | 000,005,120 | ---- | C] () -- C:\Users\Isabelle\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/02/13 16:49:00 | 000,000,173 | ---- | C] () -- C:\Users\Isabelle\AppData\Local\msmathematics.qat.Isabelle

[2012/01/22 01:32:20 | 000,000,025 | ---- | C] () -- C:\windows\libem.INI

[2012/01/12 19:35:43 | 001,500,444 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI

[2011/12/23 21:58:24 | 000,974,848 | ---- | C] () -- C:\windows\SysWow64\cis-2.4.dll

[2011/12/23 21:58:24 | 000,081,920 | ---- | C] () -- C:\windows\SysWow64\issacapi_bs-2.3.dll

[2011/12/23 21:58:24 | 000,065,536 | ---- | C] () -- C:\windows\SysWow64\issacapi_pe-2.3.dll

[2011/12/23 21:58:24 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\issacapi_se-2.3.dll

[2011/07/28 20:44:58 | 000,258,864 | ---- | C] () -- C:\windows\SUPDRun.exe

[2011/07/28 06:55:27 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe

[2011/07/28 06:07:29 | 000,000,918 | ---- | C] () -- C:\windows\HotFixList.ini

[2011/07/28 05:54:15 | 000,142,128 | ---- | C] () -- C:\windows\wiainst64.exe

 
 ========== LOP Check ==========

 

[2012/09/01 12:40:20 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Dropbox

[2012/06/06 15:20:53 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\ASCON Installer

[2012/06/06 15:23:27 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\ASCON Programme

[2012/04/28 17:18:14 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\Ashampoo

[2012/07/21 09:39:21 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\Audacity

[2012/01/22 01:32:20 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\BITS

[2012/09/05 16:47:59 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\Dropbox

[2012/09/01 10:32:24 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\DVDVideoSoft

[2012/09/01 10:33:38 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\DVDVideoSoftIEHelpers

[2012/01/27 19:10:04 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\FlashGet

[2012/01/22 01:31:31 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\FlashGetBHO

[2012/06/30 12:45:47 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\FreeScreenToVideo

[2012/09/01 15:52:09 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\ICQ

[2012/03/23 07:17:04 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\MySQL

[2012/07/07 14:58:12 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\phonostar GmbH

[2012/08/19 20:06:00 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\Samsung

[2012/02/23 19:31:26 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\Similarity

[2012/01/13 19:59:10 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\SoftGrid Client

[2012/01/15 22:05:55 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\T-Online

[2012/06/03 14:46:12 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\Temp

[2012/04/15 09:59:54 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\TomTom

[2012/01/12 19:36:14 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\TP

[2012/06/30 12:50:22 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\Western Digital

[2012/01/12 21:54:44 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\XMedia Recode

[2012/08/02 12:11:04 | 000,032,632 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2012/01/12 20:34:05 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\Adobe

[2012/04/28 15:57:37 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\Ahead

[2012/06/06 15:20:53 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\ASCON Installer

[2012/06/06 15:23:27 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\ASCON Programme

[2012/04/28 17:18:14 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\Ashampoo

[2012/07/21 09:39:21 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\Audacity

[2012/01/22 01:32:20 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\BITS

[2012/01/13 20:01:37 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\CyberLink

[2012/09/05 16:47:59 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\Dropbox

[2012/09/01 10:32:24 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\DVDVideoSoft

[2012/09/01 10:33:38 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\DVDVideoSoftIEHelpers

[2012/01/27 19:10:04 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\FlashGet

[2012/01/22 01:31:31 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\FlashGetBHO

[2012/06/30 12:45:47 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\FreeScreenToVideo

[2012/09/01 15:52:09 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\ICQ

[2012/01/12 19:27:58 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\Identities

[2012/01/13 07:38:45 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\InstallShield

[2012/01/12 19:30:41 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\Macromedia

[2012/09/01 18:24:10 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\Malwarebytes

[2011/07/28 20:56:59 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\Media Center Programs

[2012/09/01 10:34:21 | 000,000,000 | --SD | M] -- C:\Users\Isabelle\AppData\Roaming\Microsoft

[2012/01/12 19:41:16 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\Mozilla

[2012/03/23 07:17:04 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\MySQL

[2012/07/07 14:58:12 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\phonostar GmbH

[2012/08/19 20:06:00 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\Samsung

[2012/02/23 19:31:26 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\Similarity

[2012/09/04 09:41:34 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\Skype

[2012/01/13 19:59:10 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\SoftGrid Client

[2012/01/15 22:05:55 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\T-Online

[2012/06/03 14:46:12 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\Temp

[2012/04/15 09:59:54 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\TomTom

[2012/01/12 19:36:14 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\TP

[2012/03/18 21:00:46 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\vlc

[2012/06/30 12:50:22 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\Western Digital

[2012/01/12 21:54:44 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\XMedia Recode

 
 < %APPDATA%\*.exe /s >

[2005/04/06 18:00:56 | 000,057,344 | ---- | M] (ASCON) -- C:\Users\Isabelle\AppData\Roaming\ASCON Installer\ASUNINST.EXE

[2012/07/25 04:08:10 | 026,909,544 | ---- | M] (Dropbox, Inc.) -- C:\Users\Isabelle\AppData\Roaming\Dropbox\bin\Dropbox.exe

[2012/07/25 04:08:14 | 000,874,424 | ---- | M] (Dropbox, Inc.) -- C:\Users\Isabelle\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe

[2012/07/25 04:08:20 | 000,181,784 | ---- | M] (Dropbox, Inc.) -- C:\Users\Isabelle\AppData\Roaming\Dropbox\bin\Uninstall.exe

 
 < %SYSTEMDRIVE%\*.exe >

 
 < MD5 for: AGP440.SYS  >

[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\drivers\AGP440.sys

[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys

[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\drivers\atapi.sys

[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys

[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll

[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\windows\SysNative\cngaudit.dll

[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

 
 < MD5 for: IASTOR.SYS  >

[2011/02/18 01:11:54 | 000,439,320 | ---- | M] (Intel Corporation) MD5=53CC5BF8B5A219119953C7ABB19A7705 -- C:\windows\SysNative\drivers\iaStor.sys

[2011/02/18 01:11:54 | 000,439,320 | ---- | M] (Intel Corporation) MD5=53CC5BF8B5A219119953C7ABB19A7705 -- C:\windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_52b32c0ad3e84c62\iaStor.sys

 
 < MD5 for: IASTORV.SYS  >

[2010/11/21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys

[2010/11/21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys

[2011/03/11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys

[2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\drivers\iaStorV.sys

[2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys

[2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2010/11/21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\windows\SysNative\netlogon.dll

[2010/11/21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll

[2010/11/21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll

[2010/11/21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2011/03/11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys

[2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\drivers\nvstor.sys

[2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys

[2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys

[2010/11/21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys

[2010/11/21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2010/11/21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll

[2010/11/21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll

[2010/11/21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\windows\SysNative\scecli.dll

[2010/11/21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2010/11/21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll

[2010/11/21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll

[2010/11/21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\windows\SysNative\user32.dll

[2010/11/21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2010/11/21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe

[2010/11/21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2010/11/21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe

[2010/11/21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\windows\SysNative\wininit.exe

[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe

[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe

[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2010/11/21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe

[2010/11/21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\windows\SysNative\drivers\ws2ifsl.sys

[2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[2009/07/14 03:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\windows\system32\FirewallAPI.dll
 

< End of report >

Hm, da ist immer noch Toolbar-Müll drin
Bitte mal den aktuellen adwCleaner runterladen, also die alte adwcleaner löschen und neu runterladen

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Suche.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

hier nochmal adwCleaner:

Code:

# AdwCleaner v2.000 - Datei am 09/06/2012 um 12:48:53 erstellt

# Aktualisiert am 30/08/2012 von Xplode

# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)

# Benutzer : Isabelle - ISABELLE

# Normaler Modus : Normal

# Ausgeführt unter : C:\Users\Isabelle\Desktop\adwcleaner.exe

# Option [Suche]
 
 

**** [Dienste] ****
 
 

***** [Dateien / Ordner] *****
 
 

***** [Registrierungsdatenbank] *****
 
 

***** [Internet Browser] *****
 

-\\ Internet Explorer v9.0.8112.16421
 

[OK] Die Registrierungsdatenbank ist sauber.
 

-\\ Mozilla Firefox v15.0 (de)
 

Profilname : default 

Datei : C:\Users\Isabelle\AppData\Roaming\Mozilla\Firefox\Profiles\kbx3rbvp.default\prefs.js
 

Gefunden : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb178?a=6PQIjk7ZZx&loc=FF_NT");
 

Profilname : default 

Datei : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\k2hlluo9.default\prefs.js
 

[OK] Die Datei ist sauber.
 

*************************
 

AdwCleaner[R1].txt - [12666 octets] - [03/09/2012 22:19:39]

AdwCleaner[R2].txt - [12727 octets] - [03/09/2012 22:24:01]

AdwCleaner[S1].txt - [12817 octets] - [03/09/2012 23:58:01]

AdwCleaner[R3].txt - [1421 octets] - [05/09/2012 16:18:04]

AdwCleaner[S2].txt - [1437 octets] - [05/09/2012 16:45:28]

AdwCleaner[R4].txt - [1294 octets] - [06/09/2012 12:48:53]
 

########## EOF - C:\AdwCleaner[R4].txt - [1354 octets] ##########

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Löschen.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

MyStart Incredibar ist leider immernoch da. =(

Code:

# AdwCleaner v2.000 - Datei am 09/06/2012 um 16:22:56 erstellt

# Aktualisiert am 30/08/2012 von Xplode

# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)

# Benutzer : Isabelle - ISABELLE

# Normaler Modus : Normal

# Ausgeführt unter : C:\Users\Isabelle\Desktop\adwcleaner.exe

# Option [Löschen]
 
 

**** [Dienste] ****
 
 

***** [Dateien / Ordner] *****
 
 

***** [Registrierungsdatenbank] *****
 
 

***** [Internet Browser] *****
 

-\\ Internet Explorer v9.0.8112.16421
 
 

-\\ Mozilla Firefox v15.0 (de)
 

Profilname : default 

Datei : C:\Users\Isabelle\AppData\Roaming\Mozilla\Firefox\Profiles\kbx3rbvp.default\prefs.js
 

Gelöscht : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb178?a=6PQIjk7ZZx&loc=FF_NT");
 

Profilname : default 

Datei : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\k2hlluo9.default\prefs.js
 

[OK] Die Datei ist sauber.
 

*************************
 

AdwCleaner[R1].txt - [12666 octets] - [03/09/2012 22:19:39]

AdwCleaner[R2].txt - [12727 octets] - [03/09/2012 22:24:01]

AdwCleaner[S1].txt - [12817 octets] - [03/09/2012 23:58:01]

AdwCleaner[R3].txt - [1421 octets] - [05/09/2012 16:18:04]

AdwCleaner[S2].txt - [1437 octets] - [05/09/2012 16:45:28]

AdwCleaner[R4].txt - [1423 octets] - [06/09/2012 12:48:53]

AdwCleaner[S3].txt - [1310 octets] - [06/09/2012 16:22:56]
 

########## EOF - C:\AdwCleaner[S3].txt - [1370 octets] ##########

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Code:

OTL logfile created on: 9/6/2012 5:03:52 PM - Run 5

OTL by OldTimer - Version 3.2.61.0     Folder = C:\Users\Isabelle\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

5.98 Gb Total Physical Memory | 4.59 Gb Available Physical Memory | 76.69% Memory free

11.96 Gb Paging File | 10.49 Gb Available in Paging File | 87.70% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 237.00 Gb Total Space | 186.33 Gb Free Space | 78.62% Space Free | Partition Type: NTFS

Drive D: | 437.74 Gb Total Space | 341.80 Gb Free Space | 78.08% Space Free | Partition Type: NTFS

Drive E: | 4.15 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

 

Computer Name: ISABELLE | User Name: Isabelle | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\Isabelle\Desktop\OTL(2).exe (OldTimer Tools)

PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)

PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)

PRC - C:\Users\Isabelle\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics)

PRC - C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe (SEC)

PRC - C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe (Samsung Electronics Co., Ltd.)

PRC - C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.)

PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe (Samsung Electronics Co., Ltd.)

PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)

PRC - C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe (CyberLink Corp.)

PRC - C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe (Samsung Electronics)

PRC - C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)

PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Program Files (x86)\Samsung\Movie Color Enhancer\WinCRT.dll ()

MOD - C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll ()

MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ()

MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ()

MOD - C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll ()

 

 
 ========== Services (SafeList) ==========

 

SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)

SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)

SRV:64bit: - (Samsung UPD Service) -- C:\Windows\SysNative\SUPDSvc.exe (Samsung Electronics CO., LTD.)

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)

SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - (aswSnx) -- C:\windows\SysNative\drivers\aswSnx.sys (AVAST Software)

DRV:64bit: - (aswSP) -- C:\windows\SysNative\drivers\aswSP.sys (AVAST Software)

DRV:64bit: - (aswTdi) -- C:\windows\SysNative\drivers\aswTdi.sys (AVAST Software)

DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)

DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)

DRV:64bit: - (aswFsBlk) -- C:\windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)

DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)

DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)

DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)

DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)

DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)

DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)

DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)

DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)

DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.)

DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)

DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)

DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys (Intel(R) Corporation)

DRV:64bit: - (SABI) -- C:\Windows\SysNative\drivers\SABI.sys (SAMSUNG ELECTRONICS)

DRV:64bit: - (SSPORT) -- C:\Windows\SysNative\drivers\SSPORT.sys (Samsung Electronics)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)

DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)

DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)

DRV:64bit: - (DslMNLwf) -- C:\Windows\SysNative\drivers\dslmnlwf.sys (T-Systems Enterprise Services GmbH)

DRV:64bit: - (PVUSB) -- C:\Windows\SysNative\drivers\CESG64.sys (CASIO COMPUTER CO.,LTD.)

DRV - (rtport) -- C:\Windows\SysWOW64\drivers\rtport.sys (Windows (R) 2003 DDK 3790 provider)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=417&sr=0&q={searchTerms}

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung.msn.com

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=417&sr=0&q={searchTerms}

 

 

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

 

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

 

IE - HKU\S-1-5-21-2027592733-4161651481-1790285415-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com

IE - HKU\S-1-5-21-2027592733-4161651481-1790285415-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com

IE - HKU\S-1-5-21-2027592733-4161651481-1790285415-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = 

IE - HKU\S-1-5-21-2027592733-4161651481-1790285415-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 

IE - HKU\S-1-5-21-2027592733-4161651481-1790285415-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-2027592733-4161651481-1790285415-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=417&sr=0&q={searchTerms}

IE - HKU\S-1-5-21-2027592733-4161651481-1790285415-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..extensions.enabledAddons: {1de0de3c-0b5c-4f67-90c6-689623894991}:0.3

FF - prefs.js..extensions.enabledAddons: {dc572301-7619-498c-a57d-39143191b318}:0.4.0.3

FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1466

FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.2

FF - prefs.js..extensions.enabledAddons: {2f149710-41a6-11e0-9207-0800200c9a66}:2.9.6

FF - prefs.js..network.proxy.backup.ftp: "218.247.129.7"

FF - prefs.js..network.proxy.backup.ftp_port: 80

FF - prefs.js..network.proxy.backup.socks: "218.247.129.7"

FF - prefs.js..network.proxy.backup.socks_port: 80

FF - prefs.js..network.proxy.backup.ssl: "218.247.129.7"

FF - prefs.js..network.proxy.backup.ssl_port: 80

FF - prefs.js..network.proxy.ftp: "124.160.133.204"

FF - prefs.js..network.proxy.ftp_port: 80

FF - prefs.js..network.proxy.http: "124.160.133.204"

FF - prefs.js..network.proxy.http_port: 80

FF - prefs.js..network.proxy.share_proxy_settings: true

FF - prefs.js..network.proxy.socks: "124.160.133.204"

FF - prefs.js..network.proxy.socks_port: 80

FF - prefs.js..network.proxy.ssl: "124.160.133.204"

FF - prefs.js..network.proxy.ssl_port: 80

FF - user.js - File not found

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()

FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files (x86)\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found

FF - HKCU\Software\MozillaPlugins\@phonostar.de/phonostar: C:\Program Files (x86)\phonostar-Player\npphonostarDetectNP.dll File not found

 

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/08/25 17:46:39 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/01 19:09:07 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/19 13:38:12 | 000,000,000 | ---D | M]

 

[2012/06/30 12:51:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Isabelle\AppData\Roaming\mozilla\Extensions

[2012/04/15 09:59:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Isabelle\AppData\Roaming\mozilla\Extensions\home2@tomtom.com

[2012/09/06 08:48:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Isabelle\AppData\Roaming\mozilla\Firefox\Profiles\kbx3rbvp.default\extensions

[2012/08/31 08:42:37 | 000,000,000 | ---D | M] (FT PureWhite) -- C:\Users\Isabelle\AppData\Roaming\mozilla\Firefox\Profiles\kbx3rbvp.default\extensions\{2f149710-41a6-11e0-9207-0800200c9a66}

[2012/09/01 10:32:22 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Isabelle\AppData\Roaming\mozilla\Firefox\Profiles\kbx3rbvp.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2012/05/17 15:28:26 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Isabelle\AppData\Roaming\mozilla\Firefox\Profiles\kbx3rbvp.default\extensions\ich@maltegoetz.de

[2012/08/31 08:45:24 | 000,000,000 | ---D | M] (LavaFox V2) -- C:\Users\Isabelle\AppData\Roaming\mozilla\Firefox\Profiles\kbx3rbvp.default\extensions\info@djzig.com

[2012/08/31 08:45:29 | 000,000,000 | ---D | M] (LavaFox V2-Purple) -- C:\Users\Isabelle\AppData\Roaming\mozilla\Firefox\Profiles\kbx3rbvp.default\extensions\zigboom555@aol.com

[2012/01/12 19:54:44 | 000,005,739 | ---- | M] () (No name found) -- C:\Users\Isabelle\AppData\Roaming\mozilla\firefox\profiles\kbx3rbvp.default\extensions\{1de0de3c-0b5c-4f67-90c6-689623894991}.xpi

[2012/09/06 08:48:32 | 000,527,931 | ---- | M] () (No name found) -- C:\Users\Isabelle\AppData\Roaming\mozilla\firefox\profiles\kbx3rbvp.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

[2012/07/25 12:21:09 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Isabelle\AppData\Roaming\mozilla\firefox\profiles\kbx3rbvp.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

[2012/07/21 20:43:33 | 000,702,524 | ---- | M] () (No name found) -- C:\Users\Isabelle\AppData\Roaming\mozilla\firefox\profiles\kbx3rbvp.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi

[2012/09/01 19:09:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/08/25 17:46:39 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

[2012/08/25 04:00:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012/08/25 04:49:52 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012/08/25 04:49:52 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/08/25 04:49:52 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2012/08/25 04:49:52 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2012/08/25 04:49:52 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2012/08/25 04:49:52 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Samsung BHO Class) - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\bin\jp2ssv.dll (Oracle Corporation)

O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-2027592733-4161651481-1790285415-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Isabelle\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk =  File not found

O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk =  File not found

O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk =  File not found

O4 - Startup: C:\Users\Isabelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Isabelle\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 File not found

O8:64bit: - Extra context menu item: 使用快车3下载 - C:\Users\Isabelle\AppData\Roaming\FlashGetBHO\GetUrl.htm ()

O8:64bit: - Extra context menu item: 使用快车3下载全部链接 - C:\Users\Isabelle\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\SysWow64\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: 使用快车3下载 - C:\Users\Isabelle\AppData\Roaming\FlashGetBHO\GetUrl.htm ()

O8 - Extra context menu item: 使用快车3下载全部链接 - C:\Users\Isabelle\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()

O9 - Extra Button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()

O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.6.2)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{71DEE413-63EB-4D97-B36C-806F379CE74F}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{86C72A8A-BA44-413D-8B4C-3C52CAAF88C6}: DhcpNameServer = 192.168.2.1 192.168.2.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2002/04/05 11:08:13 | 000,000,043 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]

O33 - MountPoints2\{6e0aebcd-b8d1-11e0-9be6-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{6e0aebcd-b8d1-11e0-9be6-806e6f6e6963}\Shell\AutoRun\command - "" = E:\menue.exe -- [2006/02/03 15:03:32 | 000,872,132 | R--- | M] (3rd Eye Solutions                                                                                                                                                                                                        )

O33 - MountPoints2\{a4ce0959-3d3b-11e1-a36f-e81132c3ad0b}\Shell - "" = AutoRun

O33 - MountPoints2\{a4ce0959-3d3b-11e1-a36f-e81132c3ad0b}\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

 

 

SafeBootMin:64bit: AppMgmt - Service

SafeBootMin:64bit: Base - Driver Group

SafeBootMin:64bit: Boot Bus Extender - Driver Group

SafeBootMin:64bit: Boot file system - Driver Group

SafeBootMin:64bit: File system - Driver Group

SafeBootMin:64bit: Filter - Driver Group

SafeBootMin:64bit: HelpSvc - Service

SafeBootMin:64bit: PCI Configuration - Driver Group

SafeBootMin:64bit: PNP Filter - Driver Group

SafeBootMin:64bit: Primary disk - Driver Group

SafeBootMin:64bit: sacsvr - Service

SafeBootMin:64bit: SCSI Class - Driver Group

SafeBootMin:64bit: System Bus Extender - Driver Group

SafeBootMin:64bit: vmms - Service

SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet:64bit: AppMgmt - Service

SafeBootNet:64bit: Base - Driver Group

SafeBootNet:64bit: Boot Bus Extender - Driver Group

SafeBootNet:64bit: Boot file system - Driver Group

SafeBootNet:64bit: File system - Driver Group

SafeBootNet:64bit: Filter - Driver Group

SafeBootNet:64bit: HelpSvc - Service

SafeBootNet:64bit: Messenger - Service

SafeBootNet:64bit: NDIS Wrapper - Driver Group

SafeBootNet:64bit: NetBIOSGroup - Driver Group

SafeBootNet:64bit: NetDDEGroup - Driver Group

SafeBootNet:64bit: Network - Driver Group

SafeBootNet:64bit: NetworkProvider - Driver Group

SafeBootNet:64bit: PCI Configuration - Driver Group

SafeBootNet:64bit: PNP Filter - Driver Group

SafeBootNet:64bit: PNP_TDI - Driver Group

SafeBootNet:64bit: Primary disk - Driver Group

SafeBootNet:64bit: rdsessmgr - Service

SafeBootNet:64bit: sacsvr - Service

SafeBootNet:64bit: SCSI Class - Driver Group

SafeBootNet:64bit: Streams Drivers - Driver Group

SafeBootNet:64bit: System Bus Extender - Driver Group

SafeBootNet:64bit: TDI - Driver Group

SafeBootNet:64bit: vmms - Service

SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SafeBootNet:64bit: WudfUsbccidDriver - Driver

SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\windows\system32\cmd.exe /D /C start C:\windows\system32\ie4uinit.exe -ClearIconCache

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32:64bit: vidc.i420 -  File not found

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.)

Drivers32: vidc.i420 - lvcodec2.dll File not found

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012/09/06 17:02:36 | 000,599,040 | ---- | C] (OldTimer Tools) -- C:\Users\Isabelle\Desktop\OTL(2).exe

[2012/09/05 22:24:20 | 000,000,000 | ---D | C] -- C:\Users\Isabelle\Desktop\Blood Moon

[2012/09/05 09:00:04 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Isabelle\Desktop\esetsmartinstaller_enu.exe

[2012/09/05 08:57:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012/09/05 08:18:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/09/05 08:18:42 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys

[2012/09/05 08:18:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/09/03 22:53:09 | 000,000,000 | ---D | C] -- C:\Users\Isabelle\Documents\Youcam

[2012/09/01 19:09:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service

[2012/09/01 18:24:10 | 000,000,000 | ---D | C] -- C:\Users\Isabelle\AppData\Roaming\Malwarebytes

[2012/09/01 18:23:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/09/01 11:26:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileMenuTools

[2012/09/01 10:32:21 | 000,000,000 | ---D | C] -- C:\Users\Isabelle\AppData\Roaming\DVDVideoSoftIEHelpers

[2012/09/01 10:32:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft

[2012/09/01 10:32:19 | 000,405,152 | ---- | C] (Newtonsoft) -- C:\windows\SysWow64\Newtonsoft.Json.Net20.dll

[2012/09/01 10:32:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft

[2012/09/01 10:32:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free YouTube to MP3 Converter

[2012/08/27 16:43:51 | 000,000,000 | -H-D | C] -- C:\Users\Isabelle\Desktop\.picasaoriginals

[2012/08/26 13:31:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\lib

[2012/08/26 13:30:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\bin

[2012/08/26 13:25:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2012/08/19 20:08:33 | 000,177,640 | ---- | C] (MCCI Corporation) -- C:\windows\SysNative\drivers\ssadmdm.sys

[2012/08/19 20:08:33 | 000,157,672 | ---- | C] (MCCI Corporation) -- C:\windows\SysNative\drivers\ssadbus.sys

[2012/08/19 20:08:33 | 000,016,872 | ---- | C] (MCCI Corporation) -- C:\windows\SysNative\drivers\ssadmdfl.sys

[2012/08/19 20:08:33 | 000,013,800 | ---- | C] (MCCI Corporation) -- C:\windows\SysNative\drivers\ssadwhnt.sys

[2012/08/19 20:08:33 | 000,013,288 | ---- | C] (MCCI Corporation) -- C:\windows\SysNative\drivers\ssadcmnt.sys

[2012/08/19 20:08:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\USB Drivers

[2012/08/19 20:06:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kies

[2012/08/19 20:04:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMedia Recode

[2012/08/19 20:04:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XMedia Recode

[2012/08/19 13:38:04 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2012/08/13 14:57:26 | 000,000,000 | ---D | C] -- C:\Users\Isabelle\AppData\Local\fotokasten comfort

[2012/08/13 14:57:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\fotokasten comfort

[2012/08/13 14:56:50 | 000,000,000 | ---D | C] -- C:\ProgramData\fotokasten comfort

[2012/08/13 14:56:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\fotokasten comfort

 
 ========== Files - Modified Within 30 Days ==========

 

[2012/09/06 17:02:37 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Isabelle\Desktop\OTL(2).exe

[2012/09/06 16:31:19 | 000,021,200 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/09/06 16:31:19 | 000,021,200 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/09/06 16:23:42 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2012/09/06 16:23:36 | 2126,036,991 | -HS- | M] () -- C:\hiberfil.sys

[2012/09/06 12:48:17 | 000,511,265 | ---- | M] () -- C:\Users\Isabelle\Desktop\adwcleaner.exe

[2012/09/05 21:50:53 | 000,072,822 | ---- | M] () -- C:\windows\SysWow64\ieuinit.inf

[2012/09/05 21:50:52 | 000,072,822 | ---- | M] () -- C:\windows\SysNative\ieuinit.inf

[2012/09/05 09:00:04 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Isabelle\Desktop\esetsmartinstaller_enu.exe

[2012/09/05 08:18:43 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/09/04 10:41:46 | 001,498,742 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI

[2012/09/04 10:41:46 | 000,654,400 | ---- | M] () -- C:\windows\SysNative\perfh007.dat

[2012/09/04 10:41:46 | 000,616,242 | ---- | M] () -- C:\windows\SysNative\perfh009.dat

[2012/09/04 10:41:46 | 000,130,240 | ---- | M] () -- C:\windows\SysNative\perfc007.dat

[2012/09/04 10:41:46 | 000,106,622 | ---- | M] () -- C:\windows\SysNative\perfc009.dat

[2012/09/01 20:39:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job

[2012/09/01 19:09:08 | 000,001,094 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012/09/01 15:19:23 | 000,000,136 | ---- | M] () -- C:\Users\Isabelle\Desktop\Spider Solitär.lnk

[2012/09/01 15:19:20 | 000,000,136 | ---- | M] () -- C:\Users\Isabelle\Desktop\Mahjong Titans.lnk

[2012/09/01 15:19:18 | 000,000,136 | ---- | M] () -- C:\Users\Isabelle\Desktop\Hearts.lnk

[2012/09/01 15:19:16 | 000,000,136 | ---- | M] () -- C:\Users\Isabelle\Desktop\FreeCell.lnk

[2012/09/01 13:06:34 | 000,001,082 | ---- | M] () -- C:\Users\Isabelle\Desktop\regedit.lnk

[2012/08/31 15:11:42 | 000,017,611 | ---- | M] () -- C:\Users\Isabelle\Desktop\microsim-schablone.pdf

[2012/08/26 13:31:00 | 000,000,450 | ---- | M] () -- C:\Program Files (x86)\release

[2012/08/26 13:30:59 | 000,003,409 | ---- | M] () -- C:\Program Files (x86)\COPYRIGHT

[2012/08/26 13:30:59 | 000,000,983 | ---- | M] () -- C:\Program Files (x86)\Welcome.html

[2012/08/26 13:30:59 | 000,000,041 | ---- | M] () -- C:\Program Files (x86)\LICENSE

[2012/08/25 17:46:40 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt

[2012/08/24 15:58:36 | 000,405,152 | ---- | M] (Newtonsoft) -- C:\windows\SysWow64\Newtonsoft.Json.Net20.dll

[2012/08/21 11:13:13 | 000,969,200 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys

[2012/08/21 11:13:13 | 000,359,464 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys

[2012/08/21 11:13:13 | 000,059,728 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswTdi.sys

[2012/08/21 11:13:12 | 000,071,600 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys

[2012/08/21 11:13:12 | 000,054,072 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr2.sys

[2012/08/21 11:13:11 | 000,025,232 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswFsBlk.sys

[2012/08/21 11:12:33 | 000,041,224 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr

[2012/08/21 11:12:23 | 000,227,648 | ---- | M] (AVAST Software) -- C:\windows\SysWow64\aswBoot.exe

[2012/08/21 11:12:02 | 000,285,328 | ---- | M] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe

[2012/08/16 07:29:42 | 000,320,504 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT

 
 ========== Files Created - No Company Name ==========

 

[2012/09/05 21:50:53 | 000,072,822 | ---- | C] () -- C:\windows\SysWow64\ieuinit.inf

[2012/09/05 21:50:52 | 000,072,822 | ---- | C] () -- C:\windows\SysNative\ieuinit.inf

[2012/09/05 16:17:25 | 000,511,265 | ---- | C] () -- C:\Users\Isabelle\Desktop\adwcleaner.exe

[2012/09/05 08:18:43 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/09/01 19:15:25 | 000,000,884 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job

[2012/09/01 19:09:08 | 000,001,106 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

[2012/09/01 19:09:08 | 000,001,094 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012/09/01 15:19:23 | 000,000,136 | ---- | C] () -- C:\Users\Isabelle\Desktop\Spider Solitär.lnk

[2012/09/01 15:19:20 | 000,000,136 | ---- | C] () -- C:\Users\Isabelle\Desktop\Mahjong Titans.lnk

[2012/09/01 15:19:18 | 000,000,136 | ---- | C] () -- C:\Users\Isabelle\Desktop\Hearts.lnk

[2012/09/01 15:19:16 | 000,000,136 | ---- | C] () -- C:\Users\Isabelle\Desktop\FreeCell.lnk

[2012/09/01 13:06:25 | 000,001,082 | ---- | C] () -- C:\Users\Isabelle\Desktop\regedit.lnk

[2012/08/31 15:11:42 | 000,017,611 | ---- | C] () -- C:\Users\Isabelle\Desktop\microsim-schablone.pdf

[2012/08/26 13:31:00 | 000,000,450 | ---- | C] () -- C:\Program Files (x86)\release

[2012/08/26 13:30:59 | 000,003,409 | ---- | C] () -- C:\Program Files (x86)\COPYRIGHT

[2012/08/26 13:30:59 | 000,000,983 | ---- | C] () -- C:\Program Files (x86)\Welcome.html

[2012/08/26 13:30:59 | 000,000,041 | ---- | C] () -- C:\Program Files (x86)\LICENSE

[2012/05/13 12:25:24 | 000,456,192 | ---- | C] () -- C:\windows\SetACL.exe

[2012/05/13 11:48:57 | 000,000,694 | ---- | C] () -- C:\Users\Isabelle\Isabelle - Verknüpfung.lnk

[2012/02/16 21:08:20 | 000,005,120 | ---- | C] () -- C:\Users\Isabelle\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/02/13 16:49:00 | 000,000,173 | ---- | C] () -- C:\Users\Isabelle\AppData\Local\msmathematics.qat.Isabelle

[2012/01/22 01:32:20 | 000,000,025 | ---- | C] () -- C:\windows\libem.INI

[2012/01/12 19:35:43 | 001,500,444 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI

[2011/12/23 21:58:24 | 000,974,848 | ---- | C] () -- C:\windows\SysWow64\cis-2.4.dll

[2011/12/23 21:58:24 | 000,081,920 | ---- | C] () -- C:\windows\SysWow64\issacapi_bs-2.3.dll

[2011/12/23 21:58:24 | 000,065,536 | ---- | C] () -- C:\windows\SysWow64\issacapi_pe-2.3.dll

[2011/12/23 21:58:24 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\issacapi_se-2.3.dll

[2011/07/28 20:44:58 | 000,258,864 | ---- | C] () -- C:\windows\SUPDRun.exe

[2011/07/28 06:55:27 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe

[2011/07/28 06:07:29 | 000,000,918 | ---- | C] () -- C:\windows\HotFixList.ini

[2011/07/28 05:54:15 | 000,142,128 | ---- | C] () -- C:\windows\wiainst64.exe

 
 ========== LOP Check ==========

 

[2012/09/01 12:40:20 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Dropbox

[2012/06/06 15:20:53 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\ASCON Installer

[2012/06/06 15:23:27 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\ASCON Programme

[2012/04/28 17:18:14 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\Ashampoo

[2012/07/21 09:39:21 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\Audacity

[2012/01/22 01:32:20 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\BITS

[2012/09/06 16:24:42 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\Dropbox

[2012/09/01 10:32:24 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\DVDVideoSoft

[2012/09/01 10:33:38 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\DVDVideoSoftIEHelpers

[2012/01/27 19:10:04 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\FlashGet

[2012/01/22 01:31:31 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\FlashGetBHO

[2012/06/30 12:45:47 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\FreeScreenToVideo

[2012/09/01 15:52:09 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\ICQ

[2012/03/23 07:17:04 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\MySQL

[2012/07/07 14:58:12 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\phonostar GmbH

[2012/08/19 20:06:00 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\Samsung

[2012/02/23 19:31:26 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\Similarity

[2012/01/13 19:59:10 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\SoftGrid Client

[2012/01/15 22:05:55 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\T-Online

[2012/06/03 14:46:12 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\Temp

[2012/04/15 09:59:54 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\TomTom

[2012/01/12 19:36:14 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\TP

[2012/06/30 12:50:22 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\Western Digital

[2012/01/12 21:54:44 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\XMedia Recode

[2012/08/02 12:11:04 | 000,032,632 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2012/01/12 20:34:05 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\Adobe

[2012/04/28 15:57:37 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\Ahead

[2012/06/06 15:20:53 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\ASCON Installer

[2012/06/06 15:23:27 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\ASCON Programme

[2012/04/28 17:18:14 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\Ashampoo

[2012/07/21 09:39:21 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\Audacity

[2012/01/22 01:32:20 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\BITS

[2012/01/13 20:01:37 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\CyberLink

[2012/09/06 16:24:42 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\Dropbox

[2012/09/01 10:32:24 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\DVDVideoSoft

[2012/09/01 10:33:38 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\DVDVideoSoftIEHelpers

[2012/01/27 19:10:04 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\FlashGet

[2012/01/22 01:31:31 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\FlashGetBHO

[2012/06/30 12:45:47 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\FreeScreenToVideo

[2012/09/01 15:52:09 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\ICQ

[2012/01/12 19:27:58 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\Identities

[2012/01/13 07:38:45 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\InstallShield

[2012/01/12 19:30:41 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\Macromedia

[2012/09/01 18:24:10 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\Malwarebytes

[2011/07/28 20:56:59 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\Media Center Programs

[2012/09/01 10:34:21 | 000,000,000 | --SD | M] -- C:\Users\Isabelle\AppData\Roaming\Microsoft

[2012/01/12 19:41:16 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\Mozilla

[2012/03/23 07:17:04 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\MySQL

[2012/07/07 14:58:12 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\phonostar GmbH

[2012/08/19 20:06:00 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\Samsung

[2012/02/23 19:31:26 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\Similarity

[2012/09/04 09:41:34 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\Skype

[2012/01/13 19:59:10 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\SoftGrid Client

[2012/01/15 22:05:55 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\T-Online

[2012/06/03 14:46:12 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\Temp

[2012/04/15 09:59:54 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\TomTom

[2012/01/12 19:36:14 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\TP

[2012/03/18 21:00:46 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\vlc

[2012/06/30 12:50:22 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\Western Digital

[2012/01/12 21:54:44 | 000,000,000 | ---D | M] -- C:\Users\Isabelle\AppData\Roaming\XMedia Recode

 
 < %APPDATA%\*.exe /s >

[2005/04/06 18:00:56 | 000,057,344 | ---- | M] (ASCON) -- C:\Users\Isabelle\AppData\Roaming\ASCON Installer\ASUNINST.EXE

[2012/07/25 04:08:10 | 026,909,544 | ---- | M] (Dropbox, Inc.) -- C:\Users\Isabelle\AppData\Roaming\Dropbox\bin\Dropbox.exe

[2012/07/25 04:08:14 | 000,874,424 | ---- | M] (Dropbox, Inc.) -- C:\Users\Isabelle\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe

[2012/07/25 04:08:20 | 000,181,784 | ---- | M] (Dropbox, Inc.) -- C:\Users\Isabelle\AppData\Roaming\Dropbox\bin\Uninstall.exe

 
 < %SYSTEMDRIVE%\*.exe >

 
 < MD5 for: AGP440.SYS  >

[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\drivers\AGP440.sys

[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys

[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\drivers\atapi.sys

[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys

[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll

[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\windows\SysNative\cngaudit.dll

[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

 
 < MD5 for: IASTOR.SYS  >

[2011/02/18 01:11:54 | 000,439,320 | ---- | M] (Intel Corporation) MD5=53CC5BF8B5A219119953C7ABB19A7705 -- C:\windows\SysNative\drivers\iaStor.sys

[2011/02/18 01:11:54 | 000,439,320 | ---- | M] (Intel Corporation) MD5=53CC5BF8B5A219119953C7ABB19A7705 -- C:\windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_52b32c0ad3e84c62\iaStor.sys

 
 < MD5 for: IASTORV.SYS  >

[2010/11/21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys

[2010/11/21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys

[2011/03/11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys

[2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\drivers\iaStorV.sys

[2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys

[2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2010/11/21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\windows\SysNative\netlogon.dll

[2010/11/21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll

[2010/11/21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll

[2010/11/21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2011/03/11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys

[2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\drivers\nvstor.sys

[2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys

[2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys

[2010/11/21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys

[2010/11/21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2010/11/21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll

[2010/11/21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll

[2010/11/21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\windows\SysNative\scecli.dll

[2010/11/21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2010/11/21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll

[2010/11/21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll

[2010/11/21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\windows\SysNative\user32.dll

[2010/11/21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2010/11/21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe

[2010/11/21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2010/11/21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe

[2010/11/21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\windows\SysNative\wininit.exe

[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe

[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe

[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2010/11/21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe

[2010/11/21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\windows\SysNative\drivers\ws2ifsl.sys

[2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[2009/07/14 03:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\windows\system32\FirewallAPI.dll
 

< End of report >

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}: "URL" = http://www.searchqu.com/web?src=ieb&appid=0&systemid=417&sr=0&q={searchTerms}

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://samsung.msn.com

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}: "URL" = http://www.searchqu.com/web?src=ieb&appid=0&systemid=417&sr=0&q={searchTerms}

IE - HKU\S-1-5-21-2027592733-4161651481-1790285415-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = 

IE - HKU\S-1-5-21-2027592733-4161651481-1790285415-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 

IE - HKU\S-1-5-21-2027592733-4161651481-1790285415-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-2027592733-4161651481-1790285415-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}: "URL" = http://www.searchqu.com/web?src=ieb&appid=0&systemid=417&sr=0&q={searchTerms}

IE - HKU\S-1-5-21-2027592733-4161651481-1790285415-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - prefs.js..network.proxy.backup.ftp: "218.247.129.7"

FF - prefs.js..network.proxy.backup.ftp_port: 80

FF - prefs.js..network.proxy.backup.socks: "218.247.129.7"

FF - prefs.js..network.proxy.backup.socks_port: 80

FF - prefs.js..network.proxy.backup.ssl: "218.247.129.7"

FF - prefs.js..network.proxy.backup.ssl_port: 80

FF - prefs.js..network.proxy.ftp: "124.160.133.204"

FF - prefs.js..network.proxy.ftp_port: 80

FF - prefs.js..network.proxy.http: "124.160.133.204"

FF - prefs.js..network.proxy.http_port: 80

FF - prefs.js..network.proxy.share_proxy_settings: true

FF - prefs.js..network.proxy.socks: "124.160.133.204"

FF - prefs.js..network.proxy.socks_port: 80

FF - prefs.js..network.proxy.ssl: "124.160.133.204"

FF - prefs.js..network.proxy.ssl_port: 80

FF - user.js - File not found

O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-2027592733-4161651481-1790285415-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk =  File not found

O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk =  File not found

O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk =  File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2002/04/05 11:08:13 | 000,000,043 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]

O33 - MountPoints2\{6e0aebcd-b8d1-11e0-9be6-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{6e0aebcd-b8d1-11e0-9be6-806e6f6e6963}\Shell\AutoRun\command - "" = E:\menue.exe -- [2006/02/03 15:03:32 | 000,872,132 | R--- | M] (3rd Eye Solutions                                                                                                                                                                                                        )

O33 - MountPoints2\{a4ce0959-3d3b-11e1-a36f-e81132c3ad0b}\Shell - "" = AutoRun

O33 - MountPoints2\{a4ce0959-3d3b-11e1-a36f-e81132c3ad0b}\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true

:Files

ipconfig /flushdns /c

:Commands

[purity]

[emptytemp]

[emptyflash]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Code:

All processes killed

========== OTL ==========

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}\ not found.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}\ not found.

HKU\S-1-5-21-2027592733-4161651481-1790285415-1000\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!

HKU\S-1-5-21-2027592733-4161651481-1790285415-1000\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!

HKEY_USERS\S-1-5-21-2027592733-4161651481-1790285415-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_USERS\S-1-5-21-2027592733-4161651481-1790285415-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}\ not found.

HKU\S-1-5-21-2027592733-4161651481-1790285415-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!

Prefs.js: "218.247.129.7" removed from network.proxy.backup.ftp

Prefs.js: 80 removed from network.proxy.backup.ftp_port

Prefs.js: "218.247.129.7" removed from network.proxy.backup.socks

Prefs.js: 80 removed from network.proxy.backup.socks_port

Prefs.js: "218.247.129.7" removed from network.proxy.backup.ssl

Prefs.js: 80 removed from network.proxy.backup.ssl_port

Prefs.js: "124.160.133.204" removed from network.proxy.ftp

Prefs.js: 80 removed from network.proxy.ftp_port

Prefs.js: "124.160.133.204" removed from network.proxy.http

Prefs.js: 80 removed from network.proxy.http_port

Prefs.js: true removed from network.proxy.share_proxy_settings

Prefs.js: "124.160.133.204" removed from network.proxy.socks

Prefs.js: 80 removed from network.proxy.socks_port

Prefs.js: "124.160.133.204" removed from network.proxy.ssl

Prefs.js: 80 removed from network.proxy.ssl_port

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_USERS\S-1-5-21-2027592733-4161651481-1790285415-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.

Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk moved successfully.

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk moved successfully.

File move failed. C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk scheduled to be moved on reboot.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

File move failed. E:\Autorun.inf scheduled to be moved on reboot.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e0aebcd-b8d1-11e0-9be6-806e6f6e6963}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6e0aebcd-b8d1-11e0-9be6-806e6f6e6963}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e0aebcd-b8d1-11e0-9be6-806e6f6e6963}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6e0aebcd-b8d1-11e0-9be6-806e6f6e6963}\ not found.

File move failed. E:\menue.exe scheduled to be moved on reboot.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4ce0959-3d3b-11e1-a36f-e81132c3ad0b}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a4ce0959-3d3b-11e1-a36f-e81132c3ad0b}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4ce0959-3d3b-11e1-a36f-e81132c3ad0b}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a4ce0959-3d3b-11e1-a36f-e81132c3ad0b}\ not found.

File "H:\WD SmartWare.exe" autoplay=true not found.

========== FILES ==========
 < ipconfig /flushdns /c >

Windows-IP-Konfiguration

Der DNS-Aufl”sungscache wurde geleert.

C:\Users\Isabelle\Desktop\cmd.bat deleted successfully.

C:\Users\Isabelle\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Isabelle

->Temp folder emptied: 1265457 bytes

->Temporary Internet Files folder emptied: 80831808 bytes

->Java cache emptied: 592638 bytes

->FireFox cache emptied: 996357113 bytes

->Flash cache emptied: 2261 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 600918 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36075953 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 1,064.00 mb

 

 

[EMPTYFLASH]

 

User: Administrator

->Flash cache emptied: 0 bytes

 

User: All Users

 

User: Default

 

User: Default User

 

User: Isabelle

->Flash cache emptied: 0 bytes

 

User: Public

 

Total Flash Files Cleaned = 0.00 mb

 

C:\windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.61.0 log created on 09072012_113933
 

Files\Folders moved on Reboot...

File\Folder C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk not found!

File move failed. E:\Autorun.inf scheduled to be moved on reboot.

File move failed. E:\menue.exe scheduled to be moved on reboot.

C:\Users\Isabelle\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

File move failed. C:\windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
 

PendingFileRenameOperations files...
 

Registry entries deleted on Reboot...

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtg4nzy0ywy5/settings_2012-09-04.png

Code:

21:47:44.0522 3248  TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48

21:47:44.0632 3248  ============================================================

21:47:44.0632 3248  Current date / time: 2012/09/09 21:47:44.0632

21:47:44.0632 3248  SystemInfo:

21:47:44.0632 3248  

21:47:44.0632 3248  OS Version: 6.1.7601 ServicePack: 1.0

21:47:44.0632 3248  Product type: Workstation

21:47:44.0632 3248  ComputerName: ISABELLE

21:47:44.0632 3248  UserName: Isabelle

21:47:44.0632 3248  Windows directory: C:\windows

21:47:44.0632 3248  System windows directory: C:\windows

21:47:44.0632 3248  Running under WOW64

21:47:44.0632 3248  Processor architecture: Intel x64

21:47:44.0632 3248  Number of processors: 4

21:47:44.0632 3248  Page size: 0x1000

21:47:44.0632 3248  Boot type: Normal boot

21:47:44.0632 3248  ============================================================

21:47:45.0132 3248  Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x162DD1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000040

21:47:45.0142 3248  ============================================================

21:47:45.0142 3248  \Device\Harddisk0\DR0:

21:47:45.0142 3248  MBR partitions:

21:47:45.0142 3248  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

21:47:45.0142 3248  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1DA00000

21:47:45.0162 3248  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1DA33000, BlocksNum 0x36B7B000

21:47:45.0162 3248  ============================================================

21:47:45.0202 3248  C: <-> \Device\Harddisk0\DR0\Partition2

21:47:45.0242 3248  D: <-> \Device\Harddisk0\DR0\Partition3

21:47:45.0242 3248  ============================================================

21:47:45.0242 3248  Initialize success

21:47:45.0242 3248  ============================================================

21:48:28.0236 2800  ============================================================

21:48:28.0236 2800  Scan started

21:48:28.0236 2800  Mode: Manual; SigCheck; TDLFS; 

21:48:28.0236 2800  ============================================================

21:48:28.0610 2800  ================ Scan system memory ========================

21:48:28.0610 2800  System memory - ok

21:48:28.0610 2800  ================ Scan services =============================

21:48:28.0891 2800  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys

21:48:28.0953 2800  1394ohci - ok

21:48:28.0985 2800  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\windows\system32\drivers\ACPI.sys

21:48:29.0000 2800  ACPI - ok

21:48:29.0016 2800  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys

21:48:29.0063 2800  AcpiPmi - ok

21:48:29.0187 2800  [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

21:48:29.0203 2800  AdobeFlashPlayerUpdateSvc - ok

21:48:29.0250 2800  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\windows\system32\drivers\adp94xx.sys

21:48:29.0265 2800  adp94xx - ok

21:48:29.0312 2800  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\windows\system32\drivers\adpahci.sys

21:48:29.0328 2800  adpahci - ok

21:48:29.0343 2800  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\windows\system32\drivers\adpu320.sys

21:48:29.0359 2800  adpu320 - ok

21:48:29.0375 2800  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll

21:48:29.0421 2800  AeLookupSvc - ok

21:48:29.0546 2800  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\windows\system32\drivers\afd.sys

21:48:29.0609 2800  AFD - ok

21:48:29.0655 2800  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\windows\system32\drivers\agp440.sys

21:48:29.0671 2800  agp440 - ok

21:48:29.0733 2800  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\windows\System32\alg.exe

21:48:29.0765 2800  ALG - ok

21:48:29.0780 2800  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\windows\system32\drivers\aliide.sys

21:48:29.0796 2800  aliide - ok

21:48:29.0811 2800  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\windows\system32\drivers\amdide.sys

21:48:29.0827 2800  amdide - ok

21:48:29.0858 2800  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\windows\system32\drivers\amdk8.sys

21:48:29.0889 2800  AmdK8 - ok

21:48:29.0905 2800  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\windows\system32\drivers\amdppm.sys

21:48:29.0952 2800  AmdPPM - ok

21:48:29.0999 2800  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\windows\system32\drivers\amdsata.sys

21:48:29.0999 2800  amdsata - ok

21:48:30.0030 2800  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\windows\system32\drivers\amdsbs.sys

21:48:30.0045 2800  amdsbs - ok

21:48:30.0061 2800  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\windows\system32\drivers\amdxata.sys

21:48:30.0077 2800  amdxata - ok

21:48:30.0092 2800  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\windows\system32\drivers\appid.sys

21:48:30.0139 2800  AppID - ok

21:48:30.0170 2800  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\windows\System32\appidsvc.dll

21:48:30.0201 2800  AppIDSvc - ok

21:48:30.0233 2800  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\windows\System32\appinfo.dll

21:48:30.0279 2800  Appinfo - ok

21:48:30.0326 2800  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\windows\system32\drivers\arc.sys

21:48:30.0326 2800  arc - ok

21:48:30.0342 2800  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\windows\system32\drivers\arcsas.sys

21:48:30.0342 2800  arcsas - ok

21:48:30.0373 2800  [ 55142B4F7A7E4C9C151C6000A6BF7809 ] aswFsBlk        C:\windows\system32\drivers\aswFsBlk.sys

21:48:30.0389 2800  aswFsBlk - ok

21:48:30.0420 2800  [ AA9FDE3D630160B47DAB21BF8250111C ] aswMonFlt       C:\windows\system32\drivers\aswMonFlt.sys

21:48:30.0435 2800  aswMonFlt - ok

21:48:30.0482 2800  [ 2A6675C24DF5159A9506CD13ECE5ABE9 ] aswRdr          C:\windows\System32\Drivers\aswrdr2.sys

21:48:30.0498 2800  aswRdr - ok

21:48:30.0529 2800  [ 4E38475BDB51A867CCBA7D5DF7FDFC0C ] aswSnx          C:\windows\system32\drivers\aswSnx.sys

21:48:30.0560 2800  aswSnx - ok

21:48:30.0607 2800  [ 9A49D80D65451AF22913AEF772CC3DA9 ] aswSP           C:\windows\system32\drivers\aswSP.sys

21:48:30.0623 2800  aswSP - ok

21:48:30.0638 2800  [ C3EC420451AC5300A22190AE38418FBA ] aswTdi          C:\windows\system32\drivers\aswTdi.sys

21:48:30.0638 2800  aswTdi - ok

21:48:30.0669 2800  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys

21:48:30.0732 2800  AsyncMac - ok

21:48:30.0779 2800  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\windows\system32\drivers\atapi.sys

21:48:30.0794 2800  atapi - ok

21:48:30.0903 2800  [ 3D68A1EEF77307142636AF5127990BCB ] athr            C:\windows\system32\DRIVERS\athrx.sys

21:48:30.0997 2800  athr - ok

21:48:31.0044 2800  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll

21:48:31.0106 2800  AudioEndpointBuilder - ok

21:48:31.0122 2800  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\windows\System32\Audiosrv.dll

21:48:31.0153 2800  AudioSrv - ok

21:48:31.0231 2800  [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe

21:48:31.0231 2800  avast! Antivirus - ok

21:48:31.0278 2800  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\windows\System32\AxInstSV.dll

21:48:31.0309 2800  AxInstSV - ok

21:48:31.0356 2800  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\windows\system32\drivers\bxvbda.sys

21:48:31.0387 2800  b06bdrv - ok

21:48:31.0434 2800  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\windows\system32\DRIVERS\b57nd60a.sys

21:48:31.0465 2800  b57nd60a - ok

21:48:31.0512 2800  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\windows\System32\bdesvc.dll

21:48:31.0527 2800  BDESVC - ok

21:48:31.0559 2800  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\windows\system32\drivers\Beep.sys

21:48:31.0605 2800  Beep - ok

21:48:31.0668 2800  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\windows\System32\bfe.dll

21:48:31.0730 2800  BFE - ok

21:48:31.0761 2800  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\windows\System32\qmgr.dll

21:48:31.0824 2800  BITS - ok

21:48:31.0839 2800  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys

21:48:31.0871 2800  blbdrive - ok

21:48:31.0902 2800  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\windows\system32\DRIVERS\bowser.sys

21:48:31.0933 2800  bowser - ok

21:48:31.0964 2800  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\windows\system32\drivers\BrFiltLo.sys

21:48:31.0980 2800  BrFiltLo - ok

21:48:32.0011 2800  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\windows\system32\drivers\BrFiltUp.sys

21:48:32.0011 2800  BrFiltUp - ok

21:48:32.0058 2800  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\windows\System32\browser.dll

21:48:32.0089 2800  Browser - ok

21:48:32.0120 2800  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\windows\System32\Drivers\Brserid.sys

21:48:32.0151 2800  Brserid - ok

21:48:32.0167 2800  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys

21:48:32.0198 2800  BrSerWdm - ok

21:48:32.0198 2800  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys

21:48:32.0229 2800  BrUsbMdm - ok

21:48:32.0245 2800  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys

21:48:32.0276 2800  BrUsbSer - ok

21:48:32.0323 2800  [ 9D95F74875491CECBF9E10A5936A570E ] BtFilter        C:\windows\system32\DRIVERS\btfilter.sys

21:48:32.0323 2800  BtFilter - ok

21:48:32.0354 2800  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\windows\system32\drivers\BthEnum.sys

21:48:32.0385 2800  BthEnum - ok

21:48:32.0401 2800  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\windows\system32\drivers\bthmodem.sys

21:48:32.0432 2800  BTHMODEM - ok

21:48:32.0463 2800  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\windows\system32\DRIVERS\bthpan.sys

21:48:32.0495 2800  BthPan - ok

21:48:32.0526 2800  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\windows\System32\Drivers\BTHport.sys

21:48:32.0557 2800  BTHPORT - ok

21:48:32.0588 2800  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\windows\system32\bthserv.dll

21:48:32.0619 2800  bthserv - ok

21:48:32.0635 2800  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\windows\System32\Drivers\BTHUSB.sys

21:48:32.0651 2800  BTHUSB - ok

21:48:32.0682 2800  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys

21:48:32.0713 2800  cdfs - ok

21:48:32.0760 2800  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\windows\system32\DRIVERS\cdrom.sys

21:48:32.0775 2800  cdrom - ok

21:48:32.0791 2800  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\windows\System32\certprop.dll

21:48:32.0838 2800  CertPropSvc - ok

21:48:32.0885 2800  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\windows\system32\drivers\circlass.sys

21:48:32.0900 2800  circlass - ok

21:48:32.0931 2800  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\windows\system32\CLFS.sys

21:48:32.0947 2800  CLFS - ok

21:48:33.0056 2800  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

21:48:33.0072 2800  clr_optimization_v2.0.50727_32 - ok

21:48:33.0119 2800  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

21:48:33.0134 2800  clr_optimization_v2.0.50727_64 - ok

21:48:33.0197 2800  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

21:48:33.0212 2800  clr_optimization_v4.0.30319_32 - ok

21:48:33.0259 2800  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

21:48:33.0275 2800  clr_optimization_v4.0.30319_64 - ok

21:48:33.0321 2800  [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd           C:\windows\system32\DRIVERS\clwvd.sys

21:48:33.0321 2800  clwvd - ok

21:48:33.0353 2800  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys

21:48:33.0368 2800  CmBatt - ok

21:48:33.0399 2800  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\windows\system32\drivers\cmdide.sys

21:48:33.0415 2800  cmdide - ok

21:48:33.0431 2800  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\windows\system32\Drivers\cng.sys

21:48:33.0462 2800  CNG - ok

21:48:33.0493 2800  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\windows\system32\DRIVERS\compbatt.sys

21:48:33.0509 2800  Compbatt - ok

21:48:33.0524 2800  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\windows\system32\DRIVERS\CompositeBus.sys

21:48:33.0555 2800  CompositeBus - ok

21:48:33.0587 2800  COMSysApp - ok

21:48:33.0618 2800  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\windows\system32\drivers\crcdisk.sys

21:48:33.0618 2800  crcdisk - ok

21:48:33.0665 2800  [ 4F5414602E2544A4554D95517948B705 ] CryptSvc        C:\windows\system32\cryptsvc.dll

21:48:33.0696 2800  CryptSvc - ok

21:48:33.0743 2800  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\windows\system32\rpcss.dll

21:48:33.0805 2800  DcomLaunch - ok

21:48:33.0836 2800  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\windows\System32\defragsvc.dll

21:48:33.0883 2800  defragsvc - ok

21:48:33.0930 2800  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\windows\system32\Drivers\dfsc.sys

21:48:33.0961 2800  DfsC - ok

21:48:34.0008 2800  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\windows\system32\dhcpcore.dll

21:48:34.0055 2800  Dhcp - ok

21:48:34.0070 2800  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\windows\system32\drivers\discache.sys

21:48:34.0117 2800  discache - ok

21:48:34.0164 2800  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\windows\system32\drivers\disk.sys

21:48:34.0164 2800  Disk - ok

21:48:34.0211 2800  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\windows\System32\dnsrslvr.dll

21:48:34.0242 2800  Dnscache - ok

21:48:34.0257 2800  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\windows\System32\dot3svc.dll

21:48:34.0304 2800  dot3svc - ok

21:48:34.0320 2800  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\windows\system32\dps.dll

21:48:34.0367 2800  DPS - ok

21:48:34.0398 2800  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys

21:48:34.0429 2800  drmkaud - ok

21:48:34.0476 2800  [ D52EEB224DF107AAD9059597F0EB95CC ] DslMNLwf        C:\windows\system32\DRIVERS\dslmnlwf.sys

21:48:34.0476 2800  DslMNLwf - ok

21:48:34.0507 2800  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys

21:48:34.0538 2800  DXGKrnl - ok

21:48:34.0569 2800  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\windows\System32\eapsvc.dll

21:48:34.0616 2800  EapHost - ok

21:48:34.0679 2800  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\windows\system32\drivers\evbda.sys

21:48:34.0772 2800  ebdrv - ok

21:48:34.0819 2800  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\windows\System32\lsass.exe

21:48:34.0835 2800  EFS - ok

21:48:34.0897 2800  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\windows\ehome\ehRecvr.exe

21:48:34.0928 2800  ehRecvr - ok

21:48:34.0975 2800  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\windows\ehome\ehsched.exe

21:48:35.0006 2800  ehSched - ok

21:48:35.0053 2800  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\windows\system32\drivers\elxstor.sys

21:48:35.0069 2800  elxstor - ok

21:48:35.0084 2800  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\windows\system32\drivers\errdev.sys

21:48:35.0115 2800  ErrDev - ok

21:48:35.0162 2800  [ 9D8739A2A2173C9D27C499A3FC6EDA3F ] ETD             C:\windows\system32\DRIVERS\ETD.sys

21:48:35.0178 2800  ETD - ok

21:48:35.0225 2800  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\windows\system32\es.dll

21:48:35.0256 2800  EventSystem - ok

21:48:35.0287 2800  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\windows\system32\drivers\exfat.sys

21:48:35.0334 2800  exfat - ok

21:48:35.0349 2800  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\windows\system32\drivers\fastfat.sys

21:48:35.0396 2800  fastfat - ok

21:48:35.0427 2800  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\windows\system32\fxssvc.exe

21:48:35.0459 2800  Fax - ok

21:48:35.0490 2800  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\windows\system32\drivers\fdc.sys

21:48:35.0521 2800  fdc - ok

21:48:35.0552 2800  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\windows\system32\fdPHost.dll

21:48:35.0583 2800  fdPHost - ok

21:48:35.0599 2800  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\windows\system32\fdrespub.dll

21:48:35.0630 2800  FDResPub - ok

21:48:35.0646 2800  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\windows\system32\drivers\fileinfo.sys

21:48:35.0661 2800  FileInfo - ok

21:48:35.0677 2800  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\windows\system32\drivers\filetrace.sys

21:48:35.0724 2800  Filetrace - ok

21:48:35.0739 2800  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\windows\system32\drivers\flpydisk.sys

21:48:35.0755 2800  flpydisk - ok

21:48:35.0786 2800  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys

21:48:35.0802 2800  FltMgr - ok

21:48:35.0833 2800  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\windows\system32\FntCache.dll

21:48:35.0880 2800  FontCache - ok

21:48:35.0927 2800  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

21:48:35.0927 2800  FontCache3.0.0.0 - ok

21:48:35.0942 2800  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\windows\system32\drivers\FsDepends.sys

21:48:35.0958 2800  FsDepends - ok

21:48:35.0989 2800  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys

21:48:36.0005 2800  Fs_Rec - ok

21:48:36.0036 2800  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys

21:48:36.0051 2800  fvevol - ok

21:48:36.0083 2800  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\windows\system32\drivers\gagp30kx.sys

21:48:36.0098 2800  gagp30kx - ok

21:48:36.0129 2800  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\windows\System32\gpsvc.dll

21:48:36.0176 2800  gpsvc - ok

21:48:36.0223 2800  [ C1B577B2169900F4CF7190C39F085794 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

21:48:36.0223 2800  gusvc - ok

21:48:36.0254 2800  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys

21:48:36.0285 2800  hcw85cir - ok

21:48:36.0317 2800  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys

21:48:36.0348 2800  HdAudAddService - ok

21:48:36.0379 2800  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\windows\system32\DRIVERS\HDAudBus.sys

21:48:36.0395 2800  HDAudBus - ok

21:48:36.0426 2800  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\windows\system32\drivers\HidBatt.sys

21:48:36.0441 2800  HidBatt - ok

21:48:36.0457 2800  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\windows\system32\drivers\hidbth.sys

21:48:36.0473 2800  HidBth - ok

21:48:36.0504 2800  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\windows\system32\drivers\hidir.sys

21:48:36.0519 2800  HidIr - ok

21:48:36.0535 2800  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\windows\system32\hidserv.dll

21:48:36.0566 2800  hidserv - ok

21:48:36.0613 2800  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\windows\system32\DRIVERS\hidusb.sys

21:48:36.0629 2800  HidUsb - ok

21:48:36.0660 2800  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\windows\system32\kmsvc.dll

21:48:36.0707 2800  hkmsvc - ok

21:48:36.0753 2800  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll

21:48:36.0785 2800  HomeGroupListener - ok

21:48:36.0816 2800  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll

21:48:36.0831 2800  HomeGroupProvider - ok

21:48:36.0863 2800  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys

21:48:36.0878 2800  HpSAMD - ok

21:48:36.0909 2800  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\windows\system32\drivers\HTTP.sys

21:48:36.0956 2800  HTTP - ok

21:48:37.0003 2800  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys

21:48:37.0003 2800  hwpolicy - ok

21:48:37.0050 2800  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\windows\system32\DRIVERS\i8042prt.sys

21:48:37.0050 2800  i8042prt - ok

21:48:37.0081 2800  [ 53CC5BF8B5A219119953C7ABB19A7705 ] iaStor          C:\windows\system32\DRIVERS\iaStor.sys

21:48:37.0097 2800  iaStor - ok

21:48:37.0128 2800  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\windows\system32\drivers\iaStorV.sys

21:48:37.0143 2800  iaStorV - ok

21:48:37.0175 2800  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

21:48:37.0206 2800  idsvc - ok

21:48:37.0315 2800  [ A87261EF1546325B559374F5689CF5BC ] igfx            C:\windows\system32\DRIVERS\igdkmd64.sys

21:48:37.0455 2800  igfx - ok

21:48:37.0487 2800  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\windows\system32\drivers\iirsp.sys

21:48:37.0502 2800  iirsp - ok

21:48:37.0627 2800  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\windows\System32\ikeext.dll

21:48:37.0705 2800  IKEEXT - ok

21:48:37.0783 2800  [ 65F70696BE5ABC11634FCF96AF7D7896 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys

21:48:37.0830 2800  IntcAzAudAddService - ok

21:48:37.0845 2800  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\windows\system32\drivers\intelide.sys

21:48:37.0845 2800  intelide - ok

21:48:37.0892 2800  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys

21:48:37.0908 2800  intelppm - ok

21:48:37.0955 2800  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\windows\system32\ipbusenum.dll

21:48:38.0001 2800  IPBusEnum - ok

21:48:38.0017 2800  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys

21:48:38.0064 2800  IpFilterDriver - ok

21:48:38.0095 2800  [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\windows\System32\iphlpsvc.dll

21:48:38.0142 2800  iphlpsvc - ok

21:48:38.0157 2800  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys

21:48:38.0173 2800  IPMIDRV - ok

21:48:38.0204 2800  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\windows\system32\drivers\ipnat.sys

21:48:38.0251 2800  IPNAT - ok

21:48:38.0282 2800  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\windows\system32\drivers\irenum.sys

21:48:38.0298 2800  IRENUM - ok

21:48:38.0329 2800  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\windows\system32\drivers\isapnp.sys

21:48:38.0345 2800  isapnp - ok

21:48:38.0376 2800  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys

21:48:38.0391 2800  iScsiPrt - ok

21:48:38.0407 2800  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\windows\system32\DRIVERS\kbdclass.sys

21:48:38.0423 2800  kbdclass - ok

21:48:38.0438 2800  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\windows\system32\DRIVERS\kbdhid.sys

21:48:38.0469 2800  kbdhid - ok

21:48:38.0501 2800  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\windows\system32\lsass.exe

21:48:38.0501 2800  KeyIso - ok

21:48:38.0532 2800  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys

21:48:38.0532 2800  KSecDD - ok

21:48:38.0547 2800  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys

21:48:38.0563 2800  KSecPkg - ok

21:48:38.0594 2800  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\windows\system32\drivers\ksthunk.sys

21:48:38.0641 2800  ksthunk - ok

21:48:38.0672 2800  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\windows\system32\msdtckrm.dll

21:48:38.0703 2800  KtmRm - ok

21:48:38.0750 2800  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\windows\system32\srvsvc.dll

21:48:38.0797 2800  LanmanServer - ok

21:48:38.0828 2800  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll

21:48:38.0859 2800  LanmanWorkstation - ok

21:48:38.0891 2800  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys

21:48:38.0937 2800  lltdio - ok

21:48:38.0969 2800  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\windows\System32\lltdsvc.dll

21:48:39.0000 2800  lltdsvc - ok

21:48:39.0015 2800  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\windows\System32\lmhsvc.dll

21:48:39.0062 2800  lmhosts - ok

21:48:39.0125 2800  [ 2ED1786B7542CDA261029F6B526EDF44 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

21:48:39.0140 2800  LMS - ok

21:48:39.0156 2800  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\windows\system32\drivers\lsi_fc.sys

21:48:39.0156 2800  LSI_FC - ok

21:48:39.0187 2800  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\windows\system32\drivers\lsi_sas.sys

21:48:39.0203 2800  LSI_SAS - ok

21:48:39.0218 2800  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\windows\system32\drivers\lsi_sas2.sys

21:48:39.0234 2800  LSI_SAS2 - ok

21:48:39.0234 2800  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\windows\system32\drivers\lsi_scsi.sys

21:48:39.0249 2800  LSI_SCSI - ok

21:48:39.0281 2800  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\windows\system32\drivers\luafv.sys

21:48:39.0327 2800  luafv - ok

21:48:39.0374 2800  [ 0C85B2B6FB74B36A251792D45E0EF860 ] LVRS64          C:\windows\system32\DRIVERS\lvrs64.sys

21:48:39.0374 2800  LVRS64 - ok

21:48:39.0437 2800  [ DC8490812A3B72811AE534F423B4C206 ] MBAMProtector   C:\windows\system32\drivers\mbam.sys

21:48:39.0452 2800  MBAMProtector - ok

21:48:39.0499 2800  [ 43683E970F008C93C9429EF428147A54 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

21:48:39.0515 2800  MBAMService - ok

21:48:39.0546 2800  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\windows\system32\Mcx2Svc.dll

21:48:39.0577 2800  Mcx2Svc - ok

21:48:39.0608 2800  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\windows\system32\drivers\megasas.sys

21:48:39.0608 2800  megasas - ok

21:48:39.0639 2800  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\windows\system32\drivers\MegaSR.sys

21:48:39.0639 2800  MegaSR - ok

21:48:39.0686 2800  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\windows\system32\DRIVERS\HECIx64.sys

21:48:39.0702 2800  MEIx64 - ok

21:48:39.0717 2800  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\windows\system32\mmcss.dll

21:48:39.0749 2800  MMCSS - ok

21:48:39.0764 2800  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\windows\system32\drivers\modem.sys

21:48:39.0811 2800  Modem - ok

21:48:39.0842 2800  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\windows\system32\DRIVERS\monitor.sys

21:48:39.0873 2800  monitor - ok

21:48:39.0889 2800  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys

21:48:39.0905 2800  mouclass - ok

21:48:39.0936 2800  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys

21:48:39.0967 2800  mouhid - ok

21:48:39.0983 2800  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\windows\system32\drivers\mountmgr.sys

21:48:39.0998 2800  mountmgr - ok

21:48:40.0045 2800  [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

21:48:40.0061 2800  MozillaMaintenance - ok

21:48:40.0076 2800  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\windows\system32\drivers\mpio.sys

21:48:40.0092 2800  mpio - ok

21:48:40.0107 2800  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys

21:48:40.0123 2800  mpsdrv - ok

21:48:40.0170 2800  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\windows\system32\mpssvc.dll

21:48:40.0217 2800  MpsSvc - ok

21:48:40.0232 2800  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys

21:48:40.0263 2800  MRxDAV - ok

21:48:40.0279 2800  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys

21:48:40.0310 2800  mrxsmb - ok

21:48:40.0341 2800  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys

21:48:40.0341 2800  mrxsmb10 - ok

21:48:40.0388 2800  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys

21:48:40.0388 2800  mrxsmb20 - ok

21:48:40.0419 2800  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\windows\system32\drivers\msahci.sys

21:48:40.0419 2800  msahci - ok

21:48:40.0435 2800  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\windows\system32\drivers\msdsm.sys

21:48:40.0451 2800  msdsm - ok

21:48:40.0466 2800  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\windows\System32\msdtc.exe

21:48:40.0497 2800  MSDTC - ok

21:48:40.0529 2800  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\windows\system32\drivers\Msfs.sys

21:48:40.0575 2800  Msfs - ok

21:48:40.0607 2800  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys

21:48:40.0638 2800  mshidkmdf - ok

21:48:40.0653 2800  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\windows\system32\drivers\msisadrv.sys

21:48:40.0653 2800  msisadrv - ok

21:48:40.0685 2800  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\windows\system32\iscsiexe.dll

21:48:40.0731 2800  MSiSCSI - ok

21:48:40.0731 2800  msiserver - ok

21:48:40.0763 2800  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys

21:48:40.0794 2800  MSKSSRV - ok

21:48:40.0809 2800  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys

21:48:40.0841 2800  MSPCLOCK - ok

21:48:40.0872 2800  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\windows\system32\drivers\MSPQM.sys

21:48:40.0919 2800  MSPQM - ok

21:48:40.0934 2800  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\windows\system32\drivers\MsRPC.sys

21:48:40.0950 2800  MsRPC - ok

21:48:40.0965 2800  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\windows\system32\DRIVERS\mssmbios.sys

21:48:40.0965 2800  mssmbios - ok

21:48:40.0997 2800  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\windows\system32\drivers\MSTEE.sys

21:48:41.0028 2800  MSTEE - ok

21:48:41.0059 2800  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\windows\system32\drivers\MTConfig.sys

21:48:41.0075 2800  MTConfig - ok

21:48:41.0090 2800  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\windows\system32\Drivers\mup.sys

21:48:41.0106 2800  Mup - ok

21:48:41.0137 2800  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\windows\system32\qagentRT.dll

21:48:41.0184 2800  napagent - ok

21:48:41.0231 2800  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys

21:48:41.0262 2800  NativeWifiP - ok

21:48:41.0309 2800  [ C38B8AE57F78915905064A9A24DC1586 ] NDIS            C:\windows\system32\drivers\ndis.sys

21:48:41.0324 2800  NDIS - ok

21:48:41.0355 2800  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys

21:48:41.0402 2800  NdisCap - ok

21:48:41.0433 2800  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys

21:48:41.0465 2800  NdisTapi - ok

21:48:41.0480 2800  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys

21:48:41.0527 2800  Ndisuio - ok

21:48:41.0543 2800  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys

21:48:41.0589 2800  NdisWan - ok

21:48:41.0621 2800  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys

21:48:41.0652 2800  NDProxy - ok

21:48:41.0683 2800  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys

21:48:41.0714 2800  NetBIOS - ok

21:48:41.0761 2800  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys

21:48:41.0792 2800  NetBT - ok

21:48:41.0823 2800  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\windows\system32\lsass.exe

21:48:41.0839 2800  Netlogon - ok

21:48:41.0870 2800  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\windows\System32\netman.dll

21:48:41.0917 2800  Netman - ok

21:48:41.0917 2800  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\windows\System32\netprofm.dll

21:48:41.0964 2800  netprofm - ok

21:48:41.0995 2800  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

21:48:41.0995 2800  NetTcpPortSharing - ok

21:48:42.0026 2800  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\windows\system32\drivers\nfrd960.sys

21:48:42.0042 2800  nfrd960 - ok

21:48:42.0057 2800  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\windows\System32\nlasvc.dll

21:48:42.0120 2800  NlaSvc - ok

21:48:42.0135 2800  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\windows\system32\drivers\Npfs.sys

21:48:42.0167 2800  Npfs - ok

21:48:42.0182 2800  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\windows\system32\nsisvc.dll

21:48:42.0229 2800  nsi - ok

21:48:42.0245 2800  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys

21:48:42.0291 2800  nsiproxy - ok

21:48:42.0323 2800  [ A2F74975097F52A00745F9637451FDD8 ] Ntfs            C:\windows\system32\drivers\Ntfs.sys

21:48:42.0369 2800  Ntfs - ok

21:48:42.0385 2800  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\windows\system32\drivers\Null.sys

21:48:42.0416 2800  Null - ok

21:48:42.0463 2800  [ F2662FDC20518EE8A8EED4F61BA42349 ] NVHDA           C:\windows\system32\drivers\nvhda64v.sys

21:48:42.0463 2800  NVHDA - ok

21:48:42.0713 2800  [ E4C35EFDE340F3A18123AE85104B2B82 ] nvlddmkm        C:\windows\system32\DRIVERS\nvlddmkm.sys

21:48:42.0869 2800  nvlddmkm - ok

21:48:42.0900 2800  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\windows\system32\drivers\nvraid.sys

21:48:42.0900 2800  nvraid - ok

21:48:42.0931 2800  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\windows\system32\drivers\nvstor.sys

21:48:42.0947 2800  nvstor - ok

21:48:42.0993 2800  [ 7E4D066D8BE847723807EF161B78BF07 ] NVSvc           C:\windows\system32\nvvsvc.exe

21:48:43.0009 2800  NVSvc - ok

21:48:43.0056 2800  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\windows\system32\drivers\nv_agp.sys

21:48:43.0056 2800  nv_agp - ok

21:48:43.0118 2800  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

21:48:43.0134 2800  odserv - ok

21:48:43.0149 2800  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\windows\system32\drivers\ohci1394.sys

21:48:43.0165 2800  ohci1394 - ok

21:48:43.0196 2800  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

21:48:43.0212 2800  ose - ok

21:48:43.0243 2800  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\windows\system32\pnrpsvc.dll

21:48:43.0259 2800  p2pimsvc - ok

21:48:43.0290 2800  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\windows\system32\p2psvc.dll

21:48:43.0337 2800  p2psvc - ok

21:48:43.0368 2800  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\windows\system32\drivers\parport.sys

21:48:43.0399 2800  Parport - ok

21:48:43.0430 2800  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\windows\system32\drivers\partmgr.sys

21:48:43.0446 2800  partmgr - ok

21:48:43.0461 2800  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\windows\System32\pcasvc.dll

21:48:43.0493 2800  PcaSvc - ok

21:48:43.0524 2800  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\windows\system32\drivers\pci.sys

21:48:43.0539 2800  pci - ok

21:48:43.0555 2800  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\windows\system32\drivers\pciide.sys

21:48:43.0555 2800  pciide - ok

21:48:43.0571 2800  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\windows\system32\drivers\pcmcia.sys

21:48:43.0586 2800  pcmcia - ok

21:48:43.0602 2800  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\windows\system32\drivers\pcw.sys

21:48:43.0602 2800  pcw - ok

21:48:43.0633 2800  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\windows\system32\drivers\peauth.sys

21:48:43.0680 2800  PEAUTH - ok

21:48:43.0758 2800  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\windows\SysWow64\perfhost.exe

21:48:43.0789 2800  PerfHost - ok

21:48:43.0836 2800  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\windows\system32\pla.dll

21:48:43.0898 2800  pla - ok

21:48:43.0945 2800  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\windows\system32\umpnpmgr.dll

21:48:43.0976 2800  PlugPlay - ok

21:48:43.0992 2800  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll

21:48:44.0023 2800  PNRPAutoReg - ok

21:48:44.0054 2800  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\windows\system32\pnrpsvc.dll

21:48:44.0070 2800  PNRPsvc - ok

21:48:44.0085 2800  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\windows\System32\ipsecsvc.dll

21:48:44.0132 2800  PolicyAgent - ok

21:48:44.0163 2800  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\windows\system32\umpo.dll

21:48:44.0195 2800  Power - ok

21:48:44.0226 2800  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys

21:48:44.0257 2800  PptpMiniport - ok

21:48:44.0273 2800  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\windows\system32\drivers\processr.sys

21:48:44.0288 2800  Processor - ok

21:48:44.0319 2800  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\windows\system32\profsvc.dll

21:48:44.0351 2800  ProfSvc - ok

21:48:44.0366 2800  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe

21:48:44.0382 2800  ProtectedStorage - ok

21:48:44.0413 2800  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\windows\system32\DRIVERS\pacer.sys

21:48:44.0460 2800  Psched - ok

21:48:44.0475 2800  [ CCE65976AAEB1DB4C3B98243B8AC448E ] PVUSB           C:\windows\system32\DRIVERS\CESG64.sys

21:48:44.0491 2800  PVUSB - ok

21:48:44.0538 2800  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\windows\system32\drivers\ql2300.sys

21:48:44.0569 2800  ql2300 - ok

21:48:44.0585 2800  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\windows\system32\drivers\ql40xx.sys

21:48:44.0585 2800  ql40xx - ok

21:48:44.0616 2800  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\windows\system32\qwave.dll

21:48:44.0631 2800  QWAVE - ok

21:48:44.0663 2800  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys

21:48:44.0678 2800  QWAVEdrv - ok

21:48:44.0694 2800  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys

21:48:44.0741 2800  RasAcd - ok

21:48:44.0787 2800  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys

21:48:44.0834 2800  RasAgileVpn - ok

21:48:44.0850 2800  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\windows\System32\rasauto.dll

21:48:44.0897 2800  RasAuto - ok

21:48:44.0928 2800  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys

21:48:44.0959 2800  Rasl2tp - ok

21:48:44.0990 2800  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\windows\System32\rasmans.dll

21:48:45.0037 2800  RasMan - ok

21:48:45.0053 2800  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys

21:48:45.0084 2800  RasPppoe - ok

21:48:45.0115 2800  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys

21:48:45.0146 2800  RasSstp - ok

21:48:45.0162 2800  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys

21:48:45.0209 2800  rdbss - ok

21:48:45.0224 2800  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\windows\system32\drivers\rdpbus.sys

21:48:45.0255 2800  rdpbus - ok

21:48:45.0271 2800  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys

21:48:45.0302 2800  RDPCDD - ok

21:48:45.0302 2800  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys

21:48:45.0349 2800  RDPENCDD - ok

21:48:45.0365 2800  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys

21:48:45.0411 2800  RDPREFMP - ok

21:48:45.0427 2800  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\windows\system32\drivers\RDPWD.sys

21:48:45.0458 2800  RDPWD - ok

21:48:45.0489 2800  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\windows\system32\drivers\rdyboost.sys

21:48:45.0489 2800  rdyboost - ok

21:48:45.0521 2800  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\windows\System32\mprdim.dll

21:48:45.0567 2800  RemoteAccess - ok

21:48:45.0614 2800  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\windows\system32\regsvc.dll

21:48:45.0661 2800  RemoteRegistry - ok

21:48:45.0708 2800  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\windows\system32\DRIVERS\rfcomm.sys

21:48:45.0723 2800  RFCOMM - ok

21:48:45.0739 2800  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll

21:48:45.0786 2800  RpcEptMapper - ok

21:48:45.0817 2800  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\windows\system32\locator.exe

21:48:45.0817 2800  RpcLocator - ok

21:48:45.0833 2800  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\windows\system32\rpcss.dll

21:48:45.0864 2800  RpcSs - ok

21:48:45.0895 2800  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys

21:48:45.0942 2800  rspndr - ok

21:48:45.0989 2800  [ EA5532868BA76923D75BCB2A1448D810 ] RTL8167         C:\windows\system32\DRIVERS\Rt64win7.sys

21:48:46.0004 2800  RTL8167 - ok

21:48:46.0082 2800  [ 4CA0DBA9E224473D664C25E411F5A3BD ] rtport          C:\windows\SysWOW64\drivers\rtport.sys

21:48:46.0082 2800  rtport - ok

21:48:46.0129 2800  [ 62DB6CC4B0818F1B5F3441241B098F12 ] SABI            C:\windows\system32\Drivers\SABI.sys

21:48:46.0145 2800  SABI - ok

21:48:46.0160 2800  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\windows\system32\lsass.exe

21:48:46.0176 2800  SamSs - ok

21:48:46.0223 2800  [ D641337B75B9A9D5AE10687AA1097755 ] Samsung UPD Service C:\windows\System32\SUPDSvc.exe

21:48:46.0223 2800  Samsung UPD Service - ok

21:48:46.0254 2800  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\windows\system32\drivers\sbp2port.sys

21:48:46.0269 2800  sbp2port - ok

21:48:46.0285 2800  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\windows\System32\SCardSvr.dll

21:48:46.0332 2800  SCardSvr - ok

21:48:46.0347 2800  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys

21:48:46.0394 2800  scfilter - ok

21:48:46.0410 2800  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\windows\system32\schedsvc.dll

21:48:46.0472 2800  Schedule - ok

21:48:46.0488 2800  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\windows\System32\certprop.dll

21:48:46.0519 2800  SCPolicySvc - ok

21:48:46.0550 2800  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\windows\System32\SDRSVC.dll

21:48:46.0581 2800  SDRSVC - ok

21:48:46.0597 2800  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\windows\system32\drivers\secdrv.sys

21:48:46.0644 2800  secdrv - ok

21:48:46.0659 2800  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\windows\system32\seclogon.dll

21:48:46.0706 2800  seclogon - ok

21:48:46.0722 2800  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\windows\System32\sens.dll

21:48:46.0753 2800  SENS - ok

21:48:46.0800 2800  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\windows\system32\sensrsvc.dll

21:48:46.0831 2800  SensrSvc - ok

21:48:46.0847 2800  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\windows\system32\drivers\serenum.sys

21:48:46.0862 2800  Serenum - ok

21:48:46.0893 2800  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\windows\system32\drivers\serial.sys

21:48:46.0925 2800  Serial - ok

21:48:46.0956 2800  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\windows\system32\drivers\sermouse.sys

21:48:46.0987 2800  sermouse - ok

21:48:47.0003 2800  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\windows\system32\sessenv.dll

21:48:47.0034 2800  SessionEnv - ok

21:48:47.0049 2800  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\windows\system32\drivers\sffdisk.sys

21:48:47.0065 2800  sffdisk - ok

21:48:47.0081 2800  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys

21:48:47.0112 2800  sffp_mmc - ok

21:48:47.0112 2800  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys

21:48:47.0127 2800  sffp_sd - ok

21:48:47.0143 2800  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\windows\system32\drivers\sfloppy.sys

21:48:47.0174 2800  sfloppy - ok

21:48:47.0205 2800  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\windows\System32\ipnathlp.dll

21:48:47.0252 2800  SharedAccess - ok

21:48:47.0268 2800  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll

21:48:47.0315 2800  ShellHWDetection - ok

21:48:47.0346 2800  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\windows\system32\drivers\SiSRaid2.sys

21:48:47.0361 2800  SiSRaid2 - ok

21:48:47.0361 2800  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\windows\system32\drivers\sisraid4.sys

21:48:47.0377 2800  SiSRaid4 - ok

21:48:47.0393 2800  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\windows\system32\DRIVERS\smb.sys

21:48:47.0439 2800  Smb - ok

21:48:47.0455 2800  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\windows\System32\snmptrap.exe

21:48:47.0486 2800  SNMPTRAP - ok

21:48:47.0517 2800  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\windows\system32\drivers\spldr.sys

21:48:47.0517 2800  spldr - ok

21:48:47.0564 2800  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\windows\System32\spoolsv.exe

21:48:47.0580 2800  Spooler - ok

21:48:47.0658 2800  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\windows\system32\sppsvc.exe

21:48:47.0767 2800  sppsvc - ok

21:48:47.0783 2800  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\windows\system32\sppuinotify.dll

21:48:47.0829 2800  sppuinotify - ok

21:48:47.0845 2800  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\windows\system32\DRIVERS\srv.sys

21:48:47.0876 2800  srv - ok

21:48:47.0892 2800  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\windows\system32\DRIVERS\srv2.sys

21:48:47.0923 2800  srv2 - ok

21:48:47.0954 2800  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys

21:48:47.0970 2800  srvnet - ok

21:48:48.0017 2800  [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus         C:\windows\system32\DRIVERS\ssadbus.sys

21:48:48.0048 2800  ssadbus - ok

21:48:48.0095 2800  [ 58221EFCB74167B73667F0024C661CE0 ] ssadmdfl        C:\windows\system32\DRIVERS\ssadmdfl.sys

21:48:48.0110 2800  ssadmdfl - ok

21:48:48.0126 2800  [ 4DA7C71BFAC5AD71255B7E4CAB980163 ] ssadmdm         C:\windows\system32\DRIVERS\ssadmdm.sys

21:48:48.0157 2800  ssadmdm - ok

21:48:48.0188 2800  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll

21:48:48.0235 2800  SSDPSRV - ok

21:48:48.0297 2800  [ 0211AB46B73A2623B86C1CFCB30579AB ] SSPORT          C:\windows\system32\Drivers\SSPORT.sys

21:48:48.0297 2800  SSPORT - ok

21:48:48.0329 2800  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\windows\system32\sstpsvc.dll

21:48:48.0360 2800  SstpSvc - ok

21:48:48.0375 2800  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\windows\system32\drivers\stexstor.sys

21:48:48.0391 2800  stexstor - ok

21:48:48.0422 2800  [ DECACB6921DED1A38642642685D77DAC ] StillCam        C:\windows\system32\DRIVERS\serscan.sys

21:48:48.0438 2800  StillCam - ok

21:48:48.0485 2800  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\windows\System32\wiaservc.dll

21:48:48.0516 2800  stisvc - ok

21:48:48.0547 2800  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\windows\system32\DRIVERS\swenum.sys

21:48:48.0547 2800  swenum - ok

21:48:48.0578 2800  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\windows\System32\swprv.dll

21:48:48.0625 2800  swprv - ok

21:48:48.0672 2800  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\windows\system32\sysmain.dll

21:48:48.0734 2800  SysMain - ok

21:48:48.0750 2800  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll

21:48:48.0781 2800  TabletInputService - ok

21:48:48.0797 2800  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\windows\System32\tapisrv.dll

21:48:48.0843 2800  TapiSrv - ok

21:48:48.0859 2800  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\windows\System32\tbssvc.dll

21:48:48.0906 2800  TBS - ok

21:48:48.0968 2800  [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip           C:\windows\system32\drivers\tcpip.sys

21:48:49.0015 2800  Tcpip - ok

21:48:49.0062 2800  [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys

21:48:49.0093 2800  TCPIP6 - ok

21:48:49.0109 2800  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys

21:48:49.0155 2800  tcpipreg - ok

21:48:49.0171 2800  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys

21:48:49.0187 2800  TDPIPE - ok

21:48:49.0218 2800  TDslMgrService - ok

21:48:49.0233 2800  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys

21:48:49.0249 2800  TDTCP - ok

21:48:49.0265 2800  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\windows\system32\DRIVERS\tdx.sys

21:48:49.0311 2800  tdx - ok

21:48:49.0327 2800  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\windows\system32\DRIVERS\termdd.sys

21:48:49.0343 2800  TermDD - ok

21:48:49.0374 2800  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\windows\System32\termsrv.dll

21:48:49.0421 2800  TermService - ok

21:48:49.0452 2800  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\windows\system32\themeservice.dll

21:48:49.0467 2800  Themes - ok

21:48:49.0499 2800  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\windows\system32\mmcss.dll

21:48:49.0514 2800  THREADORDER - ok

21:48:49.0530 2800  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\windows\System32\trkwks.dll

21:48:49.0561 2800  TrkWks - ok

21:48:49.0623 2800  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe

21:48:49.0655 2800  TrustedInstaller - ok

21:48:49.0686 2800  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys

21:48:49.0717 2800  tssecsrv - ok

21:48:49.0748 2800  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys

21:48:49.0764 2800  TsUsbFlt - ok

21:48:49.0795 2800  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\windows\system32\drivers\TsUsbGD.sys

21:48:49.0811 2800  TsUsbGD - ok

21:48:49.0857 2800  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys

21:48:49.0889 2800  tunnel - ok

21:48:49.0904 2800  [ 48743B69EA47C020A792D8649F753F44 ] TurboB          C:\windows\system32\DRIVERS\TurboB.sys

21:48:49.0920 2800  TurboB - ok

21:48:49.0998 2800  [ 759F59E3EA3802FF23F93DCDB6FE9171 ] TurboBoost      C:\Program Files\Intel\TurboBoost\TurboBoost.exe

21:48:50.0013 2800  TurboBoost - ok

21:48:50.0029 2800  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\windows\system32\drivers\uagp35.sys

21:48:50.0045 2800  uagp35 - ok

21:48:50.0060 2800  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\windows\system32\DRIVERS\udfs.sys

21:48:50.0107 2800  udfs - ok

21:48:50.0138 2800  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\windows\system32\UI0Detect.exe

21:48:50.0154 2800  UI0Detect - ok

21:48:50.0185 2800  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys

21:48:50.0201 2800  uliagpkx - ok

21:48:50.0216 2800  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\windows\system32\DRIVERS\umbus.sys

21:48:50.0247 2800  umbus - ok

21:48:50.0263 2800  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\windows\system32\drivers\umpass.sys

21:48:50.0279 2800  UmPass - ok

21:48:50.0357 2800  [ 7E5E1603D0FF2D240AE70295C5C3FEFC ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

21:48:50.0403 2800  UNS - ok

21:48:50.0435 2800  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\windows\System32\upnphost.dll

21:48:50.0481 2800  upnphost - ok

21:48:50.0528 2800  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\windows\system32\drivers\usbaudio.sys

21:48:50.0559 2800  usbaudio - ok

21:48:50.0591 2800  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys

21:48:50.0606 2800  usbccgp - ok

21:48:50.0637 2800  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\windows\system32\drivers\usbcir.sys

21:48:50.0669 2800  usbcir - ok

21:48:50.0700 2800  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\windows\system32\drivers\usbehci.sys

21:48:50.0731 2800  usbehci - ok

21:48:50.0762 2800  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys

21:48:50.0793 2800  usbhub - ok

21:48:50.0809 2800  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\windows\system32\drivers\usbohci.sys

21:48:50.0825 2800  usbohci - ok

21:48:50.0871 2800  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys

21:48:50.0887 2800  usbprint - ok

21:48:50.0918 2800  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS

21:48:50.0949 2800  USBSTOR - ok

21:48:50.0996 2800  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\windows\system32\drivers\usbuhci.sys

21:48:51.0012 2800  usbuhci - ok

21:48:51.0059 2800  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\windows\system32\Drivers\usbvideo.sys

21:48:51.0090 2800  usbvideo - ok

21:48:51.0137 2800  [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx      C:\windows\system32\DRIVERS\usb8023x.sys

21:48:51.0152 2800  usb_rndisx - ok

21:48:51.0183 2800  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\windows\System32\uxsms.dll

21:48:51.0230 2800  UxSms - ok

21:48:51.0230 2800  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\windows\system32\lsass.exe

21:48:51.0246 2800  VaultSvc - ok

21:48:51.0293 2800  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys

21:48:51.0293 2800  vdrvroot - ok

21:48:51.0324 2800  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\windows\System32\vds.exe

21:48:51.0355 2800  vds - ok

21:48:51.0371 2800  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\windows\system32\DRIVERS\vgapnp.sys

21:48:51.0386 2800  vga - ok

21:48:51.0402 2800  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\windows\System32\drivers\vga.sys

21:48:51.0433 2800  VgaSave - ok

21:48:51.0464 2800  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\windows\system32\drivers\vhdmp.sys

21:48:51.0480 2800  vhdmp - ok

21:48:51.0495 2800  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\windows\system32\drivers\viaide.sys

21:48:51.0495 2800  viaide - ok

21:48:51.0527 2800  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\windows\system32\drivers\volmgr.sys

21:48:51.0527 2800  volmgr - ok

21:48:51.0573 2800  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\windows\system32\drivers\volmgrx.sys

21:48:51.0589 2800  volmgrx - ok

21:48:51.0605 2800  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\windows\system32\drivers\volsnap.sys

21:48:51.0620 2800  volsnap - ok

21:48:51.0636 2800  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\windows\system32\drivers\vsmraid.sys

21:48:51.0651 2800  vsmraid - ok

21:48:51.0683 2800  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\windows\system32\vssvc.exe

21:48:51.0745 2800  VSS - ok

21:48:51.0776 2800  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys

21:48:51.0807 2800  vwifibus - ok

21:48:51.0839 2800  [ 13A0DECD1794DE60A8427862C8669D27 ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys

21:48:51.0854 2800  vwififlt - ok

21:48:51.0885 2800  [ 49003B357D101CDC474937437ECF5ABC ] vwifimp         C:\windows\system32\DRIVERS\vwifimp.sys

21:48:51.0901 2800  vwifimp - ok

21:48:51.0932 2800  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\windows\system32\w32time.dll

21:48:51.0979 2800  W32Time - ok

21:48:51.0995 2800  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\windows\system32\drivers\wacompen.sys

21:48:52.0010 2800  WacomPen - ok

21:48:52.0041 2800  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys

21:48:52.0088 2800  WANARP - ok

21:48:52.0088 2800  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys

21:48:52.0119 2800  Wanarpv6 - ok

21:48:52.0197 2800  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\windows\system32\Wat\WatAdminSvc.exe

21:48:52.0229 2800  WatAdminSvc - ok

21:48:52.0275 2800  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\windows\system32\wbengine.exe

21:48:52.0322 2800  wbengine - ok

21:48:52.0322 2800  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\windows\System32\wbiosrvc.dll

21:48:52.0353 2800  WbioSrvc - ok

21:48:52.0385 2800  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\windows\System32\wcncsvc.dll

21:48:52.0400 2800  wcncsvc - ok

21:48:52.0416 2800  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll

21:48:52.0431 2800  WcsPlugInService - ok

21:48:52.0447 2800  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\windows\system32\drivers\wd.sys

21:48:52.0463 2800  Wd - ok

21:48:52.0509 2800  [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM         C:\windows\system32\DRIVERS\wdcsam64.sys

21:48:52.0525 2800  WDC_SAM ( UnsignedFile.Multi.Generic ) - warning

21:48:52.0525 2800  WDC_SAM - detected UnsignedFile.Multi.Generic (1)

21:48:52.0556 2800  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys

21:48:52.0572 2800  Wdf01000 - ok

21:48:52.0603 2800  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\windows\system32\wdi.dll

21:48:52.0634 2800  WdiServiceHost - ok

21:48:52.0634 2800  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\windows\system32\wdi.dll

21:48:52.0650 2800  WdiSystemHost - ok

21:48:52.0681 2800  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\windows\System32\webclnt.dll

21:48:52.0712 2800  WebClient - ok

21:48:52.0743 2800  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\windows\system32\wecsvc.dll

21:48:52.0790 2800  Wecsvc - ok

21:48:52.0806 2800  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\windows\System32\wercplsupport.dll

21:48:52.0837 2800  wercplsupport - ok

21:48:52.0853 2800  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\windows\System32\WerSvc.dll

21:48:52.0899 2800  WerSvc - ok

21:48:52.0931 2800  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys

21:48:52.0946 2800  WfpLwf - ok

21:48:52.0977 2800  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\windows\system32\drivers\wimmount.sys

21:48:52.0993 2800  WIMMount - ok

21:48:53.0024 2800  WinDefend - ok

21:48:53.0024 2800  WinHttpAutoProxySvc - ok

21:48:53.0087 2800  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll

21:48:53.0118 2800  Winmgmt - ok

21:48:53.0180 2800  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\windows\system32\WsmSvc.dll

21:48:53.0227 2800  WinRM - ok

21:48:53.0289 2800  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\windows\system32\DRIVERS\WinUsb.sys

21:48:53.0321 2800  WinUsb - ok

21:48:53.0352 2800  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\windows\System32\wlansvc.dll

21:48:53.0399 2800  Wlansvc - ok

21:48:53.0508 2800  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files (x86)\Windows Live\Mesh\wlcrasvc.exe

21:48:53.0508 2800  wlcrasvc - ok

21:48:53.0664 2800  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

21:48:53.0695 2800  wlidsvc - ok

21:48:53.0711 2800  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\windows\system32\drivers\wmiacpi.sys

21:48:53.0742 2800  WmiAcpi - ok

21:48:53.0773 2800  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe

21:48:53.0789 2800  wmiApSrv - ok

21:48:53.0804 2800  WMPNetworkSvc - ok

21:48:53.0835 2800  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\windows\System32\wpcsvc.dll

21:48:53.0851 2800  WPCSvc - ok

21:48:53.0867 2800  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll

21:48:53.0882 2800  WPDBusEnum - ok

21:48:53.0898 2800  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys

21:48:53.0929 2800  ws2ifsl - ok

21:48:53.0945 2800  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\windows\System32\wscsvc.dll

21:48:53.0976 2800  wscsvc - ok

21:48:53.0976 2800  WSearch - ok

21:48:54.0038 2800  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\windows\system32\wuaueng.dll

21:48:54.0085 2800  wuauserv - ok

21:48:54.0132 2800  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\windows\system32\drivers\WudfPf.sys

21:48:54.0163 2800  WudfPf - ok

21:48:54.0179 2800  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys

21:48:54.0225 2800  WUDFRd - ok

21:48:54.0257 2800  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\windows\System32\WUDFSvc.dll

21:48:54.0288 2800  wudfsvc - ok

21:48:54.0303 2800  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\windows\System32\wwansvc.dll

21:48:54.0335 2800  WwanSvc - ok

21:48:54.0366 2800  ================ Scan global ===============================

21:48:54.0381 2800  [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll

21:48:54.0413 2800  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll

21:48:54.0413 2800  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll

21:48:54.0444 2800  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll

21:48:54.0459 2800  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe

21:48:54.0475 2800  [Global] - ok

21:48:54.0475 2800  ================ Scan MBR ==================================

21:48:54.0475 2800  [ 2E5DEBB2116B3417023E0D6562D7ED07 ] \Device\Harddisk0\DR0

21:48:54.0927 2800  \Device\Harddisk0\DR0 - ok

21:48:54.0927 2800  ================ Scan VBR ==================================

21:48:54.0927 2800  [ FD9F4EBD5E220402B70FEE7FBD492011 ] \Device\Harddisk0\DR0\Partition1

21:48:54.0943 2800  \Device\Harddisk0\DR0\Partition1 - ok

21:48:54.0959 2800  [ 2BF6DECEB2A2EC0BBD2E77757BE2222C ] \Device\Harddisk0\DR0\Partition2

21:48:54.0959 2800  \Device\Harddisk0\DR0\Partition2 - ok

21:48:54.0990 2800  [ C0AD4AFF0CC3D729B28620247EACF1F1 ] \Device\Harddisk0\DR0\Partition3

21:48:54.0990 2800  \Device\Harddisk0\DR0\Partition3 - ok

21:48:54.0990 2800  ============================================================

21:48:54.0990 2800  Scan finished

21:48:54.0990 2800  ============================================================

21:48:55.0005 4476  Detected object count: 1

21:48:55.0005 4476  Actual detected object count: 1

21:49:05.0894 4476  WDC_SAM ( UnsignedFile.Multi.Generic ) - skipped by user

21:49:05.0894 4476  WDC_SAM ( UnsignedFile.Multi.Generic ) - User select action: Skip

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Code:

ComboFix 12-09-10.03 - Isabelle 10.09.2012  17:09:49.1.4 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.6124.4826 [GMT 2:00]

ausgeführt von:: c:\users\Isabelle\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\SysWow64\DEBUG.log

c:\windows\SysWow64\muzapp.exe

c:\windows\SysWow64\System32\MASetupCleaner.exe

c:\windows\SysWow64\System32\muzapp.exe

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-08-10 bis 2012-09-10  ))))))))))))))))))))))))))))))

.

.

2012-09-10 15:14 . 2012-09-10 15:14        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-09-10 15:14 . 2012-09-10 15:14        --------        d-----w-        c:\users\Administrator\AppData\Local\temp

2012-09-10 11:12 . 2012-09-10 11:12        --------        d-----w-        c:\users\Isabelle\AppData\Local\Windows Live Writer

2012-09-10 11:12 . 2012-09-10 11:12        --------        d-----w-        c:\users\Isabelle\AppData\Roaming\Windows Live Writer

2012-09-10 09:30 . 2012-09-10 09:30        69000        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{25362FA9-8305-46E9-8DBC-CC20E68C01EC}\offreg.dll

2012-09-09 11:45 . 2012-09-09 11:45        --------        d-----w-        c:\users\Isabelle\AppData\Local\fotokasten comfort

2012-09-07 09:39 . 2012-09-07 09:39        --------        d-----w-        C:\_OTL

2012-09-07 09:35 . 2012-08-23 08:26        9310152        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{25362FA9-8305-46E9-8DBC-CC20E68C01EC}\mpengine.dll

2012-09-05 19:52 . 2012-09-05 19:52        --------        d-----w-        c:\windows\SysWow64\wbem\en-US

2012-09-05 19:52 . 2012-09-05 19:52        --------        d-----w-        c:\windows\system32\wbem\en-US

2012-09-05 06:57 . 2012-09-05 06:57        --------        d-----w-        c:\program files (x86)\ESET

2012-09-05 06:18 . 2012-09-05 06:18        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware

2012-09-05 06:18 . 2012-07-03 11:46        24904        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-09-01 17:09 . 2012-09-08 06:55        --------        d-----w-        c:\program files (x86)\Mozilla Maintenance Service

2012-09-01 16:24 . 2012-09-01 16:24        --------        d-----w-        c:\users\Isabelle\AppData\Roaming\Malwarebytes

2012-09-01 16:23 . 2012-09-01 16:23        --------        d-----w-        c:\programdata\Malwarebytes

2012-09-01 09:26 . 2012-09-01 10:37        --------        d-----w-        c:\program files (x86)\FileMenuTools

2012-08-26 11:31 . 2012-08-26 11:31        95208        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-08-26 11:31 . 2012-08-26 11:31        --------        d-----w-        c:\program files (x86)\lib

2012-08-26 11:30 . 2012-08-26 11:31        --------        d-----w-        c:\program files (x86)\bin

2012-08-26 11:25 . 2012-08-26 11:25        --------        d-----w-        c:\program files (x86)\Common Files\Java

2012-08-26 11:25 . 2012-08-26 11:30        821736        ----a-w-        c:\windows\SysWow64\npDeployJava1.dll

2012-08-19 18:08 . 2011-06-02 05:47        177640        ----a-w-        c:\windows\system32\drivers\ssadmdm.sys

2012-08-19 18:08 . 2011-06-02 05:47        16872        ----a-w-        c:\windows\system32\drivers\ssadmdfl.sys

2012-08-19 18:08 . 2011-06-02 05:47        157672        ----a-w-        c:\windows\system32\drivers\ssadbus.sys

2012-08-19 18:08 . 2011-06-02 05:47        13800        ----a-w-        c:\windows\system32\drivers\ssadwhnt.sys

2012-08-19 18:08 . 2011-06-02 05:47        13288        ----a-w-        c:\windows\system32\drivers\ssadcmnt.sys

2012-08-19 18:08 . 2012-08-19 18:09        --------        d-----w-        c:\program files (x86)\USB Drivers

2012-08-19 18:06 . 2012-09-04 07:40        --------        d-----w-        c:\program files (x86)\Kies

2012-08-15 17:29 . 2012-07-06 20:07        552960        ----a-w-        c:\windows\system32\drivers\bthport.sys

2012-08-15 15:48 . 2012-05-05 08:36        503808        ----a-w-        c:\windows\system32\srcore.dll

2012-08-15 15:48 . 2012-05-05 07:46        43008        ----a-w-        c:\windows\SysWow64\srclient.dll

2012-08-15 15:48 . 2012-02-11 06:43        751104        ----a-w-        c:\windows\system32\win32spl.dll

2012-08-15 15:48 . 2012-02-11 06:36        559104        ----a-w-        c:\windows\system32\spoolsv.exe

2012-08-15 15:48 . 2012-02-11 06:36        67072        ----a-w-        c:\windows\splwow64.exe

2012-08-15 15:48 . 2012-02-11 05:43        492032        ----a-w-        c:\windows\SysWow64\win32spl.dll

2012-08-15 15:45 . 2012-07-04 22:16        73216        ----a-w-        c:\windows\system32\netapi32.dll

2012-08-15 15:45 . 2012-07-04 22:13        59392        ----a-w-        c:\windows\system32\browcli.dll

2012-08-15 15:45 . 2012-07-04 22:13        136704        ----a-w-        c:\windows\system32\browser.dll

2012-08-15 15:45 . 2012-07-04 21:14        41984        ----a-w-        c:\windows\SysWow64\browcli.dll

2012-08-15 15:45 . 2012-07-18 18:15        3148800        ----a-w-        c:\windows\system32\win32k.sys

2012-08-15 15:44 . 2012-05-14 05:26        956928        ----a-w-        c:\windows\system32\localspl.dll

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-09-01 17:39 . 2012-04-17 19:06        426184        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

2012-09-01 17:39 . 2012-01-12 18:14        70344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-26 11:30 . 2012-02-22 13:22        746984        ----a-w-        c:\windows\SysWow64\deployJava1.dll

2012-08-21 09:13 . 2012-01-12 17:46        359464        ----a-w-        c:\windows\system32\drivers\aswSP.sys

2012-08-21 09:13 . 2012-01-12 17:46        969200        ----a-w-        c:\windows\system32\drivers\aswSnx.sys

2012-08-21 09:13 . 2012-01-12 17:46        59728        ----a-w-        c:\windows\system32\drivers\aswTdi.sys

2012-08-21 09:13 . 2012-02-24 15:49        54072        ----a-w-        c:\windows\system32\drivers\aswRdr2.sys

2012-08-21 09:13 . 2012-01-12 17:46        71600        ----a-w-        c:\windows\system32\drivers\aswMonFlt.sys

2012-08-21 09:13 . 2012-01-12 17:46        25232        ----a-w-        c:\windows\system32\drivers\aswFsBlk.sys

2012-08-21 09:12 . 2012-01-12 17:46        41224        ----a-w-        c:\windows\avastSS.scr

2012-08-21 09:12 . 2012-01-12 17:46        227648        ----a-w-        c:\windows\SysWow64\aswBoot.exe

2012-08-21 09:12 . 2012-01-12 17:46        285328        ----a-w-        c:\windows\system32\aswBoot.exe

2012-08-15 17:26 . 2012-01-14 16:59        62134624        ----a-w-        c:\windows\system32\MRT.exe

2012-07-30 12:16 . 2012-01-12 20:28        4659712        ----a-w-        c:\windows\SysWow64\Redemption.dll

2012-06-26 07:02 . 2011-12-23 19:58        45320        ----a-w-        c:\windows\SysWow64\MAMACExtract.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19        94208        ----a-w-        c:\users\Isabelle\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19        94208        ----a-w-        c:\users\Isabelle\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19        94208        ----a-w-        c:\users\Isabelle\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19        94208        ----a-w-        c:\users\Isabelle\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

.

c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Isabelle\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-7-25 26909544]

.

c:\users\Isabelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Isabelle\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-7-25 26909544]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages        REG_MULTI_SZ           kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-01 250056]

R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-07-06 289704]

R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-07 114144]

R3 PVUSB;CESG502 64bit USB Driver;c:\windows\system32\DRIVERS\CESG64.sys [2007-02-19 63808]

R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [2010-08-09 166704]

R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-06-02 157672]

R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-06-02 16872]

R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-06-02 177640]

R3 TDslMgrService;DSL-Manager;c:\program files (x86)\DSL-Manager\DslMgrSvc.exe [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-10-08 150016]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2011-01-25 18432]

R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-09 1255736]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2009-02-13 14464]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files (x86)\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 DslMNLwf;DSL-Manager NDIS LightWeight Filter;c:\windows\system32\DRIVERS\dslmnlwf.sys [2007-08-01 19008]

S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2010-10-07 13824]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2011-01-25 60416]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]

S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-08-07 11576]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-10-08 19192]

S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-11-10 31088]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-11-12 138024]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]

S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-03-04 174184]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-27 425064]

.

.

Inhalt des "geplante Tasks" Ordners

.

2012-09-01 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 17:39]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-08-21 09:11        133400        ----a-w-        c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19        97792        ----a-w-        c:\users\Isabelle\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19        97792        ----a-w-        c:\users\Isabelle\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19        97792        ----a-w-        c:\users\Isabelle\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19        97792        ----a-w-        c:\users\Isabelle\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-25 11895400]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com

mStart Page = 

mLocal Page = 

uSearchAssistant = 

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: ????3?? - c:\users\Isabelle\AppData\Roaming\FlashGetBHO\GetUrl.htm

IE: ????3?????? - c:\users\Isabelle\AppData\Roaming\FlashGetBHO\GetAllUrl.htm

IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files (x86)\ICQ7.7\ICQ.exe

TCP: DhcpNameServer = 192.168.2.1 192.168.2.1

FF - ProfilePath - c:\users\Isabelle\AppData\Roaming\Mozilla\Firefox\Profiles\kbx3rbvp.default\

FF - prefs.js: browser.search.selectedEngine - LEO Eng-Deu

FF - prefs.js: browser.startup.homepage - hxxps://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=hxxp://mail.google.com/mail/?hl%3Dde%26tab%3Dwm&scc=1&ltmpl=googlemail&hl=de#inbox|https://www.facebook.com/home.php

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe

AddRemove-MyFreeCodec - c:\users\Isabelle\Documents\samsung\Kies\1.0b beta\uninstall.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_USERS\S-1-5-21-2027592733-4161651481-1790285415-1000\Software\Microsoft\Internet Explorer\MenuExt\O(uë_f3*N}]

@="c:\\Users\\Isabelle\\AppData\\Roaming\\FlashGetBHO\\GetUrl.htm"

"contexts"=dword:00000022

.

[HKEY_USERS\S-1-5-21-2027592733-4161651481-1790285415-1000\Software\Microsoft\Internet Explorer\MenuExt\O(uë_f3*N}hQèþ”¥c]

@="c:\\Users\\Isabelle\\AppData\\Roaming\\FlashGetBHO\\GetAllUrl.htm"

"contexts"=dword:000000f3

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2012-09-10  17:16:35

ComboFix-quarantined-files.txt  2012-09-10 15:16

.

Vor Suchlauf: 9 Verzeichnis(se), 201.114.624.000 Bytes frei

Nach Suchlauf: 14 Verzeichnis(se), 200.711.852.032 Bytes frei

.

- - End Of File - - 2DEB66ACB83FA989A7A70F8905AB480D

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Habe GMER, OSAM und aswMBR ausgeführt.

GMER:

Code:

GMER 1.0.15.15641 - hxxp://www.gmer.net

Rootkit scan 2012-09-10 21:35:28

Windows 6.1.7601 Service Pack 1 

Running: 59qw60h8.exe
 
 

---- Registry - GMER 1.0.15 ----
 

Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002454f1e1f4                      

Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4cedde6a3c77                      

Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\dca971071c90                      

Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002454f1e1f4 (not active ControlSet)  

Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4cedde6a3c77 (not active ControlSet)  

Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\dca971071c90 (not active ControlSet)  
 

---- EOF - GMER 1.0.15 ----

OSAM:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 21:47:31 on 10.09.2012
 

OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 64-bit

Default Browser: Mozilla Corporation Firefox 15.0.1
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Common]

-----( %SystemRoot%\Tasks )-----

"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"aswFsBlk" (aswFsBlk) - "AVAST Software" - C:\windows\system32\drivers\aswFsBlk.sys

"aswMonFlt" (aswMonFlt) - "AVAST Software" - C:\windows\system32\drivers\aswMonFlt.sys

"aswRdr" (aswRdr) - "AVAST Software" - C:\windows\System32\Drivers\aswrdr2.sys

"aswSnx" (aswSnx) - "AVAST Software" - C:\windows\system32\drivers\aswSnx.sys

"aswSP" (aswSP) - "AVAST Software" - C:\windows\system32\drivers\aswSP.sys

"avast! Network Shield Support" (aswTdi) - "AVAST Software" - C:\windows\system32\drivers\aswTdi.sys

"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)

"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\windows\system32\drivers\mbam.sys

"rtport" (rtport) - "Windows (R) 2003 DDK 3790 provider" - C:\windows\SysWOW64\drivers\rtport.sys

"WD SCSI Pass Thru driver" (WDC_SAM) - "Western Digital Technologies" - C:\windows\System32\DRIVERS\wdcsam64.sys
 

[Explorer]

-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

-----( HKLM\Software\Classes\Protocols\Handler )-----

{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll

{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll

{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll

{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{472083B0-C522-11CF-8763-00608CC02F24} "avast" - "AVAST Software" - C:\Program Files\AVAST Software\Avast\ashShell.dll

{C1B2C38F-3DCA-4E3D-BC34-D5B87B636543} "FileMenuTools" - ? - C:\Program Files (x86)\FileMenuTools\App\FileMenu Tools\FileMenuTools.dll  (File not found)

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\msohevi.dll

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll

{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office12\ONFILTER.DLL

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll

{CF822AB4-6DB5-4FDA-BC28-E61DF36D2583} "PDF-XChange PDF Preview Provider" - ? -   (File not found | COM-object registry key not found)

{67EB453C-1BE1-48EC-AAF3-23B10277FCC1} "PDF-XChange PDF Property Handler" - ? -   (File not found | COM-object registry key not found)

{EBD0B8F4-A9A0-41B7-9695-030CD264D9C8} "PDF-XChange PDF Thumbnail Provider" - ? -   (File not found | COM-object registry key not found)

{E99987AC-6311-4686-B095-EB30B69F9258} "Samsung AnyWeb Print" - ? - C:\Program Files\Samsung AnyWeb Print\W2PDeskband.dll

{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe

{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe

{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll

{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll

{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll

{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe

{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll

{0563DB41-F538-4B37-A92D-4659049B7766} "WLMD Message Handler" - ? -   (File not found | COM-object registry key not found)

{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

XCShInfo "{B2F55D43-C7A4-4B7C-90D7-7A860DFA9F2A}" - ? -   (File not found | COM-object registry key not found)
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)

ITBar7Height64 "ITBar7Height64" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBar7Layout64" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBA} "Java Plug-in 1.7.0_06" - "Oracle Corporation" - C:\Program Files (x86)\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_06-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.7.0_06" - "Oracle Corporation" - C:\Program Files (x86)\bin\npjpi170_06.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_06-windows-i586.cab

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 10.6.2" - "Oracle Corporation" - C:\Program Files (x86)\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_06-windows-i586.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "@C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

"ICQ7.7" - "ICQ, LLC." - C:\Program Files (x86)\ICQ7.7\ICQ.exe

{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

{94BB0C4C-B957-479A-85E4-42F53B89F681} "Samsung AnyWeb Print" - ? - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----

<binary data> "avast! WebRep" - "AVAST Software" - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} "avast! WebRep" - "AVAST Software" - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Program Files (x86)\bin\jp2ssv.dll

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Oracle Corporation" - C:\Program Files (x86)\bin\ssv.dll

{AA609D72-8482-4076-8991-8CDAE5B93BCB} "Samsung BHO Class" - ? - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll

{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
 

[Known DLLs]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs )-----

"advapi32" - "Microsoft Corporation" - C:\windows\system32\advapi32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)

"clbcatq" - "Microsoft Corporation" - C:\windows\system32\clbcatq.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)

"COMDLG32" - "Microsoft Corporation" - C:\windows\system32\COMDLG32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)

"DifxApi" - "Microsoft Corporation" - C:\windows\system32\difxapi.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)

"gdi32" - "Microsoft Corporation" - C:\windows\system32\gdi32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)

"IERTUTIL" - "Microsoft Corporation" - C:\windows\system32\IERTUTIL.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)

"IMAGEHLP" - "Microsoft Corporation" - C:\windows\system32\IMAGEHLP.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)

"IMM32" - "Microsoft Corporation" - C:\windows\system32\IMM32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)

"kernel32" - "Microsoft Corporation" - C:\windows\system32\kernel32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)

"LPK" - "Microsoft Corporation" - C:\windows\system32\LPK.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)

"MSCTF" - "Microsoft Corporation" - C:\windows\system32\MSCTF.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)

"MSVCRT" - "Microsoft Corporation" - C:\windows\system32\MSVCRT.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)

"NORMALIZ" - "Microsoft Corporation" - C:\windows\system32\NORMALIZ.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)

"NSI" - "Microsoft Corporation" - C:\windows\system32\NSI.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)

"ole32" - "Microsoft Corporation" - C:\windows\system32\ole32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)

"OLEAUT32" - "Microsoft Corporation" - C:\windows\system32\OLEAUT32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)

"PSAPI" - "Microsoft Corporation" - C:\windows\system32\PSAPI.DLL  (Hidden registry entry, rootkit activity | File signed by Microsoft)

"rpcrt4" - "Microsoft Corporation" - C:\windows\system32\rpcrt4.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)

"sechost" - "Microsoft Corporation" - C:\windows\system32\sechost.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)

"Setupapi" - "Microsoft Corporation" - C:\windows\system32\Setupapi.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)

"SHELL32" - "Microsoft Corporation" - C:\windows\system32\SHELL32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)

"SHLWAPI" - "Microsoft Corporation" - C:\windows\system32\SHLWAPI.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)

"URLMON" - "Microsoft Corporation" - C:\windows\system32\URLMON.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)

"user32" - "Microsoft Corporation" - C:\windows\system32\user32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)

"USP10" - "Microsoft Corporation" - C:\windows\system32\USP10.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)

"WININET" - "Microsoft Corporation" - C:\windows\system32\WININET.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)

"WLDAP32" - "Microsoft Corporation" - C:\windows\system32\WLDAP32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)

"WS2_32" - "Microsoft Corporation" - C:\windows\system32\WS2_32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
 

[LSA Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----

"Security Packages" - "Microsoft Corp." - C:\windows\system32\livessp.dll
 

[Logon]

-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\Users\Isabelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

"Dropbox.lnk" - "Dropbox, Inc." - C:\Users\Isabelle\AppData\Roaming\Dropbox\bin\Dropbox.exe  (Shortcut exists | File exists)

-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----

"StartupPrograms" - ? - rdpclip  (File not found)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"avast" - "AVAST Software" - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"spd__ Langmon" - ? - C:\windows\system32\spd__l.dll

"SUGS2 Langmon" - ? - C:\windows\system32\sugs2l6.dll
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll  (File not found)

"@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe"  (File not found)

"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

"avast! Antivirus" (avast! Antivirus) - "AVAST Software" - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

"DSL-Manager" (TDslMgrService) - ? - "C:\Program Files (x86)\DSL-Manager\DslMgrSvc.exe"  (File not found)

"Google Updater Service" (gusvc) - "Google" - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

"Intel(R) Management and Security Application Local Management Service" (LMS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

"Intel(R) Management and Security Application User Notification Service" (UNS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

"Intel(R) Turbo Boost Technology Monitor 2.0" (TurboBoost) - "Intel(R) Corporation" - C:\Program Files\Intel\TurboBoost\TurboBoost.exe

"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

"Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

"NVIDIA Driver Helper Service" (NVSvc) - "NVIDIA Corporation" - C:\windows\system32\nvvsvc.exe

"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

"Samsung UPD Service" (Samsung UPD Service) - "Samsung Electronics CO., LTD." - C:\windows\System32\SUPDSvc.exe

"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
 

[Winsock Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----

"WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

"WindowsLive NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
 

===[ Logfile end ]=========================================[ Logfile end ]===
 

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

aswMBR

Code:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software

Run date: 2012-09-10 21:48:38

-----------------------------

21:48:38.912    OS Version: Windows x64 6.1.7601 Service Pack 1

21:48:38.913    Number of processors: 4 586 0x2A07

21:48:38.913    ComputerName: ISABELLE  UserName: Isabelle

21:48:39.759    Initialize success

21:48:40.296    AVAST engine defs: 12091000

21:49:33.704    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

21:49:33.705    Disk 0 Vendor: Hitachi_ JE4O Size: 715404MB BusType: 3

21:49:33.747    Disk 0 MBR read successfully

21:49:33.749    Disk 0 MBR scan

21:49:33.751    Disk 0 unknown MBR code

21:49:33.755    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048

21:49:33.767    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       242688 MB offset 206848

21:49:33.770    Disk 0 Partition - 00     0F Extended LBA            448247 MB offset 497231872

21:49:33.796    Disk 0 Partition 3 00     27 Hidden NTFS WinRE NTFS        24367 MB offset 1415241728

21:49:33.839    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS       448246 MB offset 497233920

21:49:33.858    Disk 0 scanning C:\windows\system32\drivers

21:49:41.011    Service scanning

21:49:59.774    Modules scanning

21:50:00.105    Disk 0 trace - called modules:

21:50:00.156    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 

21:50:00.160    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007847060]

21:50:00.164    3 CLASSPNP.SYS[fffff88001b6743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80059f3050]

21:50:00.967    AVAST engine scan C:\windows

21:50:04.478    AVAST engine scan C:\windows\system32

21:51:45.641    AVAST engine scan C:\windows\system32\drivers

21:51:54.507    AVAST engine scan C:\Users\Isabelle

22:04:23.103    AVAST engine scan C:\ProgramData

22:05:25.643    Scan finished successfully

22:09:22.343    Disk 0 MBR has been saved successfully to "C:\Users\Isabelle\Desktop\MBR.dat"

22:09:22.343    The log file has been saved successfully to "C:\Users\Isabelle\Desktop\aswMBR.txt"

Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.

Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar.
Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast

Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Anschließend Windows neu starten und ein neues Log mit aswMBR machen.

FIXMBR habe ich durchgeführt. Ging aber irgendwie so schnell das ich nur hoff das ich dabei alles richtig gemacht hab.

Hier das Log von aswMBR:

Code:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software

Run date: 2012-09-11 22:03:13

-----------------------------

22:03:13.427    OS Version: Windows x64 6.1.7601 Service Pack 1

22:03:13.427    Number of processors: 4 586 0x2A07

22:03:13.427    ComputerName: ISABELLE  UserName: Isabelle

22:03:14.167    Initialize success

22:03:14.327    AVAST engine defs: 12091101

22:03:18.047    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

22:03:18.047    Disk 0 Vendor: Hitachi_ JE4O Size: 715404MB BusType: 3

22:03:18.057    Disk 0 MBR read successfully

22:03:18.057    Disk 0 MBR scan

22:03:18.067    Disk 0 Windows 7 default MBR code

22:03:18.067    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048

22:03:18.077    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       242688 MB offset 206848

22:03:18.087    Disk 0 Partition - 00     0F Extended LBA            448247 MB offset 497231872

22:03:18.117    Disk 0 Partition 3 00     27 Hidden NTFS WinRE NTFS        24367 MB offset 1415241728

22:03:18.167    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS       448246 MB offset 497233920

22:03:18.197    Disk 0 scanning C:\windows\system32\drivers

22:03:25.517    Service scanning

22:03:53.407    Modules scanning

22:03:53.407    Disk 0 trace - called modules:

22:03:53.417    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys 

22:03:53.417    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007827060]

22:03:53.417    3 CLASSPNP.SYS[fffff88001bb343f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80058dc050]

22:03:54.447    AVAST engine scan C:\windows

22:03:57.377    AVAST engine scan C:\windows\system32

22:05:43.944    AVAST engine scan C:\windows\system32\drivers

22:05:54.365    AVAST engine scan C:\Users\Isabelle

22:21:14.111    AVAST engine scan C:\ProgramData

22:22:29.054    Scan finished successfully

22:25:05.936    Disk 0 MBR has been saved successfully to "C:\Users\Isabelle\Desktop\MBR.dat"

22:25:05.936    The log file has been saved successfully to "C:\Users\Isabelle\Desktop\aswMBR 11.09.txt"

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Malwarebytes

Code:

Malwarebytes Anti-Malware (Test) 1.65.0.1400

www.malwarebytes.org
 

Datenbank Version: v2012.09.12.02
 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Isabelle :: ISABELLE [Administrator]
 

Schutz: Deaktiviert
 

12.09.2012 09:08:48

mbam-log-2012-09-12 (09-08-48).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 376648

Laufzeit: 40 Minute(n), 29 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

SASW

Code:

SUPERAntiSpyware Scan Log

hxxp://www.superantispyware.com
 

Generated 09/12/2012 at 12:00 PM
 

Application Version : 5.5.1016
 

Core Rules Database Version : 9211

Trace Rules Database Version: 7023
 

Scan type       : Complete Scan

Total Scan Time : 01:15:40
 

Operating System Information

Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)

UAC On - Administrator
 

Memory items scanned      : 612

Memory threats detected   : 0

Registry items scanned    : 66529

Registry threats detected : 0

File items scanned        : 158489

File threats detected     : 189
 

Adware.Tracking Cookie

        C:\USERS\ISABELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\isabelle@www.youporn[1].txt [ Cookie:isabelle@www.youporn.com/ ]

        C:\USERS\ISABELLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\isabelle@adultfriendfinder[1].txt [ Cookie:isabelle@adultfriendfinder.com/ ]

        .doubleclick.net [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2HLLUO9.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2HLLUO9.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2HLLUO9.DEFAULT\COOKIES.SQLITE ]

        .apmebf.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2HLLUO9.DEFAULT\COOKIES.SQLITE ]

        .mediaplex.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2HLLUO9.DEFAULT\COOKIES.SQLITE ]

        .apmebf.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2HLLUO9.DEFAULT\COOKIES.SQLITE ]

        .fastclick.net [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2HLLUO9.DEFAULT\COOKIES.SQLITE ]

        .atdmt.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2HLLUO9.DEFAULT\COOKIES.SQLITE ]

        .atdmt.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2HLLUO9.DEFAULT\COOKIES.SQLITE ]

        .quartermedia.de [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2HLLUO9.DEFAULT\COOKIES.SQLITE ]

        .quartermedia.de [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2HLLUO9.DEFAULT\COOKIES.SQLITE ]

        .serving-sys.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2HLLUO9.DEFAULT\COOKIES.SQLITE ]

        .serving-sys.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2HLLUO9.DEFAULT\COOKIES.SQLITE ]

        .serving-sys.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2HLLUO9.DEFAULT\COOKIES.SQLITE ]

        .serving-sys.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2HLLUO9.DEFAULT\COOKIES.SQLITE ]

        .serving-sys.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2HLLUO9.DEFAULT\COOKIES.SQLITE ]

        statse.webtrendslive.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2HLLUO9.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2HLLUO9.DEFAULT\COOKIES.SQLITE ]

        .accounts.google.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2HLLUO9.DEFAULT\COOKIES.SQLITE ]

        .accounts.google.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2HLLUO9.DEFAULT\COOKIES.SQLITE ]

        .accounts.google.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2HLLUO9.DEFAULT\COOKIES.SQLITE ]

        .accounts.google.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2HLLUO9.DEFAULT\COOKIES.SQLITE ]

        accounts.google.com [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2HLLUO9.DEFAULT\COOKIES.SQLITE ]

        .ad.adnet.de [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2HLLUO9.DEFAULT\COOKIES.SQLITE ]

        .ad.adnet.de [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2HLLUO9.DEFAULT\COOKIES.SQLITE ]

        .doubleclick.net [ C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K2HLLUO9.DEFAULT\COOKIES.SQLITE ]

        media.mtvnservices.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TUAWWNT8 ]

        C:\USERS\ISABELLE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ISABELLE@ADS.CRAKMEDIA[2].TXT [ /ADS.CRAKMEDIA ]

        C:\USERS\ISABELLE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ISABELLE@DOUBLECLICK[1].TXT [ /DOUBLECLICK ]

        C:\USERS\ISABELLE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ISABELLE@XITI[1].TXT [ /XITI ]

        C:\USERS\ISABELLE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ISABELLE@YOUPORN[2].TXT [ /YOUPORN ]

        accounts.youtube.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        .invitemedia.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        .liveperson.net [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        de.sitestat.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        .statcounter.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        in.getclicky.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        tracking.metalyzer.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        de.sitestat.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        www.etracker.de [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        .xiti.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        .marinetraffic.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        .marinetraffic.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        .marinetraffic.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        .marinetraffic.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        .marinetraffic.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        .marinetraffic.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        .marinetraffic.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        .marinetraffic.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        .marinetraffic.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        .marinetraffic.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        .marinetraffic.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        .marinetraffic.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        .marinetraffic.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        .marinetraffic.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        .marinetraffic.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        .marinetraffic.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        .marinetraffic.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        .marinetraffic.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        .marinetraffic.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        .marinetraffic.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        .marinetraffic.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        .marinetraffic.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        .marinetraffic.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        de.sitestat.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        sales.liveperson.net [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        .liveperson.net [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        sales.liveperson.net [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        www.etracker.de [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        ad.zanox.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        ad.zanox.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        ad.dyntracker.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        partners.webmasterplan.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        partners.webmasterplan.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        de.sitestat.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        .autoscout24.112.2o7.net [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        www.etracker.de [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        .cunda.122.2o7.net [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        .invitemedia.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        .opodo.122.2o7.net [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        www.etracker.de [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        www.etracker.de [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        .germanwings.112.2o7.net [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        .e-2dj6wckiapcjobp.stats.esomniture.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        tracking.tchibo.de [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        .guj.122.2o7.net [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        .histats.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        .histats.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        .daimlerag.122.2o7.net [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        www.etracker.de [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        stat.onestat.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        stat.onestat.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        wstat.wibiya.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        www.etracker.de [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        www.etracker.de [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        www.etracker.de [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        .dailymotionpoc.112.2o7.net [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        de.sitestat.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        de.sitestat.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        www.etracker.de [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        stat.dealtime.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        .imrworldwide.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        .imrworldwide.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        .msnportal.112.2o7.net [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        .www.mobildiscounter.de [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        .mobildiscounter.de [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        .mobildiscounter.de [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        .mobildiscounter.de [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        .traffictrack.de [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        .traffictrack.de [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        .tto2.traffictrack.de [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        .avzstudivz.122.2o7.net [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        www.sexiest-woman-alive.de [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        www.sexiest-woman-alive.de [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        www.sexiest-woman-alive.de [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        .2o7.net [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        .2o7.net [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        .2o7.net [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        .2o7.net [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        .2o7.net [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        .accounts.google.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        www.etracker.de [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        www.etracker.de [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        .loyaltypartner.122.2o7.net [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        .accounts.google.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        .accounts.google.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        .accounts.google.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        accounts.google.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        .tracker.vinsight.de [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        .liveperson.net [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        server.lon.liveperson.net [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        statse.webtrendslive.com [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

        .deutschepostag.112.2o7.net [ C:\USERS\ISABELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBX3RBVP.DEFAULT\COOKIES.SQLITE ]

Sieht ok aus, da wurden nur Cookies gefunden.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

MyStart Incredibar ist leider immernoch da!!! =(

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Suche.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

Code:

# AdwCleaner v2.001 - Datei am 09/13/2012 um 22:25:47 erstellt

# Aktualisiert am 09/09/2012 von Xplode

# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)

# Benutzer : Isabelle - ISABELLE

# Bootmodus : Normal

# Ausgeführt unter : C:\Users\Isabelle\Desktop\adwcleaner.exe

# Option [Suche]
 
 

**** [Dienste] ****
 
 

***** [Dateien / Ordner] *****
 

Ordner Gefunden : C:\Users\Isabelle\AppData\Roaming\Mozilla\Firefox\Profiles\kbx3rbvp.default\extensions\staged
 

***** [Registrierungsdatenbank] *****
 
 

***** [Internet Browser] *****
 

-\\ Internet Explorer v9.0.8112.16421
 

[OK] Die Registrierungsdatenbank ist sauber.
 

-\\ Mozilla Firefox v15.0 (de)
 

Profilname : default 

Datei : C:\Users\Isabelle\AppData\Roaming\Mozilla\Firefox\Profiles\kbx3rbvp.default\prefs.js
 

Gefunden : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb178?a=6PQIjk7ZZx&loc=FF_NT");

Gefunden : user_pref("browser.startup.homepage", "hxxps://accounts.google.com/ServiceLogin?service=mail&passive[...]
 

Profilname : default 

Datei : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\k2hlluo9.default\prefs.js
 

[OK] Die Datei ist sauber.
 

*************************
 

AdwCleaner[R5].txt - [1217 octets] - [13/09/2012 22:25:47]
 

########## EOF - C:\AdwCleaner[R5].txt - [1277 octets] ##########

Ok, dann nochmal entfernen. Berichte ob dann endlich alles ok ist.

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Löschen.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Code:

# AdwCleaner v2.001 - Datei am 09/14/2012 um 15:11:45 erstellt

# Aktualisiert am 09/09/2012 von Xplode

# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)

# Benutzer : Isabelle - ISABELLE

# Bootmodus : Normal

# Ausgeführt unter : C:\Users\Isabelle\Desktop\adwcleaner.exe

# Option [Löschen]
 
 

**** [Dienste] ****
 
 

***** [Dateien / Ordner] *****
 
 

***** [Registrierungsdatenbank] *****
 
 

***** [Internet Browser] *****
 

-\\ Internet Explorer v9.0.8112.16421
 

Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Wiederhergestellt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Wiederhergestellt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
 

-\\ Mozilla Firefox v15.0 (de)
 

Profilname : default 

Datei : C:\Users\Isabelle\AppData\Roaming\Mozilla\Firefox\Profiles\kbx3rbvp.default\prefs.js
 

Gelöscht : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb178?a=6PQIjk7ZZx&loc=FF_NT");

Gelöscht : user_pref("browser.startup.homepage", "hxxps://accounts.google.com/ServiceLogin?service=mail&passive[...]
 

Profilname : default 

Datei : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\k2hlluo9.default\prefs.js
 

[OK] Die Datei ist sauber.
 

*************************
 

AdwCleaner[R5].txt - [1346 octets] - [13/09/2012 22:25:47]

AdwCleaner[S4].txt - [1516 octets] - [14/09/2012 15:11:45]
 

########## EOF - C:\AdwCleaner[S4].txt - [1576 octets] ##########

Ich habe mal ein bisschen mit TabMix Plus rum probiert. Wenn man ein neues Tab öffnet habe ich eingestellt das eine bestimmte Seite erscheint.
Diese wurder aber immer nach dem Neustart ersetzt durch MyStart Incredibar. Jetzt habe ich wieder die Einstellung "eine leere Seite öffnen" eingestellt. Selbst nach dem Neustart kommt jetzt nur ein leeres Tab. Ich habe nun mal TabMix Plus entfernt und promt erscheint beim Erstellen eines neuen Tabs MyStart Incredibar.
Ist also leider noch immer da =(

Aaaahh es ist weg =)
Habe Firefox nochmal deinstalliert und jetzt ist es weg =)

Vielen vielen vielen lieben Dank für die Hilfe!!!
War echt super nett :D

Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen:

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.

Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.

Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update

PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks => Adobe Flash Player Distribution | Adobe

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.

Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

Suuuuuper :taenzer:

Vielen Dank nochmal =) =) =) =)